I am in the target audience of "would like to see network activity and debug occasional traffic but totally overwhelmed by termshark." So I appreciate the "what should I click?" thing, and offering weird flows to investigate.

---

Some UX bits I noticed after playing around for a few minutes:

- Esc for backwards navigation was not obvious for me. Maybe emphasize that somehow, and/or support Backspace too for backnav?

- Enter on Domains menu item does not work

- don't mention clicking if mouse is not supported. "Select" would be more appropriate

- packets screen is truncated vertically and horizontally. Probably should be scrollable

- "weird stuff" options are numbered 1-5, but pressing those keys has no effect. There's lots of little polish fixes like this.

---

And then things I wonder about as a novice user:

- Is it possible to see domain names instead of IP addresses while e.g. looking at packets?

- What does it mean to f stream?

- How do I inspect packets? Especially compressed or encrypted data? This is more a knowledge gap, like "what am I supposed to look for", "what could be in a packet", and I guess involves reverse engineering sometimes, but it's also a tooling question.

the overwhelming part of wireshark is, at least in my experience teaching networking at a college level, the actual networking part. protocols, flows, packet structure, etc. kids tend to be up to speed on the UI part pretty quickly.

what the kids in my classes really struggle with is actually using any command line stuff (at least for a month or two), because it is so foreign to them (coming from GUI-only experience).

what specific parts are made easier with babyshark, compared to wireshark? the github readme didnt really sell me on the "easier than GUI" part, nor did your description here. is it the "explain (plan-English hints)" part? if so, i think you should focus on that. right now it looks pretty bare bones (e.g. "Weird stuff" does not seem easier or super helpful from a learning perspective)

This might be a clone of termshark as it does the same thing for the most part. Also to note that the Author's Github profile shows a good bit of vibe coding as of late.

Looking over the commit history of this project, I'm about 90% sure it was entirely done with a AI Coding Agent, and not even a very good one.

Regardless of the result of the TUI - I'd try this out just because you found the perfect name. Well done!

WHILE DO; DO; DO; DO; DO; DO

Great idea, would it be possible to make it possible to add my own custom tshark one liners under weird stuff? For example, sometimes I find myself troubleshooting TCP retransmission issues that is specific to proprietary applications and that may not be relevant everyone else to have by default.

As an aside, I was thinking about something similar to this tool for a while now after seeing this post (https://smackernews.com/item/46723990 HN) where someone was using Claude to troubleshoot a PCAP. It made me think that it would be nice just to have a nice collection of tshark one-liners to quickly weed out any weird stuff right off the bat. I would assume that it would be a lot more performant than using a LLM and more scalable if you have large PCAP files.

Love the idea, but please add some demo screenshots on GitHub. All UI tools should

As a parent and a former network engineer, I both love you and hate you for choosing this name.

What's funny is that wireshark/tshark were created (first as "Ethereal") as a "friendlier" tcpdump, with more protocol analyzers.

Very cool, reminds me of sngrep, which I really like for analyzing SIP pcaps

I know that his has been done at least partially with an LLM because of the wording in the TUI.

How does it compare against tshark?

Sometimes projects are created and then named, this was named and then created.