It is basically Scapy with 200 lines of code to make it easier to start. That means tshark is alot better as a cli/DSL. Interactiveness is not what Scapy is good at, it is marvelous when you need to e.g. send events to other services based on custom packet event.

EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.

I don't understand your TUI thing... Can you pls clarify???

Writing "layout next" in GDB gives you a TUI: Text user interface, like midnight commander. There are so many good debuggers in graphical environments I just wondered if there were any better ones for text.

Edit: I really like this simple Scapy wrapper though! Works like a charm.

I just tried tshark, it outputs just raw packet info without any formatting. My code frmats the packets and gives more usefull insights only when prompted

termshark is a TUI for tshark. So termshark looks a lot like wireshark but in a terminal.

thark doesnt have automatic DOS detection nor MITM setup(beta)

Detecting "DOS" by putting the packets into a Python buffer seems... counterproductive.

... for the reasons the other guy said: https://news.ycombinator.com/item?id=41011627

DoS attacks attempt to overwhelm your system or your system's connection by sheer amount of packets. And here you are capturing those packets and keeping them in memory - this just makes your system fall over faster.