A macOS application that uses tshark (Wireshark's command-line utility) to capture and process network packets, outputting the data in JSON format.

• Captures network packets using tshark
• Processes packet data including:
  • Frame number
  • Timestamp
  • Source IP address and port
  • Destination IP address and port
  • Protocol
  • Packet information
• Outputs packet data in JSON format
• Supports both IPv4 and IPv6 addresses
• Supports both TCP and UDP ports

{ "frame_number": 5, "timestamp": "Feb 7, 2025 16:03:58.419297000 CST", "src_ip": "192.168.1.6", "src_port": 55674, "dst_ip": "223.86.122.185", "dst_port": 443, "protocol": "TCP", "info": "55674 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=729166928 TSecr=0 SACK_PERM" }

• macOS operating system
• Wireshark installed (for tshark)
• RapidJSON library (included in third_library directory)
• C++14 compatible compiler
• CMake 3.31 or higher

1. Install Wireshark for macOS
2. Clone this repository
3. Make sure the RapidJSON library is in the third_library directory
4. Update the pcap file path in main.cpp:

   std::string packet_file = "~/capture.pcap"; // Update this path to your actual pcap file location

mkdir -p build cd build cmake .. make

./MacTsharkServer

• Added port information to the packet structure
• Updated JSON output to include source and destination ports
• Improved tshark command to extract port information
• Added support for both IPv4 and IPv6 addresses
• Added support for both TCP and UDP ports
• Changed from basic JSON Writer to PrettyWriter for better readability