---
Some UX bits I noticed after playing around for a few minutes:
- Esc for backwards navigation was not obvious for me. Maybe emphasize that somehow, and/or support Backspace too for backnav?
- Enter on Domains menu item does not work
- don't mention clicking if mouse is not supported. "Select" would be more appropriate
- packets screen is truncated vertically and horizontally. Probably should be scrollable
- "weird stuff" options are numbered 1-5, but pressing those keys has no effect. There's lots of little polish fixes like this.
---
And then things I wonder about as a novice user:
- Is it possible to see domain names instead of IP addresses while e.g. looking at packets?
- What does it mean to f stream?
- How do I inspect packets? Especially compressed or encrypted data? This is more a knowledge gap, like "what am I supposed to look for", "what could be in a packet", and I guess involves reverse engineering sometimes, but it's also a tooling question.
what the kids in my classes really struggle with is actually using any command line stuff (at least for a month or two), because it is so foreign to them (coming from GUI-only experience).
what specific parts are made easier with babyshark, compared to wireshark? the github readme didnt really sell me on the "easier than GUI" part, nor did your description here. is it the "explain (plan-English hints)" part? if so, i think you should focus on that. right now it looks pretty bare bones (e.g. "Weird stuff" does not seem easier or super helpful from a learning perspective)
Looking over the commit history of this project, I'm about 90% sure it was entirely done with a AI Coding Agent, and not even a very good one.
As an aside, I was thinking about something similar to this tool for a while now after seeing this post (https://news.ycombinator.com/item?id=46723990) where someone was using Claude to troubleshoot a PCAP. It made me think that it would be nice just to have a nice collection of tshark one-liners to quickly weed out any weird stuff right off the bat. I would assume that it would be a lot more performant than using a LLM and more scalable if you have large PCAP files.