Not quite what you asked for but I recently found https://github.com/gcla/termshark -- it seems to be like wireshark but for a terminal window. Like tcpdump it has the -D option that will return a list of interfaces. If you are handy with go programming, you may wish to consider enhancing it to listen to multiple interfaces. It is under 1400 lines of code. May be you can use one goroutine per interface and then each can feed packets to the display goroutine over a go channel. [I haven't actually dug into the code, but this is how I would go about it -- but first check that libpcap is reentrant]
> On Aug 1, 2023, at 11:21 AM, Zane C B-H <v.ve...@vvelox.net> wrote: > > So what is a good way to get all packets passing through that the kernel > currently sees? Apparently any is not support on non-Linux systems and pflog > would require adding log to all rules. Similarly only logs packets that match > a rule. >
