Comment by eigen-vector

This isn't meant as a replacement for tshark. It actually uses tshark for the live capture part.

tshark is the engine; Babyshark is the guided Ul on top of it. • tshark: raw packet/field dump + powerful filters, but you have to know what fields to ask for and how to stitch the story together. • Babyshark: gives you an opinionated workflow (Overview → Domains/Weird → Flows → Packets/ Stream) with "explain/why it matters" text, curated detectors, and one-key drilldowns.

For live capture, Babyshark uses tshark -T fields to extract things like DNS qname / TLS SNI / HTTP host; for offline PCAP it parses enough to build flows + summaries.

So: if you already live in tshark one-liners, tshark is faster. If you're trying to understand what's happening or teach/debug quickly, Babyshark is a nicer front-end.