(no title)

There's a layer above that, when CLI and bash and sed and tshark are becoming too hairy or slow, and it's 'just' parsing the pcap frames in your language of productivity. Over the years I've built layer over layer of optimized Java code to parse and analyze pcap/pcapng files with either visitor patterns or active iterations (and multi-pass analyses through indexation, or just interfacing with duckdb for months-long-capture analysis to surface low signal-to-noise-ratio events). It builds a good understanding of all the layers and brings the power of a full-featured workbench (language, IDE, libraries, visualization options...).

Built it in Java, and rebuilt it in Ada, and Rust. I find it's a good exercise to learn about a programming language... bonus point, once I have a parser, plugging it live behind libpcap, dpdk, xdp, or just raw sockets is easy.

>CLI is so valuable because [...]

indeed! command line is great.

however, ~99.8% of 18 year old students have never used any command line tool in their lives. they do not know what grep is. they can navigate a gui because they have used a gui all of their life.

when im teaching networking for example, using a gui means i only need to teach one thing (networking), where if i use a cli i have to teach two things (cli + networking)

>I think if you really know what you're dealing with the CLI is better almost every time

to be clear, i was not making an argument that gui is better in general.

i am speaking as someone who teaches introductory networking courses at a 1st-year college level. no one i teach "really knows" what they are dealing with because it is the first time they are learning about it.