It is basically Scapy with 200 lines of code to make it easier to start. That means tshark is alot better as a cli/DSL. Interactiveness is not what Scapy is good at, it is marvelous when you need to e.g. send events to other services based on custom packet event.
EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.
Writing "layout next" in GDB gives you a TUI: Text user interface, like midnight commander. There are so many good debuggers in graphical environments I just wondered if there were any better ones for text.
Edit: I really like this simple Scapy wrapper though! Works like a charm.
EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.