rustnet

RustNet provides terminal‑based, real‑time visibility of every network connection on a host, attributing each TCP, UDP, and QUIC flow to the owning process. It gathers packet data through eBPF on Linux, PKTAP on macOS, and native APIs on Windows and FreeBSD, then performs deep packet inspection to identify protocols such as HTTP, HTTPS/TLS (with SNI), DNS, SSH, QUIC, NTP, mDNS, DHCP, SNMP, SSDP, and NetBIOS without external dissectors. The tool also offers TCP analytics, protocol‑aware timeouts, and a Vim/fzf‑style filtering language, plus optional GeoIP enrichment from a local MaxMind database.

The primary audience is developers, system administrators, and security engineers who need to understand which applications are generating network traffic and what those communications contain, especially when working over SSH or without X11 forwarding. RustNet’s sandboxing mechanisms—Landlock on Linux, Seatbelt on macOS, and privilege‑dropping on Windows—limit its own permissions after initializing libpcap, enhancing security for on‑host monitoring.

Distinctive aspects include per‑process attribution that traditional tools like netstat or Wireshark lack, a TUI that works directly in a terminal, and the ability to export pcap files with process metadata for later forensic analysis. The project is stable, cross‑platform, and built with Rust libraries such as ratatui