A cross-platform network monitoring tool built with Rust. RustNet provides real-time visibility into network connections with detailed state information, connection lifecycle management, deep packet inspection, and a terminal user interface.

• Real-time Network Monitoring: Monitor active TCP, UDP, ICMP, and ARP connections with detailed state information
• Connection States: Track TCP states (ESTABLISHED, SYN_SENT, TIME_WAIT), QUIC states (QUIC_INITIAL, QUIC_HANDSHAKE, QUIC_CONNECTED), DNS states, SSH states, and activity-based UDP states
• Deep Packet Inspection (DPI): Detect application protocols including HTTP, HTTPS/TLS with SNI, DNS, SSH with version detection, and QUIC with CONNECTION_CLOSE frame detection
• Smart Connection Lifecycle: Protocol-aware timeouts with visual staleness indicators (white → yellow → red) before cleanup
• Process Identification: Associate network connections with running processes
• Service Name Resolution: Identify well-known services using port numbers
• Cross-platform Support: Works on Linux, macOS, Windows and potentially BSD systems
• Advanced Filtering: Real-time vim/fzf-style filtering with keyword support (port:, src:, dst:, sni:, process:, state:)
• Terminal User Interface: Beautiful TUI built with ratatui with adjustable column widths
• Multi-threaded Processing: Concurrent packet processing for high performance
• Optional Logging: Detailed logging with configurable log levels (disabled by default)

cargo build --release --no-default-features

Ubuntu PPA (Recommended for Ubuntu 25.10+ users):

sudo add-apt-repository ppa:domcyrus/rustnet
sudo apt update && sudo apt install rustnet

Fedora COPR (Recommended for Fedora 42+ users):

sudo dnf copr enable domcyrus/rustnet
sudo dnf install rustnet

From crates.io:

cargo install rustnet-monitor

From release packages:

• Download pre-built packages for macOS, Windows, or Linux from GitHub Releases
• See INSTALL.md for detailed installation instructions for all platforms

From source:

git clone https://github.com/domcyrus/rustnet.git
cd rustnet
cargo build --release

Via Docker:

docker pull ghcr.io/domcyrus/rustnet:latest
docker run --rm -it --cap-add=NET_RAW --cap-add=BPF --cap-add=PERFMON --net=host \
  ghcr.io/domcyrus/rustnet:latest

Packet capture requires elevated privileges. See INSTALL.md for detailed permission setup.

Security Note (Linux): RustNet uses read-only packet capture without promiscuous mode, requiring only CAP_NET_RAW (not full root or CAP_NET_ADMIN). This follows the principle of least privilege for enhanced security.

# Quick start with sudo (all platforms)
sudo rustnet

# Linux: Grant minimal capabilities (recommended - no root required!)
# Read-only packet capture + eBPF process tracking
sudo setcap 'cap_net_raw,cap_bpf,cap_perfmon=eip' /path/to/rustnet
rustnet

# macOS: PKTAP requires root for process metadata
sudo rustnet  # or use 'lsof' fallback without sudo

Common options:

rustnet -i eth0              # Specify network interface
rustnet --show-localhost     # Show localhost connections
rustnet -r 500               # Set refresh interval (ms)
rustnet --no-dpi             # Disable deep packet inspection
rustnet -l debug             # Enable debug logging

See USAGE.md for complete command-line options and detailed usage guide.

See USAGE.md for detailed keyboard controls and navigation tips.

Quick filtering examples:

/google                        # Search for "google" anywhere
/port:443                      # Filter by port
/process:firefox               # Filter by process
/state:established             # Filter by connection state
/dport:443 sni:github.com      # Combine filters

Sorting:

• Press s to cycle through sortable columns (Protocol, Address, State, Service, Bandwidth, Process)
• Press S (Shift+s) to toggle sort direction
• Find bandwidth hogs: Press s until "Down↓/Up" appears

See USAGE.md for complete filtering syntax and sorting guide.

• INSTALL.md - Detailed installation instructions for all platforms, permission setup, and troubleshooting
• USAGE.md - Complete usage guide including command-line options, filtering, sorting, and logging
• ARCHITECTURE.md - Technical architecture, platform implementations, and performance details
• PROFILING.md - Performance profiling guide with flamegraph setup and optimization tips
• ROADMAP.md - Planned features and future improvements
• RELEASE.md - Release process for maintainers
• EBPF_BUILD.md - eBPF build instructions and requirements

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

See CONTRIBUTORS.md for a list of people who have contributed to this project.

This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.

• Built with ratatui for the terminal UI
• Packet capture powered by libpcap
• Inspired by tools like tshark/wireshark/tcpdump, sniffnet, netstat, ss, and iftop
• Some code is vibe coded (OMG) / may the LLM gods be with you

Some sections have been moved to dedicated files for better organization:

• Permissions Setup: Now in INSTALL.md - Permissions Setup
• Installation Instructions: Now in INSTALL.md
• Detailed Usage: Now in USAGE.md
• Architecture Details: Now in ARCHITECTURE.md