top | item 45303439

Show HN: RustNet, a network monitoring TUI with process identification

5 points| hubabuba44 | 5 months ago |github.com

Hi HN! I built RustNet, a Terminal UI based network monitor written in Rust that shows real-time connections with process identification and protocol detection.

What may make it interesting:

• Deep packet inspection for HTTP, HTTPS/TLS (with SNI), DNS, and QUIC protocol detection

• Process identification using eBPF on Linux (experimental) and PKTAP on macOS which does also catch short-lived processes that polling procfs or lsof would miss

• Multi-threaded packet processing with lock-free data structures for the UI

• Cross-platform (Linux, macOS, Windows but process identification so far only on Linux/macOS)

The eBPF implementation was a bit more tricky to implement than using PKTAP, but it was very interesting to learn about how to hook into tcp_connect, udp_sendmsg, etc. in order to catch process info before connections disappear.

I built this as a lightweight Wireshark alternative for quick TUI based network inspection with process identification.

Install: cargo build --release, run with sudo or set capabilities. Homebrew tap also available.

Would love feedback on the project and any ideas for additional protocol detection or any other suggestions. Thanks

2 comments

era37|5 months ago

Amazing project; I love the ambition and the TUI is gorgeous. Very neat! Mind if I ask; does the project have some analytics functions for logging network data? Thanks!

hubabuba44|5 months ago

Thank you very much!

There is no analytics function yet, but if you'd like, please open an issue or PR, I would very much appreciate that.