[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-3468":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":14,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":28,"discoverSource":29},3468,"pktz","immanuwell\u002Fpktz","immanuwell","pktz — eBPF-powered network traffic monitor — per process, per connection, live","",null,"Go",155,12,3,0,2,29,6,3.34,"MIT License",false,"main",true,[],"2026-06-12 02:00:50","\u003Cp align=\"center\">packet-z\u003C\u002Fp>\n\n![](media\u002Fscreenshot-1.png)\n\n![](media\u002Fscreenshot-2.png)\n\n![](media\u002Fscreenshot-3.png)\n\n# pktz\n\nYour machine is talking to things right now. A lot of things. `pktz` tells you exactly who, how much, and to where — in real time.\n\nBuilt on eBPF, so it hooks straight into the kernel. No polling `\u002Fproc`. No sampling. Every byte, every process, no excuses.\n\n---\n\n## Install\n\n**Download a pre-built binary** (no Go required):\n\n```bash\n# replace with your arch: amd64, arm64, armv7\ncurl -Lo pktz https:\u002F\u002Fgithub.com\u002Fimmanuwell\u002Fpktz\u002Freleases\u002Flatest\u002Fdownload\u002Fpktz-linux-amd64\nchmod +x pktz && sudo mv pktz \u002Fusr\u002Flocal\u002Fbin\u002F\n```\n\n**Or with Go** (fetches + compiles in one shot):\n\n```bash\ngo install github.com\u002Fimmanuwell\u002Fpktz@latest\n```\n\nThe eBPF objects are pre-compiled and bundled in the module, so no `clang` or `bpftool` needed.\n\n**Or build from source** (if you want to hack on it):\n\n```bash\n# requires: clang, libbpf-dev, bpftool, Go 1.22+, Linux kernel 5.8+\nmake install   # builds + copies to \u002Fusr\u002Flocal\u002Fbin\n```\n\n## Usage\n\n```bash\nsudo pktz\n```\n\nNeeds root to load eBPF programs and read `\u002Fproc\u002F\u003Cpid>\u002Ffd\u002F` for all processes — same deal as `sudo iotop`, `sudo tcpdump`, etc.\n\nIf you really hate typing sudo, you can grant capabilities once:\n\n```bash\nsudo setcap cap_bpf,cap_perfmon,cap_dac_read_search+ep $(which pktz)\npktz  # no sudo needed\n```\n\nFair warning though: in this mode pktz will see fewer processes than with sudo — it won't be able to inspect fd dirs of processes owned by root or other users, so their connections won't show up in the detail view. For full visibility, sudo is the way.\n\n---\n\n## What you actually get\n\n**Process list** — every process doing network I\u002FO, with live RX\u002FTX rates and totals. Sorted by name by default, but you can sort by anything.\n\n**Connection drill-down** — hit `Enter` on any process. See every single open connection, its state, rates, remote address. Hit `Esc` to go back.\n\n**Live graph** — 5-minute RX\u002FTX history chart, auto-follows whatever process your cursor is on. Rendered in Unicode block chars, looks goated in a dark terminal.\n\n**GeoIP flags + ASN** — 🇺🇸 CLOUDFLARE, 🇩🇪 HETZNER, 🇷🇺 ???. Optional, see below.\n\n**DNS resolution** — remote addresses show real hostnames instead of raw IPs. You can toggle it off if you want the raw view.\n\n---\n\n## Keybindings\n\n| Key | Action |\n|-----|--------|\n| `↑` `↓` or `j` `k` | navigate |\n| `Enter` | open connection detail |\n| `Esc` \u002F `Backspace` | back to process list |\n| `s` | cycle sort column |\n| `\u002F` | filter processes by name |\n| `r` | toggle hostname resolution |\n| `v` | toggle compact IPv6 |\n| `g` | toggle GeoIP flags |\n| `m` | toggle mouse |\n| `q` | quit |\n\nClick column headers to sort. Click again to flip direction. Yes, mouse works out of the box.\n\n---\n\n## GeoIP (optional but lowkey essential)\n\n```bash\nsudo pktz --download-geoip-db\n```\n\nDownloads from DB-IP.com. No account, no license key, nothing. CC BY 4.0. Once downloaded, press `g` to toggle country flags and ASN names in the connection detail view.\n\nIncredibly useful when you're staring at some IP and wondering why your laptop is making friends in unexpected places.\n\n---\n\n## Focus on a specific process\n\nSkip the process list and jump straight to what you care about:\n\n```bash\n# by PID — opens connection detail view directly\nsudo pktz --pid 1234\n\n# by name — filters the list to matching processes\nsudo pktz --app firefox\nsudo pktz --app \u002Fusr\u002Fbin\u002Fgoogle-chrome   # path works too, basename is extracted\n```\n\n`--app` does a case-insensitive substring match against the process name, so `--app chrom` catches both `chrome` and `chromium`. The footer shows `app:firefox` as a reminder that a filter is active. You can still use `\u002F` on top of it to narrow down further.\n\nBoth flags work with `--log` and `--metrics` too.\n\n---\n\n## Log mode — pipe it anywhere\n\n```bash\nsudo pktz --log | jq .\n```\n\nSkips the TUI entirely and emits NDJSON to stdout every 500ms. Every line is either a `\"process\"` record or a `\"conn\"` record, both with a `ts` timestamp.\n\n```bash\n# top bandwidth hogs right now\nsudo pktz --log | jq -r 'select(.type==\"process\") | \"\\(.comm) rx=\\(.rx_bps|.\u002F1024|floor)KB\u002Fs\"'\n\n# watch a specific process\nsudo pktz --log | grep '\"comm\":\"firefox\"'\n\n# alert when something crosses a threshold\nsudo pktz --log | jq --unbuffered 'select(.type==\"process\" and .rx_bps > 10000000)' | notify\n```\n\nPlays well with anything that reads stdin. Set and forget.\n\n---\n\n## Prometheus metrics endpoint\n\n```bash\nsudo pktz --metrics :9090\n```\n\nStarts an HTTP server at `\u002Fmetrics` alongside the TUI. Prometheus can scrape it immediately. Exposes per-process gauges and counters:\n\n| Metric | Type | Description |\n|--------|------|-------------|\n| `pktz_process_rx_bytes_per_second` | gauge | Current RX rate |\n| `pktz_process_tx_bytes_per_second` | gauge | Current TX rate |\n| `pktz_process_rx_bytes_total` | counter | Total bytes received |\n| `pktz_process_tx_bytes_total` | counter | Total bytes transmitted |\n| `pktz_process_connections` | gauge | Open connection count |\n\nAll metrics are labeled with `pid` and `comm` (process name).\n\nWorks with any combination of flags. Headless\u002Fdaemon use case:\n\n```bash\n# no TUI, just metrics — pipe log to \u002Fdev\u002Fnull\nsudo pktz --metrics :9090 --log > \u002Fdev\u002Fnull\n\n# only expose metrics for one app\nsudo pktz --metrics :9090 --app firefox\n```\n\nPrometheus scrape config:\n\n```yaml\nscrape_configs:\n  - job_name: pktz\n    static_configs:\n      - targets: ['localhost:9090']\n```\n\n---\n\n## Demo mode — safe for screen sharing\n\nPresenting to an audience and don't want your actual IPs on screen?\n\n```bash\nsudo pktz --demo\n```\n\nEvery IP and hostname gets replaced with a convincing-looking but totally fake one. Stable within the session — same real IP always maps to the same fake — so the display still makes sense.\n\nWant to make it really pop for a talk or a screenshot:\n\n```bash\nsudo pktz --fake-processes=chrome,spotify,zoom\n```\n\nInjects synthetic processes with animated traffic curves. Implies `--demo`. Looks completely real, is completely fake. ngl it's kind of fun to watch.\n\n---\n\nThat's it. Run it, spend 30 seconds poking around, you'll figure out the rest.\n","pktz 是一个基于 eBPF 的网络流量监控工具，能够实时显示每个进程和每个连接的详细信息。它直接在内核层面工作，无需轮询 `\u002Fproc` 文件系统或采样，确保了数据的准确性和实时性。核心功能包括按进程列出所有进行网络 I\u002FO 的活动，展示每秒接收和发送的数据量，并支持对单个连接的深入分析。此外，还提供了5分钟内的流量历史图表、GeoIP 识别以及 DNS 解析等功能。适合需要深入了解系统网络活动的运维人员和开发者使用，特别是在排查网络问题或优化性能时。","2026-06-11 02:54:37","CREATED_QUERY"]