[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-70521":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":9,"totalLinesOfCode":9,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":9,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":42,"readmeContent":43,"aiSummary":44,"trendingCount":16,"starSnapshotCount":16,"syncStatus":45,"lastSyncTime":46,"discoverSource":47},70521,"rustnet","domcyrus\u002Frustnet","domcyrus","Per-process network monitoring for your terminal with deep packet inspection. Cross-platform, sandboxed.",null,"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet","Rust",4358,200,22,13,0,105,218,510,315,105.91,false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41],"ebpf","freebsd","geoip","landlock","linux","network-monitoring","packet-capture","rust","seatbelt","tui","windows","cli","dpi","macos","process-monitoring","ratatui","netstat-alternative","2026-06-12 04:00:55","\u003Cp align=\"center\">\n  \u003Ch1 align=\"center\">RustNet\u003C\u002Fh1>\n  \u003Cp align=\"center\">\n    \u003Cstrong>Per-process network monitoring for your terminal: live TCP, UDP, and QUIC connections with deep packet inspection, sandboxed by default.\u003C\u002Fstrong>\n  \u003C\u002Fp>\n  \u003Cp align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Fratatui.rs\u002F\">\u003Cimg src=\"https:\u002F\u002Fratatui.rs\u002Fbuilt-with-ratatui\u002Fbadge.svg\" alt=\"Built With Ratatui\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet\u002Factions\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet\u002Fworkflows\u002FRust\u002Fbadge.svg\" alt=\"Build Status\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fcrates.io\u002Fcrates\u002Frustnet-monitor\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fcrates\u002Fv\u002Frustnet-monitor.svg\" alt=\"Crates.io\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet\u002Fstargazers\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdomcyrus\u002Frustnet?style=flat&logo=github\" alt=\"GitHub Stars\">\u003C\u002Fa>\n    \u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache--2.0-blue.svg\" alt=\"License\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet\u002Freleases\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fdomcyrus\u002Frustnet.svg\" alt=\"GitHub release\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet\u002Fpkgs\u002Fcontainer\u002Frustnet\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fdocker-ghcr.io-blue?logo=docker\" alt=\"Docker Image\">\u003C\u002Fa>\n  \u003C\u002Fp>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cstrong>English\u003C\u002Fstrong> | \u003Ca href=\"README.zh-CN.md\">简体中文\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Frustnet.gif\" alt=\"RustNet demo\" width=\"800\">\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cem>Real-time visibility into every connection your machine makes, who owns it, and what protocol it's speaking. No tcpdump, X11 forwarding, or root piping.\u003C\u002Fem>\n\u003C\u002Fp>\n\n## Features\n\n- **Per-process attribution**: Every TCP, UDP, and QUIC connection mapped to its owning process, via eBPF on Linux, PKTAP on macOS, native APIs on Windows and FreeBSD. Wireshark and tcpdump can't do this; `netstat` \u002F `ss` can't show live state.\n- **Deep packet inspection**: Identify HTTP, HTTPS\u002FTLS with SNI, DNS, SSH, FTP, QUIC, MQTT, BitTorrent, STUN, NTP, mDNS, LLMNR, DHCP, SNMP, SSDP, and NetBIOS, without external dissectors.\n- **Security sandboxing**: Landlock (Linux 5.13+), Seatbelt (macOS), token privilege drop + job-object child-process block (Windows). Drops privileges immediately after libpcap initializes. See [SECURITY.md](SECURITY.md).\n- **TCP network analytics**: Real-time retransmissions, out-of-order packets, and fast-retransmit detection, per-connection and aggregate.\n- **Smart connection lifecycle**: Protocol-aware timeouts with white → yellow → red staleness indicators. Toggle `t` to keep historic (closed) connections visible for forensics.\n- **Vim\u002Ffzf-style filtering**: `port:`, `src:`, `dst:`, `sni:`, `process:`, `state:`, `proto:`, plus regex via `\u002F(?i)pattern\u002F`.\n- **GeoIP enrichment**: Country lookups via local MaxMind GeoLite2. No network calls.\n- **Cross-platform**: Linux, macOS, Windows, FreeBSD.\n\n## Why RustNet?\n\nRustNet fills the gap between simple connection tools (`netstat`, `ss`) and packet analyzers (`Wireshark`, `tcpdump`):\n\n- **Process attribution**: See which application owns each connection. Wireshark cannot provide this because it only sees packets, not sockets.\n- **Connection-centric view**: Track states, bandwidth, and protocols per connection in real-time\n- **SSH-friendly**: TUI works over SSH so you can quickly see what's happening on a remote server without forwarding X11 or capturing traffic\n\nRustNet complements packet capture tools. Use RustNet to see *what's making connections*. For deep forensic analysis, use `--pcap-export` to capture packets with process attribution, then enrich with `scripts\u002Fpcap_enrich.py` and analyze in Wireshark with full PID\u002Fprocess context. See [PCAP Export](USAGE.md#pcap-export) and [Comparison with Similar Tools](ARCHITECTURE.md#comparison-with-similar-tools) for details.\n\nBuilt on ratatui, libpcap, eBPF (libbpf-rs), DashMap, crossbeam, ring, MaxMind GeoLite2, and Landlock. See [ARCHITECTURE.md](ARCHITECTURE.md#dependencies) for the full dependency breakdown.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>eBPF Enhanced Process Identification (Linux Default)\u003C\u002Fb>\u003C\u002Fsummary>\n\nRustNet uses kernel eBPF programs by default on Linux for enhanced performance and lower overhead process identification. However, this comes with important limitations:\n\n**Process Name Limitations:**\n- eBPF uses the kernel's `comm` field, which is limited to 16 characters\n- Shows the task\u002Fthread command name, not the full executable path\n- Multi-threaded applications often show thread names instead of the main process name\n\n**Real-world Examples:**\n- **Firefox**: May appear as \"Socket Thread\", \"Web Content\", \"Isolated Web Co\", or \"MainThread\"\n- **Chrome**: May appear as \"ThreadPoolForeg\", \"Chrome_IOThread\", \"BrokerProcess\", or \"SandboxHelper\"\n- **Electron apps**: Often show as \"electron\", \"node\", or internal thread names\n- **System processes**: Show truncated names like \"systemd-resolve\" → \"systemd-resolve\"\n\n**Fallback Behavior:**\n- When eBPF fails to load or lacks sufficient permissions, RustNet automatically falls back to standard procfs-based process identification\n- Standard mode provides full process names but with higher CPU overhead\n- eBPF is enabled by default; no special build flags needed\n\nTo disable eBPF and use procfs-only mode, build with:\n```bash\ncargo build --release --no-default-features\n```\n\nSee [ARCHITECTURE.md](ARCHITECTURE.md) for technical information.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Interface Statistics Monitoring\u003C\u002Fb>\u003C\u002Fsummary>\n\nRustNet provides real-time network interface statistics across all supported platforms:\n\n- **Overview Tab**: Shows active interfaces with current rates, errors, and drops\n- **Interfaces Tab** (press `i`): Detailed table with comprehensive metrics for all interfaces\n- **Cross-Platform**: Linux (sysfs), macOS\u002FFreeBSD (getifaddrs), Windows (GetIfTable2 API)\n- **Smart Filtering**: Windows automatically excludes virtual\u002Ffilter adapters\n\nSee [USAGE.md](USAGE.md#interface-statistics) for detailed documentation on interpreting interface statistics and platform-specific behavior.\n\n**Metrics Available:**\n- Total bytes and packets (RX\u002FTX)\n- Error counters (receive and transmit)\n- Packet drops (queue overflows)\n- Collisions (legacy, rarely used on modern networks)\n\nStats are collected every 2 seconds in a background thread with minimal performance impact.\n\n\u003C\u002Fdetails>\n\n## Screenshots\n\n\u003Ctable>\n  \u003Ctr>\n    \u003Ctd align=\"center\">\u003Cstrong>Overview\u003C\u002Fstrong>\u003Cbr>Connections table with live stats and sparklines\u003Cbr>\u003Cimg src=\".\u002Fassets\u002Fscreenshots\u002Foverview.png\" width=\"400\">\u003C\u002Ftd>\n    \u003Ctd align=\"center\">\u003Cstrong>Details\u003C\u002Fstrong>\u003Cbr>Per-connection SNI, cipher, GeoIP, DPI\u003Cbr>\u003Cimg src=\".\u002Fassets\u002Fscreenshots\u002Fdetails.png\" width=\"400\">\u003C\u002Ftd>\n  \u003C\u002Ftr>\n  \u003Ctr>\n    \u003Ctd align=\"center\">\u003Cstrong>Graph\u003C\u002Fstrong>\u003Cbr>Traffic chart, app distribution, top processes\u003Cbr>\u003Cimg src=\".\u002Fassets\u002Fscreenshots\u002Fgraph.png\" width=\"400\">\u003C\u002Ftd>\n    \u003Ctd align=\"center\">\u003Cstrong>Interfaces\u003C\u002Fstrong>\u003Cbr>Per-interface RX\u002FTX history with errors and drops\u003Cbr>\u003Cimg src=\".\u002Fassets\u002Fscreenshots\u002Finterfaces.png\" width=\"400\">\u003C\u002Ftd>\n  \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n## Quick Start\n\n### Installation\n\n**Homebrew (macOS \u002F Linux):**\n```bash\nbrew tap domcyrus\u002Frustnet\nbrew install rustnet\n```\n\n**Ubuntu (25.10+):**\n```bash\nsudo add-apt-repository ppa:domcyrus\u002Frustnet\nsudo apt update && sudo apt install rustnet\n```\n\n**Fedora (42+):**\n```bash\nsudo dnf copr enable domcyrus\u002Frustnet\nsudo dnf install rustnet\n```\n\n**Arch Linux:**\n```bash\nsudo pacman -S rustnet\n```\n\n**From crates.io:**\n```bash\ncargo install rustnet-monitor\n```\n\n**Windows (Chocolatey):**\n```powershell\n# Run in Administrator PowerShell\n# Requires Npcap (https:\u002F\u002Fnpcap.com) installed with \"WinPcap API-compatible Mode\" enabled\nchoco install rustnet\n```\n\n**Other platforms:**\n- **FreeBSD**: Download from [rustnet-bsd releases](https:\u002F\u002Fgithub.com\u002Fdomcyrus\u002Frustnet-bsd\u002Freleases)\n- **Docker, source builds, other Linux distros**: See [INSTALL.md](INSTALL.md) for detailed instructions\n\n### Running RustNet\n\nPacket capture requires elevated privileges:\n\n```bash\n# Quick start (all platforms)\nsudo rustnet\n\n# Linux: Grant capabilities to run without sudo (recommended)\nsudo setcap 'cap_net_raw,cap_bpf,cap_perfmon+eip' $(which rustnet)\nrustnet\n```\n\n**Common options:**\n```bash\nrustnet -i eth0              # Specify network interface\nrustnet --show-localhost     # Show localhost connections\nrustnet --no-resolve-dns     # Disable reverse DNS lookups (enabled by default)\nrustnet -r 500               # Set refresh interval (ms)\n```\n\nSee [INSTALL.md](INSTALL.md) for detailed permission setup and [USAGE.md](USAGE.md) for complete options.\n\n> If you set capabilities but the TUI still shows `eBPF unavailable`, see\n> [eBPF Unavailable Despite Capabilities Being Set](INSTALL.md#ebpf-unavailable-despite-capabilities-being-set)\n> in the troubleshooting section.\n\n## Keyboard Controls\n\n| Key | Action |\n|-----|--------|\n| `q` | Quit (press twice to confirm) |\n| `Ctrl+C` | Quit immediately |\n| `x` | Clear all connections (press twice to confirm) |\n| `Tab` | Switch between tabs |\n| `i` | Toggle interface statistics view |\n| `↑\u002Fk` `↓\u002Fj` | Navigate up\u002Fdown |\n| `g` `G` | Jump to first\u002Flast connection |\n| `Enter` | View connection details |\n| `Esc` | Go back or clear filter |\n| `c` | Copy remote address |\n| `p` | Toggle service names\u002Fports |\n| `d` | Toggle hostnames\u002FIPs |\n| `s` `S` | Cycle sort columns \u002F toggle direction |\n| `a` | Toggle process grouping |\n| `Space` | Expand\u002Fcollapse process group |\n| `←\u002F→` or `h\u002Fl` | Collapse\u002Fexpand group |\n| `PageUp\u002FPageDown` or `Ctrl+B\u002FF` | Page navigation |\n| `t` | Toggle historic (closed) connections |\n| `r` | Reset view (grouping, sort, filter) |\n| `\u002F` | Enter filter mode |\n| `h` | Toggle help |\n\nSee [USAGE.md](USAGE.md) for detailed keyboard controls and navigation tips.\n\n## Filtering & Sorting\n\n**Quick filtering examples:**\n```\n\u002Fgoogle                        # Search for \"google\" anywhere\n\u002Fport:443                      # Filter by port\n\u002Fprocess:firefox               # Filter by process\n\u002Fstate:established             # Filter by connection state\n\u002Fdport:443 sni:github.com      # Combine filters\n```\n\n**Sorting:**\n- Press `s` to cycle through sortable columns (Protocol, Address, State, Service, Bandwidth, Process)\n- Press `S` (Shift+s) to toggle sort direction\n- Find bandwidth hogs: Press `s` until \"Down\u002FUp ↓\" appears (sorts by combined up+down speed)\n\nSee [USAGE.md](USAGE.md) for complete filtering syntax and sorting guide.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Advanced Filtering Examples\u003C\u002Fb>\u003C\u002Fsummary>\n\n**Keyword filters:**\n- `port:44` - Ports containing \"44\" (443, 8080, 4433)\n- `sport:80` - Source ports containing \"80\"\n- `dport:443` - Destination ports containing \"443\"\n- `src:192.168` - Source IPs containing \"192.168\"\n- `dst:github.com` - Destinations containing \"github.com\"\n- `process:ssh` - Process names containing \"ssh\"\n- `sni:api` - SNI hostnames containing \"api\"\n- `app:openssh` - SSH connections using OpenSSH\n- `state:established` - Filter by protocol state\n- `proto:tcp` - Filter by protocol type\n\n**State filtering:**\n- `state:syn_recv` - Half-open connections (SYN flood detection)\n- `state:established` - Established connections only\n- `state:quic_connected` - Active QUIC connections\n- `state:dns_query` - DNS query connections\n\n**Combined examples:**\n- `sport:80 process:nginx` - Nginx connections from port 80\n- `dport:443 sni:google.com` - HTTPS to Google\n- `process:firefox state:quic_connected` - Firefox QUIC connections\n- `dport:22 app:openssh state:established` - Established OpenSSH connections\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Connection Lifecycle & Visual Indicators\u003C\u002Fb>\u003C\u002Fsummary>\n\nRustNet uses smart timeouts and visual warnings before removing connections:\n\n**Visual staleness indicators:**\n- **White**: Active (\u003C 75% of timeout)\n- **Yellow**: Stale (75-90% of timeout)\n- **Red**: Critical (> 90% of timeout)\n\n**Protocol-aware timeouts:**\n- **HTTP\u002FHTTPS**: 10 minutes (supports keep-alive)\n- **SSH**: 30 minutes (long sessions)\n- **TCP active**: 10 minutes, idle: 5 minutes\n- **QUIC connected**: 3 minutes (or peer's transport-param idle timeout, when present); `Initial`\u002F`Handshaking`: 60 seconds\n- **DNS**: 30 seconds\n- **TCP CLOSED**: 5 seconds\n\nExample: An HTTP connection turns yellow at 7.5 min, red at 9 min, and is removed at 10 min.\n\nSee [USAGE.md](USAGE.md) for complete timeout details.\n\n\u003C\u002Fdetails>\n\n## Documentation\n\n- **[INSTALL.md](INSTALL.md)** - Detailed installation instructions for all platforms, permission setup, and troubleshooting\n- **[USAGE.md](USAGE.md)** - Complete usage guide including command-line options, filtering, sorting, and logging\n- **[SECURITY.md](SECURITY.md)** - Security features including Landlock sandboxing and privilege management\n- **[ARCHITECTURE.md](ARCHITECTURE.md)** - Technical architecture, platform implementations, and performance details\n- **[PROFILING.md](PROFILING.md)** - Performance profiling guide with flamegraph setup and optimization tips\n- **[ROADMAP.md](ROADMAP.md)** - Planned features and future improvements\n- **[RELEASE.md](RELEASE.md)** - Release process for maintainers\n\n## Contributing\n\nContributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute.\n\nSee [CONTRIBUTORS.md](CONTRIBUTORS.md) for a list of people who have contributed to this project.\n\n## License\n\nThis project is licensed under the Apache License, Version 2.0 - see the [LICENSE](LICENSE) file for details.\n\n## Acknowledgments\n\n- Built with [ratatui](https:\u002F\u002Fgithub.com\u002Fratatui-org\u002Fratatui) for the terminal UI\n- Packet capture powered by [libpcap](https:\u002F\u002Fwww.tcpdump.org\u002F)\n- Inspired by tools like `tshark\u002Fwireshark\u002Ftcpdump`, `sniffnet`, `netstat`, `ss`, `iftop`, and [bandwhich](https:\u002F\u002Fgithub.com\u002Fimsnif\u002Fbandwhich)\n- Some code is vibe coded (OMG) \u002F may the LLM gods be with you\n\n---\n\n## Documentation Moved\n\nSome sections have been moved to dedicated files for better organization:\n\n- **Permissions Setup**: Now in [INSTALL.md - Permissions Setup](INSTALL.md#permissions-setup)\n- **Installation Instructions**: Now in [INSTALL.md](INSTALL.md)\n- **Detailed Usage**: Now in [USAGE.md](USAGE.md)\n- **Architecture Details**: Now in [ARCHITECTURE.md](ARCHITECTURE.md)\n","RustNet 是一个用于终端的进程级网络监控工具，支持深度数据包检测，并且默认沙箱化。其核心功能包括通过 eBPF（Linux）、PKTAP（macOS）等技术将每个 TCP、UDP 和 QUIC 连接映射到其所属进程，提供深度数据包检查以识别多种协议如 HTTP、HTTPS\u002FTLS 等，以及实施安全沙箱机制来限制权限。此外，它还提供了实时的 TCP 网络分析和智能连接生命周期管理等功能。适合需要对系统内各进程网络活动进行细致观察与控制的安全审计、故障排查或性能优化场景使用。",2,"2026-06-11 03:32:39","trending"]