What may make it interesting:
• Deep packet inspection for HTTP, HTTPS/TLS (with SNI), DNS, and QUIC protocol detection
• Process identification using eBPF on Linux (experimental) and PKTAP on macOS which does also catch short-lived processes that polling procfs or lsof would miss
• Multi-threaded packet processing with lock-free data structures for the UI
• Cross-platform (Linux, macOS, Windows but process identification so far only on Linux/macOS)
The eBPF implementation was a bit more tricky to implement than using PKTAP, but it was very interesting to learn about how to hook into tcp_connect, udp_sendmsg, etc. in order to catch process info before connections disappear.
I built this as a lightweight Wireshark alternative for quick TUI based network inspection with process identification.
Install: cargo build --release, run with sudo or set capabilities. Homebrew tap also available.
Would love feedback on the project and any ideas for additional protocol detection or any other suggestions. Thanks