What may make it interesting:

• Deep packet inspection for HTTP, HTTPS/TLS (with SNI), DNS, and QUIC protocol detection

• Process identification using eBPF on Linux (experimental) and PKTAP on macOS which does also catch short-lived processes that polling procfs or lsof would miss

• Multi-threaded packet processing with lock-free data structures for the UI

• Cross-platform (Linux, macOS, Windows but process identification so far only on Linux/macOS)

The eBPF implementation was a bit more tricky to implement than using PKTAP, but it was very interesting to learn about how to hook into tcp_connect, udp_sendmsg, etc. in order to catch process info before connections disappear.

I built this as a lightweight Wireshark alternative for quick TUI based network inspection with process identification.

Install: cargo build --release, run with sudo or set capabilities. Homebrew tap also available.

Would love feedback on the project and any ideas for additional protocol detection or any other suggestions. Thanks