Show HN: Network Monitor – a GUI to spot anomalous connections on your Linux
107 points
5 days ago
| 14 comments
| HN
A real-time network connection monitoring tool built with Rust and GTK4, displaying active connections with live I/O statistics in a modern graphical interface. https://github.com/grigio/network-monitor
heybrendan
5 hours ago
[-]
I see that you're parsing `ss` output in 'src/services/network.rs' (L22-L31) [1]. I find this to be a rather shaky foundation as any future drift or deviation in the `ss` utility's output could potentially yield unforeseen consequences.

I'm vaguely aware that there are crates available in the Rust ecosystem for interrogating and manipulating sockets much more directly as well as high level abstractions for all things netlink (read: AF_NETLINK). Is wielding Rust's socket/netlink libraries unsuitable in some way, or was it merely deemed out of the design scope?

Very cool project, please keep going!

[1] https://github.com/grigio/network-monitor/blob/master/src/se...

reply
a-dub
5 hours ago
[-]
maybe consider support for the opensnitch ebpf backend?
reply
jrm4
9 hours ago
[-]
Fantastic, more of this. I don't know if I'm just missing it or what, but I'd love a GUI thing that showed all the devices on my network maybe even with a graph view.

I'm using an Eero router out of laziness and even it has some features here that I'd like to see more of in polished "home-user" style network tools; especially since it seems as if more are getting into the "homelab"/"selfhosted" thing.

reply
0134340
7 hours ago
[-]
Do you mean something like nmap's network topolgy view? https://nmap.org/book/zenmap-topology.html

Just for visualizing network topology on Linux, there's a lot of tools.

reply
bongodongobob
7 hours ago
[-]
That's impossible to do reliably without using agents, SNMP, or some other kind of communication protocol that you'll have to set up on each device. If you're ok with that, use SNMP. If you want topology, you'll have to have an agent that logs into all your networking gear and parses the configs.
reply
BoppreH
6 hours ago
[-]
Cool project, I wish we had more GUIs for these OS functions. How was your experience with GTK4 and Rust?

And it's a bit sad that in the year of our lord 2025, the best way to get such fundamental information is by using regexes to parse a table[1], generated by a 6000-line C program[2], which is verified by (I hope I'm wrong!) a tiny test suite[3]. OSQuery[4] is also pretty cool, but it builds upon this fragile stack.

That's something I miss from Windows, at least PowerShell has built-in commands that give you structured output.

[1] https://github.com/grigio/network-monitor/blob/9dc470553bfdd...

[2] https://github.com/iproute2/iproute2/blob/main/misc/ss.c

[3] https://github.com/iproute2/iproute2/blob/main/testsuite/tes...

[4] https://osquery.io/

reply
typpilol
4 hours ago
[-]
I am in the process of building myself a cross platform GUI for network monitoring.

Simply because I need one for non-critical stuff and things like uptime robot are enterprise geared and too expensive for me to entertain.

I wish there was an uptime robot for like 25 cents a monitor a month.

reply
mordechai9000
10 hours ago
[-]
Nice work!

I do want to say, I don't like having to rely on scraping ss output. But that's not a comment on this project - I have done the exact same thing. It just proved to be the most expedient way given the constraints I was under. I suspect there is a lot of devops and CI/CD code out there that relies on the output format of ss. My concern is that parsing text intended for human readability and not machine processing is brittle and prone to failure due to unforeseen circumstances, or a package upgrade that changes the behavior.

reply
khimaros
19 minutes ago
[-]
it sounds like you want https://github.com/evilsocket/opensnitch
reply
mbana
7 hours ago
[-]
I was going to say the same thing.

I really like the eBPF approach as pointed out to by the other comments. I feel like this is the ideal approach, please correct me if I'm wrong.

A callback based approach as opposed to (constantly) polling the output of some command is ideal.

reply
mroche
10 hours ago
[-]
Cool project! As a more advanced form, I think it should be possible to get all this information via eBPF rather than ss output and scraping /proc.

Food for thought!

reply
rlmp_89
9 hours ago
[-]
https://github.com/pythops/oryx

-> voila!

reply
arcanemachiner
7 hours ago
[-]
The OP's project shows process names, which I do not see in this program.
reply
mentalgear
8 hours ago
[-]
BTW: This is also a TUI - much preferred !
reply
oneshtein
8 hours ago
[-]
eBPF doesn't work on locked down kernels (stock kernels in Secure Boot mode).
reply
mroche
44 minutes ago
[-]
eBPF is restricted when booted in a SB environment, but it's not nonfunctional. The default config puts the kernel into "integrity" mode of Kernel Lockdown, which reduces scope of access and enforces read-only usage.

Whether or not the specific functions needed to replicate this tool are impacted is beyond my knowledge.

reply
SlavikCA
11 hours ago
[-]
That screenshot / video on README page is mostly unreadable. Can't get anything out of it.
reply
voodooEntity
10 hours ago
[-]
Same for me.

What info does it show more than a:

"netstat -tulpn"

Wrote myself a script years ago that basically loops netstat -tulpn watch like for the same purpose - just wondering if your tool shows me more than that.

reply
Simon-curtis
10 hours ago
[-]
modern graphical interface, for a start
reply
voodooEntity
10 hours ago
[-]
I was asking which information it shows not what output it uses to display that information....
reply
IshKebab
9 hours ago
[-]
This app is clearly a demonstration of GTK4's light/dark transition animation. Looks like it works perfectly to me!
reply
hamburglar
9 hours ago
[-]
Come on, now. You can see that it supports today’s most critical feature: it has dark mode and light mode.

/s

reply
noir_lord
9 hours ago
[-]
If you live in the terminal it's all dark mode*

* unless you are one of those weirdo's who has a black on white terminal in which case you should be on a watch list (/s in case wasn't immediately obvious).

reply
bolangi
5 hours ago
[-]
I've been there since the DOS days when it was all dark mode, green phosphor characters on a black CRT. I was there when amber monitors were the new thing. (I still love sunglasses with brown lenses.) And I watched the early Apple computers with graphics and black-characters-on-white display style that has been the rage ever since... well since the recent new thing being dark mode.

It reminds me of fashion trends, miniskirts then maxis, up and down past the knee like tides.

Fads, that's the word.

reply
hamburglar
7 hours ago
[-]
I am exactly that kind of weirdo, but then again I’ve been reading black on white books for my entire life and I never thought to complain about it.
reply
neilv
6 hours ago
[-]
Thanks especially for using GTK with Rust to do this. We need to keep desktop Linux GUI libraries alive and viable (as an alterative to Web site GUI frameworks, Electron apps with Web frameworks, and proprietary mobile app platforms).
reply
hombre_fatal
4 hours ago
[-]
Though I was let down last week when I ported a TUI to GTK4 and found out that even a hello world gtk4.h C app uses 200mb RAM.

I haven’t tried it yet but I believe Qt will weigh around the same.

The TUI I ported uses <8mb RAM so I kinda lost interest in the GUI endeavor for my tools since I like to have one running in each project workspace.

reply
exploraz
1 hour ago
[-]
> Though I was let down last week when I ported a TUI to GTK4 and found out that even a hello world gtk4.h C app uses 200mb RAM.

Bit of a rant I wanted to share here:

I've seen the same happened on zenity (a GUI dialog utility for shell scripts) since they migrated from GTK3 into GTK4.

Now zenity took almost 2 seconds to launch instead of .5 to a second when they still used GTK3.

This might be an issue on both libadwaita and GTK4 itself.

Both pavucontrol (which uses GTK4 but not libadwaita, at least for now) and even a simple dialog in zenity (GTK4+libadwaita) consumed over 100 MiB of memory according to btop measurement, while both thunar and engrampa, which is both GTK3 apps, only consumed half the amount of memory usage (about 50 MiB according to btop).

However, I've noticed that zenity, GNOME apps, and other apps that uses libadwaita took longer to launch compared to apps that only used GTK4 (pavucontrol), which launched as fast as other GTK3 apps does.

reply
kazishariar
3 hours ago
[-]
Submitted a pull request for MacOS Support - please approve. Tnx!
reply
Beijinger
4 hours ago
[-]
On a first look: The same as the shell tool nethogs, just with a GUI
reply
WD-42
10 hours ago
[-]
Nice work. I’ve been writing an app using the same stack. The gtk-rs bindings are actually pretty productive once you get used to it! And it’s so fast.
reply
XiS
7 hours ago
[-]
So nethogs, but with a gui?
reply
lone-cloud
7 hours ago
[-]
The code is partly refined AI generated slop and the UX is lacking. The functionality is very basic and needs to be more thoroughly tested. This type of project is half a work day tops for a senior+ dev to create with agentic coding.
reply
johannesrexx
3 hours ago
[-]
May I ask how you made the determination that network-monitor is "partly refined AI generated slop"?
reply
lone-cloud
1 hour ago
[-]
The mindless code comments are a dead giveaway. It's always the same pattern of: "a thing" <--- here is a thing Generally a dev would clean these up, but when they don't it's a major red flag to me that it's just unreviewed vibe coded slop.
reply
LoganDark
2 hours ago
[-]
I came to this conclusion as well. The README gives off some vibes but the sheer volume and writing style of the code comments is what really sells it for me. For example:

https://github.com/grigio/network-monitor/blob/9dc470553bfdd...

    // Enhanced styling with column-specific classes and alignment
This sort of marketing-speak isn't what people typically put in their code, LLMs love buzzwords. It's not just this, it's everything, but hopefully you get what I mean.
reply
pm2222
9 hours ago
[-]
eBPF/XDP is nice and hard to use. Packet capture is so common that I wish that there were a simpler way like pcap.
reply
rlmp_89
9 hours ago
[-]
https://github.com/pythops/oryx
reply
jdthedisciple
9 hours ago
[-]
Is there a version of this for the CLI?
reply
dwattttt
9 hours ago
[-]
bandwhich[0] is a recent one I'm familiar with

[0] https://github.com/imsnif/bandwhich

reply
arunc
46 minutes ago
[-]
Unfortunate to see this project in passive maintenance! Hope the get the required funding/human power.
reply