Live interface bandwidth with sparkline history Active connections with process/PID mapping Deep packet capture with protocol decoding (DNS, TLS/SNI, HTTP, ICMP, ARP, DHCP, NTP) Wireshark-style display filters (tcp and port 443, contains "google", dns or icmp) TCP stream reassembly with text/hex views TCP handshake timing (SYN→SYN-ACK→ACK latency) GeoIP and RDAP whois lookups PCAP export Protocol hierarchy statistics

Built with Rust, ratatui, and libpcap. Cross-platform: macOS, Linux, and Windows.

cargo install netwatch-tui

I've been in network/trading systems engineering for 20 years and wanted a tool that sits between netstat and Wireshark — something you can fire up in a second to answer "what's happening on my network right now?" without the overhead of a full GUI.

Feedback welcome — especially on the packet decoding and filter syntax.