Real-time network diagnostics

See Everything.
Control the Signal.

Your network is talking. NetWatch lets you listen.
Like htop for your network β€” built in Rust for zero compromise.

$ cargo install netwatch-tui
$ sudo netwatch
# 8 tabs. 10+ protocols. Zero config. Full control.
Get Started View Source
9,300+
Lines of Rust
10+
Decoded Protocols
8
Diagnostic Tabs
127+
Unit Tests

// live_demo

Watch the Network Breathe

Dashboard with live interface stats, bandwidth graphs, top connections, health probes, and latency heatmap.

netwatch β€” sudo β€” 192Γ—48
NetWatch demo β€” Dashboard, Connections, Interfaces, Packets, and Help overlay

// feature_set

Every Packet. Every Socket. Every Signal.

From passive monitoring to deep packet inspection β€” all in a single lightweight binary.

πŸ“‘

Live Interface Monitoring

RX/TX rates, totals, and 60-second sparkline history for every network interface. Aggregate bandwidth graphs across all active interfaces.

1s polling
πŸ”Œ

Active Connections

Every open socket with process name, PID, protocol, state, and addresses. Sortable columns with GeoIP location and WHOIS lookups.

PID attribution
πŸ”¬

Deep Packet Inspection

Wireshark-style live capture with protocol decoding for DNS, TLS, HTTP, ICMP, ARP, DHCP, NTP, mDNS, and more. Hex/ASCII dump included.

10+ protocols
πŸ”—

TCP Stream Reassembly

Follow TCP/UDP conversations with bidirectional text and hex views. Direction filtering, automatic SYN→SYN-ACK→ACK handshake timing.

stream tracking
πŸ”

Display Filters

Wireshark-style filter bar with protocol, IP, port, stream index, text search, and full AND/OR/NOT combinators. Applied live as you type.

live filtering
βš•οΈ

Expert Info & Coloring

Automatic severity classification β€” Error, Warning, Note, Chat. Color-coded rows for RSTs, NXDOMAIN, FIN, zero window, ICMP unreachable.

auto-classify
πŸ—ΊοΈ

Network Topology

ASCII box diagram showing your machine, gateway, DNS servers, and top remote hosts with connection counts. Health indicators and traceroute built in.

visual map
πŸ“Š

Connection Timeline

Gantt-style horizontal bar chart of connection lifetimes. Color-coded by state. Adjustable time windows from 30 seconds to 1 hour.

temporal view
πŸ€–

AI Network Insights

Real-time AI analysis via local Ollama. Auto-analyzes every 15 seconds. Detects security concerns, performance issues, and anomalies.

ollama-powered
πŸ’Ύ

PCAP Export

Save captured packets to standard .pcap files readable by Wireshark, tshark, and tcpdump. Export full capture or filtered subsets.

interoperable
🌐

GeoIP & WHOIS

Background IP geolocation with country, city, and org display. On-demand RDAP WHOIS for any IP. Private IPs automatically skipped.

network intel
πŸ₯

Health Probes

ICMP ping probes to gateway and DNS with RTT and packet loss. Color-coded latency heatmap with 60-sample history on the Dashboard.

5s probing

// tab_system

Eight Views. One Keystroke Away.

Press 1–8 to switch between diagnostic views. Everything keyboard-driven.

Dashboard

Everything at a glance. The default view combines all critical network telemetry into a single pane of glass.

  • All interfaces with live RX/TX rates and status
  • Full-width aggregate bandwidth sparklines (60s history)
  • Top 5 most active connections
  • Gateway and DNS health with latency heatmap
  • Error, drop, and collision counters
en0 192.168.1.42 β–†β–†β–† 12.4 MB/s β–ƒβ–ƒ 1.2 MB/s UP lo0 127.0.0.1 ▁▁▁ 0.1 KB/s ▁▁ 0.1 KB/s UP BANDWIDTH (en0) last 60s RX β–β–‚β–ƒβ–…β–†β–ˆβ–‡β–…β–ƒβ–‚β–β–‚β–ƒβ–…β–‡β–ˆβ–‡β–…β–ƒβ–‚β–β–β–‚β–ƒβ–…β–†β–ˆβ–‡β–…β–ƒβ–‚ TX ▁▁▂▂▃▃▂▂▁▁▁▂▂▃▃▂▂▁▁▁▁▁▂▂▃▃▂▂▁▁ HEALTH Gateway 192.168.1.1 RTT 1.2ms Loss 0.0% DNS 8.8.8.8 RTT 12ms Loss 0.0% ▁▂▁▁▂▁▁▁▂▁▂▁▁▁▁▂▁▁▁▂▁▂▃▂▁▁▁▂▁▁ ← heatmap

Connections

Full scrollable table of every active network socket β€” with process attribution down to the PID.

  • Process name, PID, protocol, state, addresses
  • Sortable columns (s to cycle)
  • Jump to filtered packets with Enter
  • GeoIP location column (g to toggle)
  • On-demand WHOIS and traceroute
Process PID Proto State Local Remote ───────────────────────────────────────────────────────────── firefox 1234 TCP ESTABLISHED 192.168.1.42:54321 142.250.1.1:443 ssh 5678 TCP ESTABLISHED 192.168.1.42:22 10.0.0.5:49231 curl 9012 TCP ESTABLISHED 192.168.1.42:54999 52.12.0.8:443 node 3456 TCP LISTEN 0.0.0.0:3000 *:* postgres 7890 TCP LISTEN 127.0.0.1:5432 *:* s:Sort Enter:β†’Packets T:Traceroute W:Whois g:Geo

Packets

Live packet capture with Wireshark-level protocol inspection. Deep decoding, stream reassembly, and expert classification.

  • Layer-by-layer protocol decode (Eth β†’ IP β†’ TCP β†’ App)
  • DNS, TLS (with SNI), HTTP, ICMP, ARP, DHCP, NTP
  • TCP stream follow with direction arrows
  • Display filters with AND/OR/NOT combinators
  • Bookmarks, PCAP export, BPF capture filters
# Time Source Dest Proto Info ● 1 15:04:32 192.168.1.42 142.250.1.1 TLS Client Hello β†’ sni:google.com ● 2 15:04:32 142.250.1.1 192.168.1.42 TLS Server Hello v1.3 Β· 3 15:04:33 192.168.1.42 8.8.8.8 DNS Query A api.example.com ● 4 15:04:33 8.8.8.8 192.168.1.42 DNS Response A 52.12.0.8 β–² 5 15:04:34 192.168.1.42 10.0.0.99 TCP RST, ACK Β· 6 15:04:34 192.168.1.42 52.12.0.8 HTTP GET /api/users / tcp and port 443β–ˆ

Topology

ASCII network map showing your machine at the center, connected to infrastructure and remote hosts.

  • Local machine with hostname and active interfaces
  • Gateway and DNS with health indicators (●)
  • Top remote hosts by connection count
  • Hop-by-hop traceroute with T key
  • Jump to connections with Enter
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ DNS │─── 0Γ— ──│ │─ 3Γ— β”‚ 52.12.0.8 β”‚ β”‚ 8.8.8.8 β”‚ β”‚ myhost β”‚ β”‚ curl (TCP) β”‚ β”‚ ●12ms 0% β”‚ β”‚ 192.168.1.42 β”‚ β”‚ US, AWS β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ en0 / utun3 β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ ↑12.4 MB/s │─ 5Γ— β”‚142.250.1.1 β”‚ β”‚ Gateway │── 0Γ— ───│ ↓ 1.2 MB/s β”‚ β”‚chrome (TCP)β”‚ β”‚192.168.1 β”‚ β”‚ β”‚ β”‚ US, Google β”‚ β”‚ ● 1.2ms β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Timeline

Gantt-style bar chart of connection lifetimes β€” see connection storms, long-lived sessions, and churn at a glance.

  • Horizontal bars spanning first-seen to last-seen
  • Color-coded by state (ESTABLISHED, LISTEN, SYN, FIN)
  • Adjustable time windows: 30s, 1m, 5m, 15m, 1h
  • Active vs closed connection tracking
  • Navigate to connections with Enter
TIMELINE (last 5m) ← 5m ago now β†’ ───────────────────────────────────────────────────── ssh 10.0.0.5 β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–“ firefox 142.250.1.1 β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“ curl 52.12.0.8 β–ˆβ–ˆβ–‘β–‘ node 127.0.0.1 β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–“ DNS 8.8.8.8 β–ˆβ–‘ β–ˆβ–‘ β–ˆβ–‘ β–ˆβ–‘ β–ˆβ–‘ Active: 5 β”‚ Closed: 2 β”‚ Total seen: 7

AI Insights

Real-time AI-powered analysis of your network traffic via a local Ollama instance. Your data never leaves your machine.

  • Auto-analyzes every 15 seconds
  • On-demand analysis with a key from any tab
  • Detects security concerns and anomalies
  • Performance issue identification
  • Graceful fallback when Ollama unavailable
AI INSIGHTS Updated 3s ago ────────────────────────────────────────────── 🟒 Network health is good. Gateway latency 1.2ms with 0% packet loss. πŸ”΅ 3 active HTTPS connections detected. All using TLS 1.3 β€” good security posture. 🟑 DNS query volume elevated (47 queries/min). Consider local DNS caching. 🟒 No connection anomalies detected. All sockets in expected states. Model: llama3.2 β”‚ Analysis: 2.3s β”‚ a:Analyze

// protocol_decode

Deep Protocol Intelligence

Layer-by-layer decoding from Ethernet frames to application payloads. Every field parsed and labeled.

DNSQueries, types, response codes
TLSHandshake, version, SNI
HTTPMethod, path, status
TCPFlags, streams, handshakes
UDPPorts, payloads, streams
ICMPType/code, TTL exceeded
ICMPv6Neighbor, router, echo
ARPWho-has, is-at, MAC
DHCPDiscover, Offer, ACK
NTPVersion, mode, sync
mDNSMulticast discovery
IPv6Headers, flow labels

// system_architecture

Built for Speed. Designed for Clarity.

Three-layer architecture: collectors gather data, app state aggregates, and the TUI renders β€” all in Rust with zero garbage collection.

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ TUI Renderer β”‚ β”‚ (ratatui / crossterm) β”‚ β”‚ dashboard β”‚ connections β”‚ packets β”‚ topology β”‚ … β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ App State Layer β”‚ β”‚ (aggregation, sorting, filtering) β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ Traffic β”‚ Connect β”‚ Config β”‚ Health β”‚ Packets β”‚ β”‚ Collect β”‚ Collect β”‚ Collect β”‚ Prober β”‚ Collector β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β”‚ GeoIP β”‚ Whois β”‚Insights β”‚ Trace β”‚ Stream β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ Tracker β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β–² β–² β–² β–² β–² /sys/class ss/lsof ip route ICMP libpcap /proc/net netstat resolv.conf ping BPF filter

// install

Up and Running in 30 Seconds

One command. No config files. No daemons. Just run it.

From crates.io

$ cargo install netwatch-tui

Requires Rust toolchain (1.70+) and libpcap-dev

From source

$ git clone https://github.com/matthart1983/netwatch.git
$ cd netwatch
$ cargo build --release

Binary at ./target/release/netwatch

🐧
Linux
apt install libpcap-dev
🍎
macOS
Xcode CLI Tools
πŸͺŸ
Windows
Npcap required

Your Network. Transparent.

Open source. MIT licensed. No telemetry. No cloud. Your data stays on your machine.

Star on GitHub View on crates.io