Snitch – a friendly netstat alternative for humans

a friendlier ss / netstat for humans. inspect network connections with a clean tui or styled tables. go install github.com/karol-broda/snitch@latest # try it nix run github:karol-broda/snitch # install to profile nix profile install github:karol-broda/snitch # or add to flake inputs { inputs.snitch.url = "github:karol-broda/snitch"; } # then use: inputs.snitch.packages.${system}.default # with yay yay -S snitch-bin # with paru paru -S snitch-bin curl -sSL https://raw.githubusercontent.com/karol-broda/snitch/master/install.sh | sh installs to ~/.local/bin if available, otherwise /usr/local/bin . override with: curl -sSL https://raw.githubusercontent.com/karol-broda/snitch/master/install.sh | INSTALL_DIR=~/bin sh macos: the install script automatically removes the quarantine attribute ( com.apple.quarantine ) from the binary to allow it to run without gatekeeper warnings. to disable this, set KEEP_QUARANTINE=1 . download from releases : linux: snitch_<version>_linux_<arch>.tar.gz or .deb / .rpm / .apk macos: snitch_<version>_darwin_<arch>.tar.gz tar xzf snitch_*.tar.gz sudo mv snitch /usr/local/bin/ macos: if blocked with "cannot be opened because the developer cannot be verified", run:xattr -d com.apple.quarantine /usr/local/bin/snitch snitch # launch interactive tui snitch -l # tui showing only listening sockets snitch ls # print styled table and exit snitch ls -l # listening sockets only snitch ls -t -e # tcp established connections snitch ls -p # plain output (parsable) interactive tui with live-updating connection list. snitch # all connections snitch -l # listening only snitch -t # tcp only snitch -e # established only snitch -i 2s # 2 second refresh interval keybindings: j/k, ↑/↓ navigate g/G top/bottom t/u toggle tcp/udp l/e/o toggle listen/established/other s/S cycle sort / reverse w watch/monitor process (highlight) W clear all watched K kill process (with confirmation) / search enter connection details ? help q quit one-shot table output. uses a pager automatically if output exceeds terminal height. snitch ls # styled table (default) snitch ls -l # listening only snitch ls -t -l # tcp listeners snitch ls -e # established only snitch ls -p # plain/parsable output snitch ls -o json # json output snitch ls -o csv # csv output snitch ls -n # numeric (no dns resolution) snitch ls --no-headers # omit headers json output for scripting. snitch json snitch json -l stream json frames at an interval. snitch watch -i 1s | jq '.count' snitch watch -l -i 500ms check for updates and upgrade in-place. snitch upgrade # check for updates snitch upgrade --yes # upgrade automatically snitch upgrade -v 0.1.7 # install specific version shortcut flags work on all commands: -t, --tcp tcp only -u, --udp udp only -l, --listen listening sockets -e, --established established connections -4, --ipv4 ipv4 only -6, --ipv6 ipv6 only -n, --numeric no dns resolution for more specific filtering, use key=value syntax with ls : snitch ls proto=tcp state=listen snitch ls pid=1234 snitch ls proc=nginx snitch ls lport=443 snitch ls contains=google styled table (default): ╭─────────────────┬───────┬───────┬─────────────┬─────────────────┬────────╮ │ PROCESS │ PID │ PROTO │ STATE │ LADDR │ LPORT │ ├─────────────────┼───────┼───────┼─────────────┼─────────────────┼────────┤ │ nginx │ 1234 │ tcp │ LISTEN │ * │ 80 │ │ postgres │ 5678 │ tcp │ LISTEN │ 127.0.0.1 │ 5432 │ ╰─────────────────┴───────┴───────┴─────────────┴─────────────────┴────────╯ 2 connections plain output ( -p...

Preview: ~500 words