Show HN: Network Monitor – a GUI to spot anomalous connections on your Linux

Recorded: Nov. 30, 2025, 1:07 a.m.

Original

Summarized

heybrendan 1 hour ago | next [–]
I see that you're parsing `ss` output in 'src/services/network.rs' (L22-L31) [1]. I find this to be a rather shaky foundation as any future drift or deviation in the `ss` utility's output could potentially yield unforeseen consequences.I'm vaguely aware that there are crates available in the Rust ecosystem for interrogating and manipulating sockets much more directly as well as high level abstractions for all things netlink (read: AF_NETLINK). Is wielding Rust's socket/netlink libraries unsuitable in some way, or was it merely deemed out of the design scope?Very cool project, please keep going![1] https://github.com/grigio/network-monitor/blob/master/src/se...replya-dub 35 minutes ago | parent | next [–]
maybe consider support for the opensnitch ebpf backend?replyBoppreH 1 hour ago | prev | next [–]
Cool project, I wish we had more GUIs for these OS functions. How was your experience with GTK4 and Rust?And it's a bit sad that in the year of our lord 2025, the best way to get such fundamental information is by using regexes to parse a table[1], generated by a 6000-line C program[2], which is verified by (I hope I'm wrong!) a tiny test suite[3]. OSQuery[4] is also pretty cool, but it builds upon this fragile stack.That's something I miss from Windows, at least PowerShell has built-in commands that give you structured output.[1] https://github.com/grigio/network-monitor/blob/9dc470553bfdd...[2] https://github.com/iproute2/iproute2/blob/main/misc/ss.c[3] https://github.com/iproute2/iproute2/blob/main/testsuite/tes...[4] https://osquery.io/replyjrm4 4 hours ago | prev | next [–]
Fantastic, more of this. I don't know if I'm just missing it or what, but I'd love a GUI thing that showed all the devices on my network maybe even with a graph view.I'm using an Eero router out of laziness and even it has some features here that I'd like to see more of in polished "home-user" style network tools; especially since it seems as if more are getting into the "homelab"/"selfhosted" thing.reply0134340 2 hours ago | parent | next [–]
Do you mean something like nmap's network topolgy view? https://nmap.org/book/zenmap-topology.htmlJust for visualizing network topology on Linux, there's a lot of tools.replybongodongobob 2 hours ago | parent | prev | next [–]
That's impossible to do reliably without using agents, SNMP, or some other kind of communication protocol that you'll have to set up on each device. If you're ok with that, use SNMP. If you want topology, you'll have to have an agent that logs into all your networking gear and parses the configs.replymordechai9000 6 hours ago | prev | next [–]
Nice work!I do want to say, I don't like having to rely on scraping ss output. But that's not a comment on this project - I have done the exact same thing. It just proved to be the most expedient way given the constraints I was under. I suspect there is a lot of devops and CI/CD code out there that relies on the output format of ss. My concern is that parsing text intended for human readability and not machine processing is brittle and prone to failure due to unforeseen circumstances, or a package upgrade that changes the behavior.replymbana 2 hours ago | parent | next [–]
I was going to say the same thing.I really like the eBPF approach as pointed out to by the other comments. I feel like this is the ideal approach, please correct me if I'm wrong.A callback based approach as opposed to (constantly) polling the output of some command is ideal.replyBeijinger 20 minutes ago | prev | next [–]
On a first look: The same as the shell tool nethogs, just with a GUIreplymroche 5 hours ago | prev | next [–]
Cool project! As a more advanced form, I think it should be possible to get all this information via eBPF rather than ss output and scraping /proc.Food for thought!replyrlmp_89 4 hours ago | parent | next [–]
https://github.com/pythops/oryx-> voila!replyarcanemachiner 2 hours ago | root | parent | next [–]
The OP's project shows process names, which I do not see in this program.replymentalgear 4 hours ago | root | parent | prev | next [–]
BTW: This is also a TUI - much preferred !replyoneshtein 3 hours ago | parent | prev | next [–]
eBPF doesn't work on locked down kernels (stock kernels in Secure Boot mode).replyneilv 2 hours ago | prev | next [–]
Thanks especially for using GTK with Rust to do this. We need to keep desktop Linux GUI libraries alive and viable (as an alterative to Web site GUI frameworks, Electron apps with Web frameworks, and proprietary mobile app platforms).replyhombre_fatal 12 minutes ago | parent | next [–]
Though I was let down last week when I ported a TUI to GTK4 and found out that even a hello world gtk4.h C app uses 200mb RAM.I haven’t tried it yet but I believe Qt will weigh around the same.The TUI I ported uses <8mb RAM so I kinda lost interest in the GUI endeavor for my tools since I like to have one running in each project workspace.replySlavikCA 6 hours ago | prev | next [–]
That screenshot / video on README page is mostly unreadable. Can't get anything out of it.replyvoodooEntity 6 hours ago | parent | next [–]
Same for me.What info does it show more than a:"netstat -tulpn"Wrote myself a script years ago that basically loops netstat -tulpn watch like for the same purpose - just wondering if your tool shows me more than that.replySimon-curtis 5 hours ago | root | parent | next [–]
modern graphical interface, for a startreplyvoodooEntity 5 hours ago | root | parent | next [–]
I was asking which information it shows not what output it uses to display that information....replyIshKebab 4 hours ago | parent | prev | next [–]
This app is clearly a demonstration of GTK4's light/dark transition animation. Looks like it works perfectly to me!replyhamburglar 5 hours ago | parent | prev | next [–]
Come on, now. You can see that it supports today’s most critical feature: it has dark mode and light mode./sreplynoir_lord 4 hours ago | root | parent | next [–]
If you live in the terminal it's all dark mode** unless you are one of those weirdo's who has a black on white terminal in which case you should be on a watch list (/s in case wasn't immediately obvious).replybolangi 1 hour ago | root | parent | next [–]
I've been there since the DOS days when it was all dark mode, green phosphor characters on a black CRT. I was there when amber monitors were the new thing. (I still love sunglasses with brown lenses.) And I watched the early Apple computers with graphics and black-characters-on-white display style that has been the rage ever since... well since the recent new thing being dark mode.It reminds me of fashion trends, miniskirts then maxis, up and down past the knee like tides.Fads, that's the word.replyhamburglar 2 hours ago | root | parent | prev | next [–]
I am exactly that kind of weirdo, but then again I’ve been reading black on white books for my entire life and I never thought to complain about it.replyXiS 2 hours ago | prev | next [–]
So nethogs, but with a gui?replyWD-42 6 hours ago | prev | next [–]
Nice work. I’ve been writing an app using the same stack. The gtk-rs bindings are actually pretty productive once you get used to it! And it’s so fast.replyjdthedisciple 4 hours ago | prev | next [–]
Is there a version of this for the CLI?replydwattttt 4 hours ago | parent | next [–]
bandwhich[0] is a recent one I'm familiar with[0] https://github.com/imsnif/bandwhichreplypm2222 5 hours ago | prev | next [–]
eBPF/XDP is nice and hard to use.
Packet capture is so common that I wish that there were a simpler way like pcap.replyrlmp_89 4 hours ago | parent | next [–]
https://github.com/pythops/oryxreplylone-cloud 2 hours ago | prev [–]
The code is partly refined AI generated slop and the UX is lacking. The functionality is very basic and needs to be more thoroughly tested. This type of project is half a work day tops for a senior+ dev to create with agentic coding.reply

This Hacker News discussion highlights several key aspects of the “Network Monitor” project, a GUI tool built with Rust and GTK4 for analyzing Linux network connections. The core value proposition, as articulated by the original poster (grigio), is the creation of a modern, graphical interface for monitoring network connections, moving beyond traditional command-line tools like `netstat`.

A significant point of contention raised concerns the project’s reliance on parsing the output of `ss`, a utility itself frequently reliant on C code. Several commenters (heybrendan, boppreH, mordechai9000) emphasized the potential fragility of this approach, arguing that future updates to `ss` could break the monitoring tool. The suggestion of moving to more direct socket/netlink manipulation via Rust’s libraries was considered a more robust long-term solution, although it was deemed out of scope for the initial project.

The discussion also touched upon alternative approaches, such as leveraging eBPF (elastic buffer filtering), which is seen as a more systematic and efficient method for capturing and analyzing network traffic. The mention of “oryx” (https://github.com/pythops/oryx), a network monitoring tool building on eBPF, demonstrates the increasing interest in this technology. The hesitation around eBPF stemmed from concerns about compatibility with locked-down kernels, notably those operating in Secure Boot mode.

Furthermore, there was a notable emphasis on the GUI itself, particularly its use of GTK4 and the implementation of a dark/light mode transition. Several users (hamburglar, noir_lord, XiS) expressed amusement at what they perceived as the primary focus on this feature, suggesting it was being prioritized over the core functionality of network monitoring. This highlights a common dilemma in software development – balancing aesthetics with core requirements. The comparison to “bandwhich” (https://github.com/imsnif/bandwhich) and the broader trend of similar tools underlines a recurring need for a user-friendly interface to manage and observe network activity.

Ultimately, the comments reveal a thoughtful consideration of architectural choices, highlighting the trade-offs involved in building a monitoring tool. The project’s initial reliance on `ss` output, while expedient, was viewed as a potential vulnerability. While the original developer opted for the initially simpler approach, the broader discussion underscores the importance of considering long-term maintainability and the potential benefits of more advanced techniques like eBPF. The developer's choice of GTK4 and the inclusion of a dark/light mode demonstrate an awareness of modern UI design trends, even if it sparked some amusement among the commentators.