Question 1

How to install RustNet on Ubuntu?

Accepted Answer

For Ubuntu 25.10+, add the PPA with 'sudo add-apt-repository ppa:domcyrus/rustnet', update, and install with 'sudo apt install rustnet'. Older versions may require building from source as per INSTALL.md.

Question 2

RustNet vs Wireshark: which is better for real-time monitoring?

Accepted Answer

RustNet excels at real-time, connection-centric monitoring with process attribution over SSH, while Wireshark is superior for deep packet analysis and forensics. Use RustNet to quickly see what's making connections, and Wireshark for detailed protocol inspection.

Question 3

How to filter by process name in RustNet?

Accepted Answer

Press '/' to enter filter mode, then type 'process:' followed by the process name (e.g., 'process:firefox'). You can combine filters, like 'process:nginx port:80', for more specific queries as shown in the advanced examples.

Question 4

Does RustNet work on macOS?

Accepted Answer

Yes, RustNet is cross-platform and works on macOS. Install it via Homebrew with 'brew tap domcyrus/rustnet && brew install rustnet', and it uses system APIs for packet capture and interface statistics.

Question 5

How to disable eBPF and use procfs in RustNet?

Accepted Answer

Build RustNet with 'cargo build --release --no-default-features' to disable eBPF and fall back to procfs-based process identification, which provides full process names but with higher CPU overhead, as explained in the eBPF section.

Question 6

Can RustNet export packets for analysis in Wireshark?

Accepted Answer

Yes, use the '--pcap-export' option to capture packets with process attribution, then enrich the pcap file with 'scripts/pcap_enrich.py' to include PID/process context for analysis in Wireshark, as detailed in the PCAP Export section.

rustnet

What is rustnet?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions