NetWatch v0.16.0 — DPI in the terminal: HTTPS/QUIC hostnames, packet decode
Posted by Potential-Access-595@reddit | linuxadmin | View on Reddit | 9 comments
Shipped v0.16.0 with end-to-end Deep Packet Inspection.
- **Packets tab:** INFO column is L7-aware and color-coded. Filter syntax: `app:quic`, `sni:reddit`, `host:github`.
- **Dashboard top-talkers:** real hostnames in the bandwidth panel.
- **Packets detail pane:** decodes QUIC v1/v2 Initial packets and shows the inner CRYPTO/PADDING/PING frame structure.
Full RFC 9001 / 9369 QUIC Initial decryption — HKDF-Expand-Label keys, AES-128 header protection, AES-128-GCM AEAD,
cross-packet ClientHello reassembly. Most peer tools just tag flows as `QUIC`; this one tells you the hostname.
cargo install netwatch-tui
# or
brew install matthart1983/tap/netwatch
Rust + ratatui, MIT. https://github.com/matthart1983/netwatch
mrmh1@reddit
Cannot get it compiled on Ubuntu 2604. Diskwatch compiled just fine.
Potential-Access-595@reddit (OP)
can you share the error? alternatively use a pre-compiled binary from GitHub
pizzacake15@reddit
You forgot to remove the markdown format the AI did on your caption
fubes2000@reddit
There should be a mode to monitor the BlackWall status.
UninvestedCuriosity@reddit
Neat
jrmillr1@reddit
Very cool, will be checking it out soon.
StatementOwn4896@reddit
This looks like YaST tui but better
Zestyclose-Watch-737@reddit
Yup, nice
TDex96@reddit
Looking good, nice work!