DEV Community

Cover image for Sniffnet: monitor your network without losing your mind to tcpdump
Juan Torchia
Juan Torchia Subscriber

Posted on • Originally published at juanchi.dev

Sniffnet: monitor your network without losing your mind to tcpdump

It was 11 PM and a microservice in staging was making calls to some unknown external IP every 30 seconds. It wasn't mine — it belonged to another team — and they'd asked me to look at it because "something weird was going on with the network." I opened Wireshark. It hit me with 47 different filters and an interface that feels deliberately designed to make you feel stupid. Then I tried tcpdump in the terminal, which gave me exactly what I expected: a waterfall of incomprehensible text scrolling at infinite speed.

At that point I wanted something simple. I didn't want to dissect TCP packets at the byte level. I wanted to know: who's talking to whom, how much volume, and from which process? That. Nothing else.

That's when I found Sniffnet, and honestly it changed my workflow for that kind of debugging. It's not an offensive security tool and it doesn't pretend to replace anything professional. It's exactly what I needed: real visibility, fast, with zero friction.

What it does

Sniffnet is an open-source network traffic monitoring application written in Rust that runs on Windows, macOS, and Linux. You can install it as a standalone binary — no external dependencies to break your brain — or via cargo install sniffnet if you already have the Rust ecosystem set up.

What it gives you in practice:

  • Real-time charts of incoming and outgoing traffic per network interface
  • Active connection identification: what IP, what port, what protocol, how many bytes
  • Basic geolocation of external traffic (shows you which country each connection is coming from)
  • Simple filters by protocol, IP, port — no need to learn BPF filter syntax
  • Notifications when any connection exceeds a threshold you define

The source code is at github.com/GyulyVGC/sniffnet and the crate is on crates.io for direct installation.

# Install via Cargo (requires Rust)
cargo install sniffnet

# Or grab the precompiled binary from GitHub Releases
# https://github.com/GyulyVGC/sniffnet/releases
# Available for Windows (.exe), macOS (.dmg), and Linux (.deb / .rpm / AppImage)

# Capturing traffic requires elevated permissions:
sudo sniffnet  # Linux/macOS
# On Windows: run as Administrator
Enter fullscreen mode Exit fullscreen mode

The UI is built with iced, the native GUI framework for Rust. That means fast rendering, a small binary, and no hidden Electron lurking inside eating 400MB of RAM like it's nothing.

# Typical debugging flow:
# 1. Open Sniffnet with sudo
# 2. Select your interface (eth0, wlan0, lo, etc.)
# 3. Watch the real-time dashboard
# 4. Filter by suspicious IP or protocol
# 5. Export the report if you need to keep evidence

# To monitor traffic on a specific port (e.g.: port 8080 for your API)
# Do it directly from the UI — no need to remember tcpdump syntax
Enter fullscreen mode Exit fullscreen mode

What I find genuinely interesting under the hood is the architecture: Rust guarantees that packet capture won't eat your CPU or memory, which is the classic problem with continuous monitoring tools. I ran it for hours on my machine while working and barely noticed it was there.

Why it made the list

This is part 7 of the Awesome Curated: The Tools series, where I dig into tools that went through our curation system: first, consensus across multiple awesome lists (Sniffnet appears in 4 independent lists), then AI analysis, then a human verdict. In this case the verdict was GEM — not just WORTH_TRYING, but genuinely recommended.

Four different lists agreeing is not a coincidence. The developer community tends to align on what actually works, and there's a clear pattern here: Sniffnet fills a gap that's existed for years. The space between "I want to see what my network is doing" and "I want to do professional forensic analysis" was basically empty. Wireshark is powerful but has a brutal learning curve. ntopng is capable but aimed at enterprise infrastructure. tcpdump is pure text. Sniffnet plants itself right in the middle and says: this is for the dev who needs visibility, not for the security analyst.

Compared to the alternatives, the clearest differentiator is the experience. It's not that it has more features — it's that the features it does have are usable without a manual. When I was debugging that mysterious 30-second connection, within 2 minutes I'd already identified the destination IP, the port, and the volume. With Wireshark it would've taken me 15 minutes just to configure the right filters. Time matters when it's 11 PM.

The fact that it's written in Rust matters in this context too. That's not marketing. For a tool running in the background capturing all your network traffic, memory and CPU efficiency isn't a nice-to-have — it's the primary requirement. Rust solves that without you having to think about it.

When NOT to use it

Sniffnet is not Wireshark and doesn't try to be. If you need deep packet analysis — protocol dissection, TCP stream reconstruction, decoding specific payloads — Wireshark (wireshark.org) is still the right tool. No argument there.

Don't use it either if you need infrastructure-level network monitoring with alerts, historical dashboards, event correlation, and all that. For that there are tools like ntopng (ntop.org) or a full observability stack like Prometheus + Grafana with network exporters. Sniffnet is for interactive, real-time use, by one person. It's not an automated monitoring daemon. The root/admin permission requirement also makes it awkward to integrate into automated pipelines — that's a real limitation, not a nitpick.

Closing thoughts

Sniffnet is one of those tools that doesn't do anything revolutionary, but does what it does so well that you end up reaching for it constantly. For connectivity debugging, for poking around at what your machine is doing when you leave it alone, for basic audits before a deploy — it's in my toolbox and it's staying there.

If you landed here from Google and don't know the series, this is part of Awesome Curated: The Tools — deep dives into tools that passed the filter of our curation system. Previous posts cover everything from Docker for Novices to XGBoost, Themis for cryptography, and the full ML ecosystem. Worth browsing through.


This article was originally published on juanchi.dev

Top comments (0)