I built NetWatch because debugging network issues from a terminal usually turns into a pile of tools: one for interface throughput, one for process/socket visibility, one for pings, one for traceroute, and then Wireshark/tshark when I finally need packets.
NetWatch tries to collapse that into one terminal UI. It shows live interface rates, active connections with process name + PID, gateway/DNS health, packet capture with decode/filtering, topology/traceroute, a connection timeline, and per-process bandwidth.
The new thing in v0.9.0 is a rolling "flight recorder". You can arm a 5-minute window, let it keep rotating, then freeze/export when the issue actually happens. The export bundle includes a pcap plus connection snapshots, health samples, bandwidth context, DNS analytics, alert history, and a summary. The goal is to preserve transient incidents that usually disappear before you can inspect them.
It runs locally and doesn't require a backend or service. netwatch gives interface/connection visibility, and sudo netwatch adds packet capture + ICMP health probes.
Install:
brew install matthart1983/tap/netwatchcargo install netwatch-tui
Repo: https://github.com/matthart1983/netwatch
I'd especially like feedback from people who already use Wireshark, tshark, iftop, bandwhich, tcpdump, or lsof/netstat in incident work. What feels useful, and what still feels missing from that workflow?
Top comments (0)