a friendlier ss / netstat for humans. inspect network connections with a clean tui or styled tables.
go install github.com/karol-broda/snitch@latest
# try it nix run github:karol-broda/snitch # install to profile nix profile install github:karol-broda/snitch # or add to flake inputs { inputs.snitch.url = "github:karol-broda/snitch"; } # then use: inputs.snitch.packages.${system}.default
# with yay yay -S snitch-bin # with paru paru -S snitch-bin
curl -sSL https://raw.githubusercontent.com/karol-broda/snitch/master/install.sh | shinstalls to ~/.local/bin if available, otherwise /usr/local/bin. override with:
curl -sSL https://raw.githubusercontent.com/karol-broda/snitch/master/install.sh | INSTALL_DIR=~/bin sh
macos: the install script automatically removes the quarantine attribute (
com.apple.quarantine) from the binary to allow it to run without gatekeeper warnings. to disable this, setKEEP_QUARANTINE=1.
download from releases:
- linux:
snitch_<version>_linux_<arch>.tar.gzor.deb/.rpm/.apk - macos:
snitch_<version>_darwin_<arch>.tar.gz
tar xzf snitch_*.tar.gz
sudo mv snitch /usr/local/bin/macos: if blocked with "cannot be opened because the developer cannot be verified", run:
xattr -d com.apple.quarantine /usr/local/bin/snitch
snitch # launch interactive tui snitch -l # tui showing only listening sockets snitch ls # print styled table and exit snitch ls -l # listening sockets only snitch ls -t -e # tcp established connections snitch ls -p # plain output (parsable)
interactive tui with live-updating connection list.
snitch # all connections snitch -l # listening only snitch -t # tcp only snitch -e # established only snitch -i 2s # 2 second refresh interval
keybindings:
j/k, ↑/↓ navigate
g/G top/bottom
t/u toggle tcp/udp
l/e/o toggle listen/established/other
s/S cycle sort / reverse
w watch/monitor process (highlight)
W clear all watched
K kill process (with confirmation)
/ search
enter connection details
? help
q quit
one-shot table output. uses a pager automatically if output exceeds terminal height.
snitch ls # styled table (default) snitch ls -l # listening only snitch ls -t -l # tcp listeners snitch ls -e # established only snitch ls -p # plain/parsable output snitch ls -o json # json output snitch ls -o csv # csv output snitch ls -n # numeric (no dns resolution) snitch ls --no-headers # omit headers
json output for scripting.
snitch json snitch json -l
stream json frames at an interval.
snitch watch -i 1s | jq '.count' snitch watch -l -i 500ms
check for updates and upgrade in-place.
snitch upgrade # check for updates snitch upgrade --yes # upgrade automatically snitch upgrade -v 0.1.7 # install specific version
shortcut flags work on all commands:
-t, --tcp tcp only
-u, --udp udp only
-l, --listen listening sockets
-e, --established established connections
-4, --ipv4 ipv4 only
-6, --ipv6 ipv6 only
-n, --numeric no dns resolution
for more specific filtering, use key=value syntax with ls:
snitch ls proto=tcp state=listen snitch ls pid=1234 snitch ls proc=nginx snitch ls lport=443 snitch ls contains=google
styled table (default):
╭─────────────────┬───────┬───────┬─────────────┬─────────────────┬────────╮
│ PROCESS │ PID │ PROTO │ STATE │ LADDR │ LPORT │
├─────────────────┼───────┼───────┼─────────────┼─────────────────┼────────┤
│ nginx │ 1234 │ tcp │ LISTEN │ * │ 80 │
│ postgres │ 5678 │ tcp │ LISTEN │ 127.0.0.1 │ 5432 │
╰─────────────────┴───────┴───────┴─────────────┴─────────────────┴────────╯
2 connections
plain output (-p):
PROCESS PID PROTO STATE LADDR LPORT
nginx 1234 tcp LISTEN * 80
postgres 5678 tcp LISTEN 127.0.0.1 5432
optional config file at ~/.config/snitch/snitch.toml:
[defaults] numeric = false theme = "auto"
- linux or macos
- linux: reads from
/proc/net/*, root orCAP_NET_ADMINfor full process info - macos: uses system APIs, may require sudo for full process info