> tools for the
terminal.
Zero-config network and infrastructure tools for Linux operators. Real-time, local-first, MIT-licensed.
Zero-config network forensics TUI for Linux & macOS. Decrypts TLS 1.3, fingerprints clients with JA4, hunts C2 beaconing, port scans and DNS tunneling — live, from one binary. A great dashboard too, but that part everything else already does.
brew install matthart1983/tap/netwatchTwelve tabs covering CPU, memory, disks, processes, GPU, power, services, and network — plus a Timeline scrubber and an Insights anomaly engine. The terminal you open when something feels off, before you reach for htop, iostat, nettop, and a notebook of one-liners. Sibling to netwatch.
cargo install syswatchEight tabs across devices, volumes, filesystems, IO, SMART, hot files, and insights — capacity trends, throughput, p99 latency, and the files being written right now. Read-only, no daemon. Sibling to netwatch and syswatch.
cargo install diskwatchA pure-Rust SSH client with a sharp, NetWatch-inspired TUI: up to 9 concurrent sessions, live remote host diagnostics (CPU, memory, disk, network — no agent install), fleet management, file transfer, and port forwarding. One terminal, multiple sessions, zero context switching.
cargo install esshSelf-contained interactive teaching decks — eBPF, the Linux network stack, kernel contribution, and Rust. Each runs in your browser: drive a simulation, step a state machine, decode the internals.
Builds eBPF from first principles up to NetWatch’s real aya kprobe — the VM, the verifier, maps and ring buffers, CO-RE — with drive-able simulations of the verifier, the issue-#38 timing bug, and the full connect()-to-process-name trace.
$ open ebpf-deep-dive — launch deck →A contributor walkthrough of the running system: the event loop, the DPI and TLS/QUIC decryption pipeline, eBPF attribution, the Landlock sandbox, the flight recorder, and the remote-publishing seam to the cloud.
$ open architecture-tour — launch deck →Follows a packet through every layer of the kernel: NIC/IRQ/NAPI, the sk_buff and struct sock, the RX and TX paths, netfilter’s five hooks, qdiscs, and the eBPF tap points. Drive the sk_buff pointers, step the TCP state machine, traverse the hooks.
$ open linux-network-stack — launch deck →The machinery of upstream kernel work: maintainer trees, the release cycle, the email-patch workflow, and surviving review. Explore the tree topology, scrub a release cycle, decode a patch email, and run the review gauntlet.
$ open linux-kernel-dev — launch deck →Rust’s hard part, made legible: ownership, borrowing, lifetimes, traits, errors, and fearless concurrency. Drive the borrow checker, scrub a lifetime, and watch a move invalidate a value — grounded in real NetWatch code.
$ open learning-rust — launch deck →Same agent, hosted dashboard.
Run the same 5 MB Rust agent. Get fleet-wide metrics, alerts, and 72-hour history without standing up your own backend.