net-use 0.1.0

Monitor per-app network connections on macOS via proc_pidfdinfo, with TUI and CLI modes for building firewall whitelists
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

# net-use

[中文](README.zh-CN.md)

A per-app network connection monitor for macOS. Uses `proc_pidfdinfo` to track all TCP/UDP remote IPs of a target app and its entire process tree in real time, outputting a deduplicated address list — ideal for building firewall whitelists.

## Features

- Monitor the full process tree of a target app (including all child processes)
- Aggregate IPv4 addresses into /24 subnets; keep full IPv6 addresses
- Automatic deduplication — only newly discovered addresses are reported
- TUI interactive mode: browse installed apps, filter, and view live monitoring results
- CLI mode: plain text output, pipe-friendly for files or other commands
- Monitor apps that haven't started yet — collection begins automatically on launch
- Preserve data after app exit, accumulate on restart
- One-key export to file (`E`) or copy to clipboard (`C`)

## Installation

Requires Rust 1.85+ (edition 2024).

```bash
cargo install net-use
```

Or build from source:

```bash
cargo build --release
```

The binary will be at `target/release/net-use`.

## Usage

Root privileges are required to read process socket information.

### TUI Mode

```bash
sudo net-use
```

Launches an app selection screen where you can type to filter, then press Enter to start monitoring.

Keybindings:

- `E` — Export address list to file
- `C` — Copy address list to clipboard
- `Esc` — Return to app selection
- `Q` — Quit

### CLI Mode

```bash
# Monitor by Bundle ID
sudo net-use --bundle com.google.Chrome --no-tui

# Monitor by process name
sudo net-use --name curl --no-tui

# Monitor by PID
sudo net-use --pid 1234 --no-tui

# Output to file
sudo net-use --bundle com.google.Chrome --no-tui > chrome-ips.txt
```

Example output:

```
142.250.80.0/24
172.217.14.0/24
2607:f8b0:4004:800::200e
```

## How It Works

1. Locate the target process via `proc_listallpids` and `proc_pidpath`
2. Recursively discover the full child process tree via `proc_listchildpids`
3. Poll every 200ms, enumerating all socket file descriptors with `proc_pidfdinfo(PROC_PIDFDSOCKETINFO)`
4. Extract remote IP addresses, filter out loopback and link-local, deduplicate, and output

## Limitations

- macOS only
- Requires root privileges (`sudo`)
- Very short-lived connections may be missed at the 200ms polling interval
- XPC services launched via launchd may not appear in the process tree

## License

MIT