Skip to content

v0.3.0 — Unknown Traffic Enrichment

Choose a tag to compare

View all tags
@XuanLee-HEALER XuanLee-HEALER released this 20 Feb 04:07
· 22 commits to main since this release
v0.3.0
8394333

What's New

Non-root netoproc cannot see other users' process sockets on macOS, so system daemon traffic is lumped under "unknown". This release enriches that unknown traffic so users can infer what it is.

Features

  • Port & IP annotations: Automatically labels connections with human-readable names (e.g., "Apple Push/iCloud - HTTPS", "Google DNS", "local network - DNS")
  • Per-remote-address grouping: Unknown traffic is broken down by remote address with individual byte counts
  • Async reverse DNS: Resolves remote IP addresses to hostnames in the background (disable with --no-dns)
  • Pretty output sub-rows: --format pretty now shows indented detail rows under the unknown aggregate (top 10 by traffic)
  • TUI unknown details: Monitor mode renders unknown sub-rows with dimmed styling

Backward Compatibility

  • TSV and JSON output formats are unchanged — no breaking changes
  • Enrichment detail only appears in --format pretty and TUI mode

New Files

  • src/enrichment/ — annotation and DNS resolution module
  • tests/enrichment_integration.rs — 28 integration tests

Dependencies

  • Added dns-lookup = "2" for reverse DNS resolution

Full Changelog: v0.2.0...v0.3.0

Assets 2
Loading