a fully offline, per-process network monitor for linux, built on ebpf.
netpeek is a fully offline, per-process network monitor for Linux. It loads eBPF programs into the kernel networking path and attributes every connection, byte, and packet back to the process responsible, so you can see exactly what each program on a host is talking to.
It runs entirely on the box as a terminal app (sudo python3 -m netpeek): no agent, no cloud, no telemetry ever leaves the machine. A bcc-based capture layer hooks socket and TCP/UDP events while a Python frontend aggregates them into a live per-process view, which makes it handy for catching unexpected egress on hosts where shipping data to a third-party observability service is not an option.