Netactview – Graphical Network Activity Viewer

Netactview is a graphical network connections viewer for Linux, similar in functionality with Netstat. It includes features like process information, host name retrieval, automatic refresh, sorting, filtering and csv file save. It has a fully featured GTK 2 graphical interface.

Netactview - Network Activity Viewer
Netactview – Network Activity Viewer

The tool support the following features:

  • Shows all udp, tcp, udp6 and tcp6 network connections in an automatically refreshed list.
  • The presented information includes protocol names, addresses, ports and connection states along with host names and process information.
  • The connections list can be sorted by any of its columns.
  • The connections list can be filtered.
  • Refresh rates ranging from 1/16 to 4 seconds, or no automatic refresh can be selected.
  • Connections can be seen for 3 seconds after they are closed giving you the chance to spot connections that last very little time.
  • The unestablished connections can be filtered out.
  • Multiple connections list snapshots can be saved in a formatted text file or in a csv file.

Any column can be sorted in netactview by clicking on it’s header. The sorting rule applied depends on the type of column.

  • protocol, state, program and command are sorted alphabetically
  • local port, remote port and pid are sorted considering their numerical integer value
  • local address and remote address are sorted considering their numerical address value
  • local host and remote host use a special sorting so that domains are grouped together.

The tool will be useful to run threat hunting and malicious process investigation. You can read more and download this tool over here: http://netactview.sourceforge.net/index.html

Share