Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/pythops/oryx/llms.txt

Use this file to discover all available pages before exploring further.

Oryx is a lightweight, high-performance terminal UI that uses eBPF to capture and inspect network traffic directly in your terminal. It gives sysadmins and security engineers real-time visibility into packets flowing through every interface, with built-in firewall controls, traffic statistics, and attack detection — all without leaving the command line.

Installation

Install Oryx via package manager or build from source on Linux.

Quickstart

Start sniffing traffic in under two minutes with a single command.

Key bindings

Learn every keyboard shortcut to navigate Oryx efficiently.

Firewall

Create and manage eBPF-backed firewall rules from the terminal.

What Oryx does

Oryx attaches eBPF programs to your network interfaces and streams packet data into a responsive TUI built with Ratatui. Every packet is decoded in real time — no pcap files, no post-processing.

Packet inspection

Browse live packets with source/destination IPs, ports, protocol, and process ID.

Traffic statistics

Protocol breakdowns, bandwidth graphs, and top-10 visited addresses.

Metrics explorer

Custom port-range counters for TCP and UDP traffic.

Firewall rules

Block traffic by IP, port, and direction with toggleable rules.

Threat alerts

Automatic SYN flood detection with visual alerts.

Capture export

Save captured packets to a timestamped file for offline analysis.

Supported protocols

Oryx decodes packets across all major network layers:
  • Transport: TCP, UDP, SCTP
  • Network: IPv4, IPv6, ICMPv4, ICMPv6, IGMP (v1, v2, v3)
  • Link: ARP

Protocol reference

Full breakdown of every supported protocol and what Oryx captures for each.

Get started

1

Install Oryx

Download a pre-built binary from the releases page, install via pacman on Arch Linux, or build from source.
2

Run with root privileges

eBPF programs require root access to attach to network interfaces.
sudo oryx
3

Select an interface and filters

Use Space to select a network interface and choose the protocols you want to capture, then press f to apply your filters.
4

Explore your traffic

Navigate between the Inspection, Firewall, Stats, Metrics, and Alert sections using Tab or Shift+Tab.
Oryx requires Linux kernel 6.10 or higher for full feature support. On Debian or Ubuntu, ensure you’re running Debian 13 (Trixie) or Ubuntu 24.04 (Noble) or newer.

Build docs developers (and LLMs) love

Get started for freeTalk to us