Oryx is a terminal UI for real-time network packet inspection built on eBPF. It attaches eBPF programs directly to your network interfaces and streams decoded packet data into a responsive terminal interface — no pcap files, no agents, no post-processing. Oryx is aimed at sysadmins, network engineers, and security practitioners who need immediate, low-overhead visibility into traffic on a Linux host without leaving the command line. eBPF runs sandboxed programs inside the Linux kernel at near-native speed, which means Oryx can inspect every packet in real time with minimal CPU overhead. Unlike traditional tools that copy packets to user space for filtering, Oryx pushes filters down into the kernel itself, so only the traffic you care about ever leaves the eBPF program.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/pythops/oryx/llms.txt
Use this file to discover all available pages before exploring further.
Installation
Install via pre-built binary, Arch Linux pacman, or build from source.
Quickstart
Start capturing traffic in under five minutes with a single command.
Key bindings
Every keyboard shortcut for navigating and controlling Oryx.
Features
Packet inspection, firewall rules, traffic statistics, and more.
Key features
Real-time inspection
Browse live packets with source and destination IPs, ports, protocol, and — for egress traffic — the originating process ID.
Traffic statistics
Protocol breakdowns, bandwidth graphs, and a top-10 list of contacted addresses.
Metrics explorer
Define custom port-range counters to track TCP and UDP traffic volumes over time.
Firewall rules
Create, toggle, edit, and persist eBPF-backed firewall rules by IP, port, and direction.
Threat alerts
Automatic SYN flood detection with in-TUI visual alerts.
Capture export
Save a timestamped capture to
~/oryx/capture for offline analysis.Supported protocols
Oryx decodes packets across all major network layers:- Transport: TCP, UDP, SCTP
- Network: IPv4, IPv6, ICMPv4, ICMPv6, IGMP (v1, v2, v3)
- Link: ARP