Lightweight, fast CLI tool written in Go to monitor open ports and inspect the processes using them.
- Built with Go
- Fast and lightweight
- Designed as a CLI tool
- Systemd-friendly
- Minimal dependencies
- Identify the process bound to each port
- View process information (PID, port, etc.)
- Kill a process directly from the CLI
- See how many connections hit a specific port
- Resource usage monitoring (CPU, memory)
- Better tracking of how many clients hit a port
- Improved statistics and summaries
- Go 1.20+
- Linux
- Root privileges (required for eBPF and low-level system access)
internals/
├── ebpf/
│ ├── C source files for eBPF programs
│ └── Compiled eBPF object files
│
├── loadebpf/
│ └── Loads eBPF object files and pins them to the kernel
│
├── process/
│ └── Reads data from pinned maps to identify processes
zpuses eBPF programs to hook into kernel-level networking events such as socket creation and port binding.- These eBPF programs collect lightweight metadata (PID, port, protocol, etc.) without affecting system performance.
- Collected data is stored inside eBPF maps, which are pinned to the kernel so they persist independently of the CLI process.
- The Go CLI attaches to these pinned maps and reads data without reloading the eBPF programs.
- By correlating socket information with process IDs,
zpcan identify which process is using a specific port. - Optional actions like killing a process are executed safely from user space based on this data.
This design allows zp to be fast, safe, and suitable for long-running system monitoring.
Note: Installation will be simplified in future releases.
For now, build from source:
git clone https://github.com/moundher122/zp.git
cd zp
go build -o zpRun the CLI:
sudo ./zpDisplay help:
sudo ./zp --helpRoot access is required to load and read eBPF programs.
Run locally:
sudo go run .Format code:
go fmt ./...For detailed architecture information, please refer to Architecture.md.
MIT License