proc-trace-net
Three ways to get a binary โ pick the one that fits your setup.
No local Go install required. Produces static binaries for amd64 and arm64 in one command via build.sh.
One line with a local Go install. Output is a native binary for your current platform.
Fully static with CGO_ENABLED=0. Copy the binary to any Linux system of the same architecture โ no runtime dependencies.
proc-trace-net uses the Linux conntrack netlink socket โ a standard kernel interface available on virtually every modern distribution that runs Docker, iptables, or nftables.
| Requirement | Details | Status |
|---|---|---|
| Linux kernel ≥ 3.6 | conntrack multicast groups stable since 3.x. Any distro running Docker or iptables qualifies. | โ universal |
| CONFIG_NF_CONNTRACK=y | Standard on Ubuntu, Debian, Fedora, RHEL, Arch, Alpine โ any system using iptables/nftables/Docker. | โ default on |
| CAP_NET_ADMIN | Required to bind the conntrack netlink socket. Run as root, or grant with setcap. |
โ root / setcap |
| Go 1.22+ | Only needed for the from-source build methods. The Docker build uses golang:1.22-alpine internally. |
โ optional |
| Docker | Only needed for the build.sh Docker method. Any recent Docker Engine with buildx support works. |
โ optional |
build.sh
Clones the repo, runs the build inside a golang:1.22-alpine container, and drops two static binaries
into ./dist/ โ no local Go toolchain needed.
build.sh script.build.sh executable and run it./dist//usr/local/bin/ or wherever you like.# Clone โฏ git clone https://github.com/binRick/proc-trace-net.git โฏ cd proc-trace-net # Build โฏ chmod +x build.sh โฏ ./build.sh Building proc-trace-net ... โ linux/amd64 โ linux/arm64 Done. Binaries in ./dist/: proc-trace-net-linux-amd64 (3.8 MB) proc-trace-net-linux-arm64 (3.6 MB) # Install โฏ sudo cp dist/proc-trace-net-linux-amd64 /usr/local/bin/proc-trace-net โฏ proc-trace-net -h ๐ proc-trace-net dev โ system-wide network connection tracer for Linux
If you already have Go 1.22+ installed, this is the fastest path. Use CGO_ENABLED=0 and strip flags
for a fully static binary with no runtime dependencies.
โฏ git clone https://github.com/binRick/proc-trace-net.git โฏ cd proc-trace-net โฏ CGO_ENABLED=0 go build -ldflags="-s -w" -o proc-trace-net . โฏ sudo mv proc-trace-net /usr/local/bin/ # Confirm: no dynamic libraries โฏ file proc-trace-net proc-trace-net: ELF 64-bit LSB executable, x86-64, statically linked, stripped
Go's built-in cross-compilation support makes it trivial to build binaries for other Linux architectures.
Set GOOS and GOARCH before building.
| Target | GOOS | GOARCH | Command |
|---|---|---|---|
| Linux x86-64 | linux |
amd64 |
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o proc-trace-net-linux-amd64 . |
| Linux arm64 | linux |
arm64 |
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-s -w" -o proc-trace-net-linux-arm64 . |
Note: proc-trace-net uses NETLINK_NETFILTER which is Linux-specific.
Cross-compiling for non-Linux targets will succeed but the binary will not run.
The recommended build uses a specific set of Go flags. Here's what each one does.
-s strips the symbol table; -w strips DWARF debug information. Together they reduce binary size by ~30% with no impact on runtime behavior.
CAP_NET_ADMIN with setcapInstead of running as root every time, you can grant the specific capability the tool needs. The binary will be usable by any user on the system.
# Grant the capability (one-time, as root) โฏ sudo setcap cap_net_admin+eip /usr/local/bin/proc-trace-net # Verify โฏ getcap /usr/local/bin/proc-trace-net /usr/local/bin/proc-trace-net cap_net_admin=eip # Now run as a normal user โฏ proc-trace-net -ct 3892 curl TCP 10.0.2.15:54321 โ 93.184.216.34:443