dialout

tcpdump for intent. What is this box dialing, and why?

dialout is a live egress monitor that catches every outbound TCP connection in the kernel and groups it by the process that dialed it, flagging connections that leave the private network. The hook sits at fexit/tcp_connect — the single protocol-agnostic function where the kernel queues the SYN for both IPv4 and IPv6 — so one probe captures the full four-tuple and process lineage for every connection.

Running

yeet run github:yeet-src/dialout

Sort and filter:

yeet run github:yeet-src/dialout -- --sort dials                             # most-dialed first
yeet run github:yeet-src/dialout -- --once --secs 5 | less -R               # 5-second snapshot
yeet run github:yeet-src/dialout/dump.js | jq -c 'select(.public)'          # NDJSON, public only

Source

yeet-src/dialout on GitHub.

Running​

Source​

Running

Source