httpinspect
topfor the HTTP endpoints on your host.
Every plaintext HTTP request crossing the box — decoded off the wire and ranked live in your terminal by traffic, rate, and latency. No proxy, no sidecar, no app changes. Reads requests from inside the kernel's TC layer, so there's nothing to point traffic through and no app to reconfigure.
Running
yeet run github:yeet-src/httpinspect
Source
yeet-src/httpinspect on GitHub.
How it works
httpinspect attaches a BPF program at the TC layer that copies inbound TCP segments carrying an HTTP request line into a ring buffer. The JS side reassembles segments per flow, parses the request line and Host header, and aggregates by endpoint — updating the live table on each tick. Responses are paired FIFO per flow to compute on-the-wire latency. Loopback packets are de-duplicated on 4-tuple + sequence number so connections to localhost aren't double-counted.
Limitations
- Only plaintext HTTP is visible — HTTPS payloads are ciphertext at the TC layer.
- Latency is on-the-wire (request segment → response segment), not server-internal processing time.
- Counts are a close lower bound; segments may be missed under heavy load.
- IPv6 packets behind extension-header chains are skipped.