Real-Time Network Observability

See Every
Connection.

CONNEX gives you total visibility into every network connection, routing table, interface, and protocol — all in real time. No blind spots. No guesswork. Just pure, unfiltered network intelligence.

Start Free Trial See Demo
10M+ Connections Tracked Daily
<1ms Scan Latency
6 Protocol Layers
Features

Every Flag. Every Protocol.
Total Network Mastery.

CONNEX surfaces every connection, every socket, every route — with surgical precision. Here's what ships out of the box.

📡

TCP Telescope™

Zoom into every TCP connection with -t. See established sessions, SYN states, FIN_WAIT queues — the full lifecycle of every handshake on your infrastructure.

🌊

UDP Sonar™

Fire-and-forget protocols deserve first-class observability. Our -u engine maps every UDP datagram path across your entire fleet.

👂

Listener Detection Engine™

Instantly surface every listening socket with -l. Know exactly what's open, what's waiting, and what's exposed — before attackers do.

🔭

Total Visibility Mode™

Enable -a and see everything — listening and non-listening sockets, established connections, TIME_WAIT remnants. Zero blind spots.

🔢

Raw Address Intelligence™

Skip the DNS overhead. -n delivers raw numeric addresses and ports at wire speed. Sub-millisecond resolution for when every nanosecond counts.

🎯

Process Attribution™

Know exactly which process owns which socket. -p maps PID-to-connection, giving you the kill chain from process to port to protocol.

🗺️

Route Mapping™

Visualize your entire routing topology with -r. Gateways, genmasks, flags, interfaces — your kernel routing table, surfaced as actionable intelligence.

📊

Protocol Analytics Dashboard™

Deep-dive into per-protocol statistics with -s. TCP segments, UDP packets, IP forwarding rates — SNMP-level telemetry at your fingertips.

How It Works

From Zero to Total Observability

Three steps. No agents. No configuration files. Just plug in and see.

01

Select Your Scope

Choose your protocol layer — TCP, UDP, raw sockets, or all of the above. Filter by IPv4 (-4) or IPv6 (-6). Set your address family and go.

02

Engage Continuous Stream

Activate -c for real-time continuous monitoring. CONNEX refreshes your connection state every second, streaming live updates as your network evolves.

03

Go Wide & Go Deep

Enable -W for panoramic wide output — no truncated addresses. Stack -e twice for maximum extended detail. Cross-reference with -p for full process-to-port attribution.

04

Ship Insights

Export interface statistics (-i), routing tables (-r), multicast groups (-g), and protocol stats (-s) into your observability stack. Done.

Live Connection Graph

Your Network, Visualized.

Watch connections form and dissolve in real time. Every node is a socket. Every line is a live connection.

ESTABLISHED
LISTEN
TIME_WAIT
SYN_SENT
Connection Explorer

Every Socket. Sorted. Filtered. Owned.

Click any column header to sort. This is what Total Visibility Mode looks like in production.

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
Protocol Analytics

SNMP-Grade Telemetry.

Per-protocol statistics powered by our -s engine. The insights your network team has been begging for.

TCP

Active Openings0
Passive Openings0
Failed Attempts0
Segments Received0
Segments Sent0
Retransmitted0

UDP

Packets Received0
Unknown Port0
Receive Errors0
Packets Sent0

IP

Total Received0
Forwarded0
Discarded0
Delivered0
Requests Out0
0%

of production servers run CONNEX for real-time socket visibility

0

protocol layers monitored simultaneously — TCP, UDP, UDPLite, SCTP, raw, and UNIX domain

0

connection states tracked from SYN_SENT to TIME_WAIT and everything between

0

billion sockets scanned per day across our customer base

See It In Action

One Command. Infinite Insight.

connex — real-time network observability 
$ connex -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      5678/postgres
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9012/nginx
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      9012/nginx
tcp6       0      0 :::3000                 :::*                    LISTEN      3456/node
tcp6       0      0 :::8080                 :::*                    LISTEN      7890/java
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2345/dhclient
udp        0      0 0.0.0.0:123             0.0.0.0:*                           6789/ntpd
Pricing

Start Free. Scale Infinitely.

Every tier unlocks more protocol layers, more connection states, and deeper observability. No hidden fees.

Observer
$0/mo

Basic socket visibility for solo developers

  • TCP connections only (-t)
  • 10 scans per day
  • Numeric mode only (-n)
  • No process attribution
  • Single protocol statistics
Get Started
Most Popular
Operator
$29/mo

Full-spectrum observability for serious operators

  • All protocols: TCP, UDP, raw (-t -u -w)
  • Unlimited scans
  • Listening + All modes (-l -a)
  • Process Attribution™ (-p)
  • Continuous Stream™ (-c)
  • Route Mapping™ (-r)
  • Extended info (-e)
Start Free Trial
Command Center
$79/seat/mo

Team-wide network intelligence with full audit trails

  • Everything in Operator
  • Interface Analytics™ (-i)
  • Protocol Analytics Dashboard™ (-s)
  • Multicast Group Discovery™ (-g)
  • Panoramic View™ (-W)
  • IPv4/IPv6 dual-stack (-4 -6)
  • Team dashboards & SSO
Start Trial
Sovereign
Custom

Dedicated network observability for mission-critical infrastructure

  • Everything in Command Center
  • Masquerade tracking (-M)
  • Double-extended deep dive (-ee)
  • Timer introspection (-o)
  • SELinux context (-Z)
  • Dedicated support & SLA
  • Custom integrations & on-prem
Contact Sales
Trusted By Operators

What Our Customers Say.

"We were flying blind on socket states. CONNEX's Total Visibility Mode gave us the connection-level observability we'd been trying to build internally for months. The Process Attribution feature alone saved our on-call team countless hours of debugging."

Ivan Ramirez
Ivan Ramirez VP Infrastructure, ScaleForge

"I just run connex -tulnp and I know exactly what's listening on every port, which process owns it, and whether something unauthorized is open. It's become the first thing I check in every incident response runbook."

James Patel
James Patel Security Engineer, NullSec Labs

"The Protocol Analytics Dashboard changed how we think about capacity planning. Seeing TCP retransmit rates and UDP packet loss in real time — that's the kind of telemetry that actually moves the needle on SLAs."

Eren Okonkwo
Eren Okonkwo CTO, DataMesh

"Continuous Stream mode is genuinely addictive. We pipe CONNEX output into our alerting stack and catch connection anomalies within seconds. Route Mapping is the cherry on top — we deprecated three internal tools after adopting it."

Simon Whitfield
Simon Whitfield SRE Lead, CloudPeak
FAQ

Questions? Answers.

CONNEX supports TCP, UDP, UDPLite, SCTP, raw sockets, UNIX domain sockets, Bluetooth (L2CAP and RFCOMM), IPX, AX.25, NET/ROM, DDP (AppleTalk), and more. Use protocol-specific flags like --tcp, --udp, --raw, or specify address families with -A for surgical precision.

Absolutely. Our Process Attribution™ engine (-p) shows the PID and program name for every socket. You'll need elevated privileges for sockets owned by other users — CONNEX respects your security model while delivering maximum visibility.

Yes — Continuous Stream™ (-c) prints your selected information every second, refreshing automatically. Pair it with -tulnp for a live dashboard of every listening TCP and UDP socket with process attribution. It's the closest thing to a network heartbeat monitor.

By default, CONNEX optimizes for terminal width. Enable Panoramic View™ (-W) for full, untruncated addresses — as wide as needed. Pair with -n for raw numeric output without DNS resolution overhead.

Of course. CONNEX reads directly from your kernel's networking subsystem — /proc/net/tcp, /proc/net/udp, /proc/net/unix, and more. No external API calls. No cloud dependency. Your network data never leaves your machine.

Backed by mandō

See mandō's portfolio →

Lyst Drift Locus Repliq Portage Voidal Scaffold Vøid Imprint Concat Stratum Folio Topline Tailstream Sieve Seekr Rewrite Trellis Sortable SINGULR Census Slice Morph FanOut Argonaut Reverb Formatik Epoch Solstice IDENT Signum Quorum Pulsar Overseer Terminus PURGE Dispatch Sotto Limelight Persist Vantage Canopy Attaché Détaché Tether Aegis CLAIMR Cohort Archivex Deflate Unravel ArcVault XTRAKT Conduit Fetch VaultLink Teleport DeltaSync Heartbeat Hopscotch Resolver Namesake Uplink AFFIRMATIV CONNEX Callsign Milieu Propagate Sourcery Persona SEVER Chronicle Codex Relevance Resolv Nomenclature MAGIQ Intrinsic Diverge Patchwork VIGIL Breeze Cadence Kronos Atelier SUPRA Mandate Turnkey Accession Reforge Collective PipeForge Netweave Panoptik Substrate Repose Verity FAULTR Provenance Chrono