Somo: A Friendlier Netstat Alternative

Somo, created by Theodor “Theo” Peifer, is a Rust-based, open-source utility designed to make socket and port monitoring on Linux more intuitive and visually appealing With 1.3 k GitHub stars and 35 forks, it’s quickly becoming a community favorite

Moving beyond the complexity of classic commands like netstat -tulpn, Somo offers a clean, human-friendly interface—prompting users to swap "half the characters" with somo -l for faster, clearer results

Key Features at a Glance

• Beautiful Table View
  Somo replaces dense command output with clean, aligned columns for protocol, local/remote addresses, ports, PID, and process name
• Flexible Filtering
  Filters are intuitive: by protocol (--proto tcp|udp), remote/local port (--port, --local-port), IP (--ip), program name (--program), PID (--pid), and connection type (--open, --listen, --exclude-ipv6)
• Kill Processes Interactively
  The --kill (-k) flag lets you select and terminate processes interacting with sockets—right from the table
• AbuseIPDB Integration
  Add an environment variable ABUSEIPDB_API_KEY, then use --check (-c) to flag potentially malicious remote IPs using AbuseIPDB's API
• Shell Completions
  Comes with built-in shell completions for bash, zsh, fish, and elvish—easily accessed via somo generate-completions <shell>

Installation Made Easy

Somo supports three main install methods:

Debian (via releases)
Grab the latest .deb from the GitHub releases page and install.

Cargo (Rust)

1cargo install somo 
2sudo ln -s ~/.cargo/bin/somo /usr/local/bin/somo 
3sudo somo

Nix Flakes

1nix build 'github:theopfr/somo?dir=nix' 
2sudo ./result/bin/somo

Real-World Feedback & Community Reactions

• A user on r/rust appreciated its simplicity:

“Nothing special, just netstat with a lighter and prettier interface.”

• Replies confirm the flags are clear and effective—e.g., -l shows listening sockets
• On Hacker News, it earned over 100 upvotes:

“Show HN: Somo – a human friendly alternative to netstat”

Under the Hood

Somo is built in Rust (~97%), with some Nix (~3%) . It uses:

• clap for CLI parsing
• procfs for kernel /proc interaction
• inquire for interactive prompts
• reqwest + serde_json for API calls
• termimad and terminal_size for text layout

CI pipelines include formatting, linting, Nix packaging, and release workflows—with version 1.0.0 released June 4, 2025 .

Why Somo?

Clarity over verbosity:
A visually appealing table helps users quickly parse socket information.

Powerful, minimal commands:
Tasks you’d accomplish with complex netstat flags are now just somo -l or somo -p 80.

Advanced features:
Interactive killing and IP threat checks turn Somo into a lightweight monitoring and triage tool.

Rust-powered robustness:
Somo leverages Rust for safety, concurrency, and performance.

Getting Started

Check out the GitHub repo to download and explore further. Whether you're troubleshooting your next suspicious connection or just want cleaner output, Somo is a great addition to any sysadmin or developer toolkit.

Final Thoughts

Somo fills a gap in the Linux networking toolkit: offering simplicity and elegance without sacrificing functionality. Especially in environments where clarity and security matter, this tool proves that command-line utilities can be both powerful and pleasant to use.

Give Somo a spin—and enjoy monitoring with style.