Network Administration Tool for Device Discovery and Control
CutNet is a modern network administration tool inspired by NetCut. It provides a graphical interface for discovering devices on your network, managing connectivity through ARP-based controls, and protecting against ARP spoofing attacks.
CutNet addresses a specific problem: network administrators need a clear view of every device on their network and the ability to manage those connections without relying on complex command-line tools.
The tool scans your local network using ARP and ping techniques, presents discovered devices in a clean interface, and lets you block or allow specific devices with a single click. It also includes ARP spoofing protection, functioning as a modern replacement for NetCut Defender.
This is a desktop application built with Tauri 2, combining a lightweight Rust backend for raw network operations with a responsive React frontend.
- ARP Scanning: Discover all devices on your local network via ARP tables
- Ping Sweeping: Verify device responsiveness with ICMP ping
- Real-time Updates: Monitor device status changes as they happen
- MAC Address Lookup: Identify device manufacturers from MAC addresses
- Block/Unblock Devices: Control network access with ARP poisoning techniques
- Custom Naming: Assign friendly names to devices for easy identification
- Whitelist Management: Create protected device lists that cannot be blocked
- Session History: Log all device connections and block actions with timestamps
- ARP Spoof Protection: Detect and block ARP spoofing attacks on your network
- Protection Mode: Enable automatic defense against malicious ARP injections
- Whitelist Shield: Protected devices are immune to accidental or malicious blocks
- Dark/Light Mode: Toggle between themes or follow system preferences
- Responsive Design: Native-feeling application with platform-appropriate styling
- Real-time Status: Live device status indicators and connection monitoring
- Search and Filter: Quickly locate devices in large network environments
Screenshots coming soon. The application features a clean, modern interface with device cards showing IP address, MAC address, manufacturer, and connection status.
CutNet operates at the data link layer (Layer 2) of the network stack, working directly with MAC addresses and ARP (Address Resolution Protocol) tables.
Every device on a local network has two addresses: an IP address (Layer 3) and a MAC address (Layer 2). When devices communicate, they need to map IP addresses to MAC addresses. This mapping is stored in the ARP table.
ARP works like a phone book:
- Device A wants to send data to Device B (known by IP address)
- Device A broadcasts an ARP request: "Who has IP 192.168.1.100?"
- Device B responds with its MAC address
- Device A now knows where to send data
ARP poisoning (also called ARP spoofing) exploits the trust devices place in ARP responses. When you block a device with CutNet:
- CutNet sends a spoofed ARP response to the gateway claiming the target device's IP maps to a fake MAC address
- The gateway updates its ARP table with this false mapping
- Traffic intended for the target device goes nowhere, effectively blocking its network access
This technique works because ARP has no built-in authentication mechanism. Devices accept ARP responses without verification.
CutNet's protection mode works in reverse:
- CutNet monitors incoming ARP responses on the network
- If it detects an ARP entry that conflicts with your whitelist, it blocks the spoofed response
- Your device's ARP table remains correct, preventing man-in-the-middle attacks
Download the latest release for your platform from the Releases page.
| Platform | Installer | Notes |
|---|---|---|
| Windows | .exe installer, .msi |
Requires Npcap driver |
| macOS | .dmg |
Native BSD sockets, no extra drivers |
| Linux | .deb, .rpm, .AppImage |
Requires raw socket permissions |
- Download
CutNet-x.x.x.dmgfrom the releases page - Open the DMG file
- Drag CutNet to your Applications folder
- On first launch, right-click and select "Open" to bypass Gatekeeper restrictions
- Grant administrative privileges when prompted (required for network operations)
- Download
CutNet-x.x.x.exeorCutNet-x.x.x.msi - Run the installer
- Install Npcap when prompted (required for raw socket access)
- Download from npcap.com if not included
- Ensure "WinPcap API-compatible Mode" is enabled during installation
- Launch CutNet with administrator privileges
chmod +x CutNet-x.x.x.AppImage
./CutNet-x.x.x.AppImage# Debian/Ubuntu
sudo dpkg -i cutnet-x.x.x.deb
sudo apt-get install -f # Install dependencies if needed
# Fedora/RHEL
sudo rpm -i cutnet-x.x.x.rpmOn Linux, you need to grant raw socket capabilities:
sudo setcap 'cap_net_raw,cap_net_admin=eip' /usr/bin/cutnetOr run as root (not recommended for daily use):
sudo cutnet| Requirement | Version | Notes |
|---|---|---|
| Node.js | 18+ | LTS recommended |
| Bun | 1.0+ | Preferred package manager |
| Rust | 1.70+ | Required for Tauri backend |
| Cargo | latest | Comes with Rust |
Platform-specific requirements:
- macOS: Xcode Command Line Tools
- Windows: Visual Studio Build Tools, Npcap SDK
- Linux:
libssl-dev,pkg-config,build-essential
- Clone the repository:
git clone https://github.com/encore/cutnet.git
cd cutnet- Install frontend dependencies:
bun install- Verify the development environment:
bun run tauri devThis starts the Vite development server and compiles the Rust backend. The application window opens automatically when ready.
# Development
bun run dev # Start Vite dev server only
bun run tauri dev # Start full Tauri development environment
# Build
bun run build # Build frontend only
bun run tauri build # Build complete application for distribution
# Frontend Tools
bun run tauri lint # Lint frontend code
npx tsc --noEmit # Type check TypeScriptcutnet/
├── src/ # React frontend source
│ ├── components/ # React components
│ ├── hooks/ # Custom React hooks
│ ├── lib/ # Utilities and helpers
│ ├── stores/ # Zustand state stores
│ └── styles/ # Global styles
├── src-tauri/ # Rust backend source
│ ├── src/
│ │ ├── main.rs # Application entry point
│ │ ├── lib.rs # Library exports
│ │ └── commands/ # Tauri commands
│ ├── Cargo.toml # Rust dependencies
│ └── tauri.conf.json # Tauri configuration
├── package.json
└── vite.config.ts
CutNet uses native BSD sockets on macOS, eliminating the need for Npcap or WinPcap. The application requires administrator privileges to open raw sockets for network scanning and ARP manipulation.
On macOS 10.15 (Catalina) and later, the application is sandboxed by default. Grant full disk access in System Preferences > Security & Privacy > Privacy > Full Disk Access if scanning fails to discover all devices.
Windows requires the Npcap driver for raw socket operations. During installation, ensure the Npcap installer runs and configures WinPcap API compatibility.
If you encounter permission errors:
- Right-click CutNet in the Start menu
- Select "Run as administrator"
- Confirm the UAC prompt
Npcap must be installed separately if not bundled with the installer.
Linux raw socket access requires either:
-
setcap (Recommended):
sudo setcap 'cap_net_raw,cap_net_admin=eip' /path/to/cutnet -
sudo (Not recommended for regular use):
sudo /path/to/cutnet
Firewall tools like ufw may interfere with ARP operations. Consider adding rules to allow traffic on the relevant interfaces.
On first launch, CutNet requests administrator privileges. This is required for raw socket operations. Grant access to proceed.
The main window shows your network overview and begins scanning automatically.
- Click the "Scan" button or press
Ctrl+R/Cmd+R - Wait for the scan to complete (typically 5-30 seconds depending on network size)
- View discovered devices in the device list
Devices are sorted by IP address by default. Click column headers to sort by name, MAC address, or status.
- Select the device from the list
- Click the "Block" button
- Confirm the action when prompted
- The device status changes to "Blocked"
Blocked devices cannot access the internet or local network resources through the gateway. This effect persists until you unblock the device or restart the network service.
- Select the blocked device (filter by "Blocked" status if needed)
- Click the "Unblock" button
- The device regains network access immediately
- Go to Settings > Whitelist
- Click "Add Device"
- Select a device from your discovered list or enter MAC/IP manually
- Enable "Protection Mode" to auto-block ARP spoofing attempts
Whitelisted devices display a shield icon and cannot be blocked accidentally.
- Click the edit icon next to any device name
- Enter a friendly name (e.g., "Living Room TV")
- Press Enter or click outside to save
Custom names persist across sessions.
- Go to Settings > Security
- Toggle "Protection Mode" on
- Select devices to protect from your whitelist
- CutNet monitors ARP traffic and blocks spoofing attempts automatically
- Verify you have administrator privileges
- Check that your network connection is active
- Disable VPN if enabled (VPNs can prevent local network scanning)
- On Windows, ensure Npcap is installed and running
- Some devices ignore ARP requests by default (notably some IoT devices)
- Try disabling the device's firewall temporarily
- Ensure the device is on the same subnet as your machine
- macOS: Grant Full Disk Access in System Preferences
- Windows: Run as administrator
- Linux: Run
sudo setcapas described above
- Check the log files in
~/.cutnet/logs/(Linux/macOS) or%APPDATA%\CutNet\logs\(Windows) - Report the issue on GitHub with log contents
- Try reinstalling the application
Scanning is CPU-intensive by design, especially on large networks. Consider reducing scan frequency in Settings.
Some devices may have alternative routing paths. CutNet specifically blocks traffic through the default gateway, but devices with static routes or peer-to-peer connections may remain reachable.
CutNet operates entirely locally:
- No data is sent to external servers
- No usage analytics or telemetry
- Network scan results are stored locally in your user directory
- Session logs remain on your machine
Data is stored in platform-specific directories:
- macOS:
~/Library/Application Support/CutNet/ - Windows:
%APPDATA%\CutNet\ - Linux:
~/.config/cutnet/
Stored data includes:
- Device discovery cache
- Custom device names
- Whitelist entries
- Session history logs
CutNet only manipulates ARP tables on your local network segment. It cannot:
- Access devices outside your local network
- Intercept or read network traffic content
- Exfiltrate data from your machines
- Be used as a remote access trojan
The tool is designed for legitimate network administration on networks you own or manage.
Contributions are welcome. Before submitting pull requests, review these guidelines.
- TypeScript: Follow the existing formatting. Run
npx tsc --noEmitbefore committing. - Rust: Run
cargo fmtbefore committing. Follow Rust idioms and ownership patterns. - CSS: Use TailwindCSS utility classes. Avoid inline styles.
Use conventional commit format:
feat: add device sorting by name
fix: resolve scan timeout on large networks
docs: update installation instructions for Linux
- Fork the repository
- Create a feature branch from
main - Make your changes with clear, focused commits
- Ensure all checks pass (type checking, linting, build)
- Submit a pull request with a clear description of changes
Include the following in bug reports:
- Platform and OS version
- Steps to reproduce
- Expected vs actual behavior
- Log files (if applicable)
Feature requests are welcome. Open an issue to discuss before implementing major changes.
CutNet is intended for legitimate network administration only.
Using this tool on networks you do not own or have explicit written permission to manage may violate:
- Local, state, national, or international laws
- Computer fraud and abuse laws
- Terms of service agreements with your ISP or network provider
The authors of CutNet are not responsible for misuse of this software. You are solely responsible for ensuring your use complies with all applicable laws and regulations.
Network administration tools of this type are commonly used by:
- IT administrators managing corporate networks
- Security professionals conducting authorized assessments
- Home users managing their own home networks
- Penetration testers with explicit written authorization
If you are uncertain whether your intended use is legal, consult a legal professional before proceeding.
CutNet is released under the MIT License.
Copyright (c) 2024 Encore
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
CutNet draws inspiration from:
- NetCut (by Amanda Make) for pioneering accessible ARP-based network management
- NetCut Defender for demonstrating personal network protection
This project stands on the shoulders of open-source giants:
- Tauri for the efficient desktop framework
- React and the React team for the UI foundation
- Rust and the Rust team for safe systems programming
- TailwindCSS for utility-first CSS
- shadcn/ui for accessible component patterns
- All contributors to the dependencies that make this project possible