Little Snitch tattles on OS X processes

Want to know what's connecting to what under OS X? Little Snitch will snitch.

Knowing what's going on "under the hood" on your computer has become orders of magnitude harder every year. Where once on every PC operating system there were a handful of processes to keep track of there's now literally thousands and tracking which external resource each one is connecting to or what's trying to connect to processes on your computer has become a major undertaking.

Unfortunately, if you're serious about security or you think you have a problem such as a malware infection then you're going to have to bring out the big guns and in this case the big guns will be some kind of firewall-type monitoring program.

While you can find all sorts of external monitoring solutions such as Wireshark if you want to easily correlate processes with network activity you're going to need to implement monitoring on the target device.

On Windows there is a pretty wide range of choices. OS X, on the other hand, has traditionally had a much smaller range of tools available but I have a professional-grade OS X utility that not only does the job extremely well but is also priced right. The tool is called Little Snitch 3 published by Objective Development.

Little Snitch 3 is compatible with OS X 10.9, 10.8, 10.7 and 10.6.8 and provides detailed firewalling and reporting on processes, outgoing connections, remote end points, incoming connections, ports, and protocols along with detailed traffic histories from the last hour down to one minute resolution, filtering and sorting of connections, statistics, traffic capture and snapshots, and correlation of system events (this allows you to tie, for example, app launch and termination to specific network activity).

You can run Little Snitch in interactive mode permitting and denying connection on a session basis or forever for process connections ranging from any port on any server to a specific port on specific server. 

Little Snitch's connection alert

In silent mode you can log all connections then retrospectively define permanent rules to control how processes access the network. There's also a realtime monitor you can run to keep track of network activity.

Little Snitch's realtime monitor

Rules can be grouped into "profiles" allowing you to have different rule sets for different environments such as home, office, and, for example, Starbucks. Profiles can also be selected automatically by Little Snitch based on IP address.

A feature of Little Snitch I particularly like is the "Research Assistant" which provides guidance in identifying what processes actually are (many OS X processes have obscure and unfathomable names) and what they do.

Little Snitch also does a lot more as well including analyzing rulesets to eliminate redundant and conflicting rules and it can suggest rules based on previous network usage.

In short, Little Snitch is a comprehensive traffic analysis and firewall solution that's been in development for 10 years and for $34.95 it's worth every penny.

Monitor your comments below or to then follow me on, and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2014 IDG Communications, Inc.