Suggestion: packet sniffer in network monitor

General discussions about Little Snitch
Post Reply
cottow
Posts: 2
Joined: Fri May 15, 2009 2:44 pm

Suggestion: packet sniffer in network monitor

Post by cottow » Fri May 15, 2009 2:48 pm

I very much like the Little Snitch network monitor feature. It's great to see what's going on on the network.
However, I'd very much like not only to see to which hosts a process is connecting, but also what it's doing there. The great thing about Little Snitch versus normal packet sniffers is that is is process-oriented instead of packet-oriented: using Wireshark to see what a process is doing is much more work.

So, it'd be great if there were a packet sniffer integrated with Little Snitch! That one could not only see where a process is connecting, but also what data has been sent and received!

Such a sniffer would not need to have the possibilities that Wireshark has, if it could just dump the conversation in tcpdump format one could do anything with it (for example, using Wireshark :D )

planetmac
Posts: 2
Joined: Sat May 16, 2009 3:15 am

Re: Suggestion: packet sniffer in network monitor

Post by planetmac » Sat May 16, 2009 3:57 am

I dont think it is necessary as how many times do you see a process in little snitch that you can't identify and therefore know what it is doing.

mrjcleaver
Posts: 6
Joined: Mon May 18, 2009 3:39 pm

Re: Suggestion: packet sniffer in network monitor

Post by mrjcleaver » Fri Aug 07, 2009 7:55 pm

I dont think it is necessary as how many times do you see a process in little snitch that you can't identify and therefore know what it is doing.


I completely disagree. If an application starts doing unusual traffic that's exactly when you'd want to capture the conversation, especially the outbound request.

+1 for a packet sniffer.
Last edited by mrjcleaver on Sat Aug 08, 2009 3:47 pm, edited 1 time in total.

paulc
Rank 2
Rank 2
Posts: 62
Joined: Fri May 22, 2009 7:13 pm

Re: Suggestion: packet sniffer in network monitor

Post by paulc » Sat Aug 08, 2009 3:36 pm

Speaking of which, I'd really like to see an ability to locate the network monitor display where I want.

h1d
Posts: 12
Joined: Wed Aug 12, 2009 3:53 pm

Re: Suggestion: packet sniffer in network monitor

Post by h1d » Wed Aug 12, 2009 3:56 pm

The problem about the block rules (not necessary the app's fault) is that once you let it through, you just let it through no matter what on that port (optionally to a specific destination).

So, if an app uses the same port to send its anonymous report of its usage against regular use of the app, then you can't really prevent it.

How are you supposed to "know" what goes through?
That's where the monitoring can be handy, like reading the HTTP stream and see what data is going where etc.

If it can be implemented, it'll be a nice addition.

mrjcleaver
Posts: 6
Joined: Mon May 18, 2009 3:39 pm

Re: Suggestion: packet sniffer in network monitor

Post by mrjcleaver » Wed Aug 12, 2009 4:23 pm

That suggests that there is value in being able to specify a template for alerts.

If template looks like NORMAL - NETWORK - TRAFFIC then Allow

Otherwise Prompt Me.

M.

Post Reply