Snitch – A friendlier ss/netstat

Posted by karol-broda 5 hours ago

Snitch – A friendlier ss/netstat(github.com)

118 points | 18 comments

mikeryan 3 hours ago|

When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.

Might need a different name.

https://www.obdev.at/products/littlesnitch/index.html

stressback 22 minutes ago||

Seems like a fine name. Why would little snitch existing necessitate a name change?

wkat4242 3 hours ago||

There's also a Linux clone of little snitch, OpenSnitch.

zormal 1 hour ago||

There's also https://github.com/snitch-org/snitch with the AUR package name 'snitch'.

poemxo 3 minutes ago||

I don't like the name but I like the TUI, connection monitoring is perfectly handled by a TUI!

fulafel 2 hours ago||

The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)

aos 2 hours ago||

I love the recent increase in TUI-based tooling. This looks cool - will check it out!

themafia 4 hours ago||

It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.

Is it possible I've missed something from the demonstration video on that page?

karol-broda 4 hours ago|

thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.

stressback 21 minutes ago||

prettyneat.gif

Thanks for sharing

cyberax 3 hours ago||

Nice! Couple of notes:

1. Can you highlight the currently selected row with a different background?

2. Maybe add optional reverse DNS lookups?

andrewmcwatters 2 hours ago||

[dead]

coppsilgold 4 hours ago|

I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.

karol-broda 3 hours ago||

agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control

ashtakeaway 1 hour ago||

With a name like Snitch, it should be aimed at adversarial detection.

Just my two snitches.

tptacek 4 hours ago||

Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).

entrop 39 minutes ago||

That search did not come up with much. Can you elaborate?