Snitch – A friendlier ss/netstat
11 comments
·December 23, 2025fulafel
The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
themafia
It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.
Is it possible I've missed something from the demonstration video on that page?
karol-broda
thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.
coppsilgold
I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
karol-broda
agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control
tptacek
Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).
null
cyberax
Nice! Couple of notes:
1. Can you highlight the currently selected row with a different background?
2. Maybe add optional reverse DNS lookups?
andrewmcwatters
[dead]
When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.
Might need a different name.
https://www.obdev.at/products/littlesnitch/index.html