Snitch – A friendlier ss/netstat

10 comments

• mikeryan 3 hours ago
  When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.

  Might need a different name.

  https://www.obdev.at/products/littlesnitch/index.html

  [-]
  • stressback 14 minutes ago
    Seems like a fine name. Why would little snitch existing necessitate a name change?
  • wkat4242 3 hours ago
    There's also a Linux clone of little snitch, OpenSnitch.
    [-]
    • zormal 53 minutes ago
      There's also https://github.com/snitch-org/snitch with the AUR package name 'snitch'.
• fulafel 2 hours ago
  The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
• aos 1 hour ago
  I love the recent increase in TUI-based tooling. This looks cool - will check it out!
• themafia 4 hours ago
  It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.

  Is it possible I've missed something from the demonstration video on that page?

  [-]
  • karol-broda 4 hours ago
    thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.
• stressback 13 minutes ago
  prettyneat.gif

  Thanks for sharing
• rockskon 1 hour ago
  I just want a single tool that has a known, generalized set of capabilities on just about every distribution.

  Systemd's obsession with remaking every single wheel in Linux has been aggravating enough. Please don't do it again.

  [-]
  • Underphil 14 minutes ago
    No-one is stopping you from using netstat.
• cyberax 3 hours ago
  Nice! Couple of notes:

  1. Can you highlight the currently selected row with a different background?

  2. Maybe add optional reverse DNS lookups?
• andrewmcwatters 2 hours ago
  [dead]
• coppsilgold 4 hours ago
  I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
  [-]
  • karol-broda 3 hours ago
    agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control
    [-]
    • ashtakeaway 1 hour ago
      With a name like Snitch, it should be aimed at adversarial detection.

      Just my two snitches.
  • tptacek 4 hours ago
    Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).
    [-]
    • entrop 31 minutes ago
      That search did not come up with much. Can you elaborate?