In the Podcast episode titled “Why does Microsoft Hate Security?, when comparing Little Snitch for Linux to Open Snitch, @jordan stated that Open Snitch ”doesn’t have the same ability to show which process is making connections”.
I’ve been using Open Snitch for years, and I’m happy to be able to report that actually does!
OpenSnitch shows you (and lets you apply rules to block/allow based on):
- process name
- PID (process id)
- cmdline (the command-line string, with all its arguments, that launched the process)
- userID (the user running the process)
- source IP
- source port
- destination host (ex. google.com)
- destination IP
- destination port
- protocol
- the network interface the connection was attempted on
An important thing to highlight in any conversation comparing the two is that Open Snitch is 100% open source. Considering that the job of this application is to intercept literally every outgoing connection made by every process on the computer, that’s a necessity in my book.
For the record: I have no affiliation with Open Snitch or its author. But I do think it’s an incredibly useful and educational tool.