Snitch – A friendlier ss/netstat

 (github.com)

156 points | by karol-broda 7 hours ago

13 comments

  • mikeryan 5 hours ago
    When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.

    Might need a different name.

    https://www.obdev.at/products/littlesnitch/index.html

    [-]
    • wkat4242 5 hours ago
      There's also a Linux clone of little snitch, OpenSnitch.
      [-]
    • stressback 1 hour ago
      Seems like a fine name. Why would little snitch existing necessitate a name change?
      [-]
      • charcircuit 1 hour ago
        Because it's potentially trademark infringement because it could confuse people.
        [-]
    • cretinoid 1 hour ago
      I immediately thought of that too. The names these people come up with are so embarrassing. And I'm not even talking about the meaning of 'snitch'. But you already have a tool within the same IT area that is basically named the same. Why the hell would you do that? Aren't there other words in the dictionary?
      [-]
      • inejge 55 minutes ago
        > The names these people come up with are so embarrassing. And I'm not even talking about the meaning of 'snitch'.

        They should call it "rat" and be done with it.

        Besides, "snitch" works for Little Snitch -- I've always found it somehow endearing, although the bare word is unflattering.

  • PunchyHamster 42 minutes ago
    it's weird that both lsof and ss defaults are so awful

    Like, ss without any options shows such arcane, rarely needed details as send/receive queue size but not the application socket belongs to.

    And omits listening sockets which is main use for such tools.

    I know picking the right defaults is hard ask but they managed to pick all the wrong defaults.

    [-]
    • petepete 22 minutes ago
      I think the same applies for many of the new breed of command line applications like fd and ag/rg.

      Being able to use them intuitively trumps ubiquity, speed or features.

  • fulafel 4 hours ago
    The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
  • themafia 5 hours ago
    It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.

    Is it possible I've missed something from the demonstration video on that page?

    [-]
    • karol-broda 5 hours ago
      thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.
  • aos 3 hours ago
    I love the recent increase in TUI-based tooling. This looks cool - will check it out!
    [-]
    • mabedan 1 hour ago
      Are they as accessible as GUI though (genuine question)

      UI libraries have a lot of features for allowing people with disabilities to “read” and interact with the screen in efficient ways

  • poemxo 1 hour ago
    I don't like the name but I like the TUI, connection monitoring is perfectly handled by a TUI!
  • wittjeff 1 hour ago
    I can't read as fast as your demo GIF. Just infuriating.
  • coppsilgold 6 hours ago
    I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
    [-]
    • karol-broda 5 hours ago
      agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control
      [-]
      • ashtakeaway 3 hours ago
        With a name like Snitch, it should be aimed at adversarial detection.

        Just my two snitches.

    • tptacek 5 hours ago
      Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).
      [-]
      • entrop 2 hours ago
        That search did not come up with much. Can you elaborate?
  • cyberax 5 hours ago
    Nice! Couple of notes:

    1. Can you highlight the currently selected row with a different background?

    2. Maybe add optional reverse DNS lookups?

  • andrewmcwatters 4 hours ago
    [dead]
  • stressback 1 hour ago
    prettyneat.gif

    Thanks for sharing

  • rockskon 3 hours ago
    I just want a single tool that has a known, generalized set of capabilities on just about every distribution.

    Systemd's obsession with remaking every single wheel in Linux has been aggravating enough. Please don't do it again.

    [-]
    • hn_throw2025 12 minutes ago
      Ironic choice of example…

      Before systemd presented a generalised interface, there were significant differences in the init and service management systems between the popular Red Hat and Debian families of distros.

    • beaudidly 56 minutes ago
      What’s with the hostility of someone making something that’s useful for themselves and sharing it with others?
    • Underphil 1 hour ago
      No-one is stopping you from using netstat.