alt Hacker NewsSnitch – A friendlier ss/netstat
Comments
it's weird that both lsof and ss defaults are so awful
Like, ss without any options shows such arcane, rarely needed details as send/receive queue size but not the application socket belongs to.
And omits listening sockets which is main use for such tools.
I know picking the right defaults is hard ask but they managed to pick all the wrong defaults.
The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.
Is it possible I've missed something from the demonstration video on that page?
I love the recent increase in TUI-based tooling. This looks cool - will check it out!
I don't like the name but I like the TUI, connection monitoring is perfectly handled by a TUI!
I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
I can't read as fast as your demo GIF. Just infuriating.
Nice! Couple of notes:
1. Can you highlight the currently selected row with a different background?
2. Maybe add optional reverse DNS lookups?
[dead]
prettyneat.gif
Thanks for sharing
I just want a single tool that has a known, generalized set of capabilities on just about every distribution.
Systemd's obsession with remaking every single wheel in Linux has been aggravating enough. Please don't do it again.
When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.
Might need a different name.
https://www.obdev.at/products/littlesnitch/index.html