Little Snitch 5.5 review: Real-time connection monitoring

By Chip Loder

Little Snitch 5.5 is an app which allows you to track, allow, and deny network connections on your Mac -- and it's not for everybody.

Little Snitch

from Objective Development in Austria is a network connection monitoring app which allows you to monitor and track network connections on a per-process basis.

It also includes a realtime map view which displays connections and destinations, and a summary sidebar which shows total throughput, app organization by traffic volume, and total number of connections.

As a side benefit, Little Snitch also lets you know which background processes have made connections without your knowledge - such as macOS Widgets.

Both the interactive map and summary panes can be hidden or shown with the click of a button, and the map can be zoomed with any scroll wheel-compatible mouse including the Apple Magic Mouse.

After initial install, Little Snitch runs in demo mode for three hours.

Little Snitch 5.5 is fully compatible with macOS Ventura and Apple Silicon Macs. For complete compatibility info, see the Compatibility section on the Help page.

Installation

After downloading and mounting the .dmg from Objective Development's website, you install Little Snitch by dragging it to your Mac's Applications folder. The app must be installed in the Applications folder and won't work if it's located anywhere else.

Once copied to your Mac, double-click Little Snitch to launch it. On first run, you'll be asked to walk through a few initial setup windows, which are easy enough.

Little Snitch installer.

You'll be asked if you want to run in Silent Mode or Alert Mode, approve network filtering, and approve a System Extension that gets installed. You'll then be taken through a few short single-pane instructions which feature animations, and a Next button.

Choose Silent Mode or Alert Mode during install.

You'll be asked to approve the Little Snitch System Extension in System Settings.

Click "Allow" in System Settings Privacy and Security to approve the System Extension.

Next you'll be asked if you want to allow a network filter. Click "Allow".

You'll also be asked if you want to allow both local macOS services (i.e. - processes on your Mac) and/or iCloud monitoring. You can turn both on, or just one.

Choose to monitor only Mac network serivces, or Mac and iCloud.

Early versions of Little Snitch didn't feature Silent Mode and first-time connections from every app would throw an alert in which you had to either approve or deny.

This got tedious and annoying very quickly so Objective Development added Silent Mode.

In Silent Mode, assuming you selected it during setup, all connections are allowed initially, but add an approve/deny checkbox next to each app in the app list on the left side of the Little Snitch window:

The main Little Snitch network monitor window. You can allow or deny monitoring for each app in the list on the left.

In Silent Mode all connections continue to be allowed unless you select the "x" checkbox next to an app. Silent Mode provides a seamless experience so your Mac will continue to operate as usual from a UI perspective without all the alert popups for initial connections.

Usage

Once installed and running, you can resize the Little Snitch window, or full-screen it. The interactive map shows connections automatically as they happen.

Single-clicking any destination point on the map hides all other data and filters both the app list on the left and the summary pane on the right to show data only for that connection.

Clicking anywhere else on the map resets all the window's panes and map to full data for all apps.

Oddly, the main window's standard macOS zoom and minimize buttons have been removed and have been replaced with a single button which toggles whether or not the window floats above all others on the Desktop.

Clicking any disclosure arrow next to an app in the app list reveals a list of all the domains that app has made connections to. Clicking any of the domain's disclosure arrows list all subdomains for that connection.

You can also Option-click any app's disclosure arrow to expand or collapse the full list of connections.

Each domain and subdomain in each app listed has an "x" and a check box next to it and you can turn monitoring of each connection on or off by clicking either button.

You can also edit Rules for any connection, toggle approve/deny mode, or remove it from the list by Control-clicking or right-clicking on any connection, or on an app in the list itself.

One of the biggest benefits of the app/connections list is that you can view all connections to all domains a given app is making - in real time: the connections resort themselves in the list as they are made, and you can search for domains and subdomains using the Search bar at the top of the connections pane.

Single-clicking any domain in the connections list zooms the map out to show just the connections to that domain. Single-clicking any sub-domain shows just those connections.

There's also a network traffic graph at the bottom of the connections pane.

Packet Capture

By Control-clicking/right-clicking on any app name itself in the app list, you can also select "Capture Traffic" from the popup menu which launches the macOS Terminal and asks you to approve the Little Snitch command-line tool which is used to capture network traffic in manner similar to Wireshark.

You can stop traffic capture by pressing Control-C in Terminal on the keyboard.

Menubar shortcut and preferences

The Little Snitch menubar item shows realtime network data indicators for both outgoing and incoming traffic, as well as a throughput summary in kB/s.

Clicking the menubar item pops up a menu which allows you to change to one of three modes: Alert mode, Silent mode with allow connections, or Silent mode with deny connections.

You can also hide and show the main monitor window from the menu.

The Little Snitch menubar item.

There's also a menu item to toggle the network filter, to open the Rules editor, and to open Preferences.

In Preferences there's a myriad of options, including the ability to set a keyboard shortcut for toggling the filter on and off, a toggle to turn the menubar item on and off, and to set alert and security details.

Little Snitch rule editor

The Rule editor window is quite extensive and comes with several dozen predefined "factory" rules which make sense in most cases. Overall, Little Snitch's filtering behavior is defined by the set of rules in the Rule editor.

You can toggle rules on and off on a per-app basis, sort and view rules by single-clicking predefined labels on the left side of the window, and create and edit rule groups. There's also a rule search field at the top of the editor window.

Keep an eye on the comings and goings of your data

Overall, Little Snitch is a great way to quickly view and monitor network connections. The information presented isn't extremely detailed, and some things you might expect such as full hop information isn't displayed, but that's not the point.

Too much information would make Little Snitch too complicated and would detract from its elegant and delightful interface. Quick realtime information about connections is what Little Snitch provides and it's a joy to use as-is.

There are plenty of other more detailed network route utilities available -- many of which are free. But for the money, Little Snitch is handy and a good value. It's a great addition to your network toolkit.

Little Snitch Pros

  1. Very slick real-time UI
  2. Live hierarchical connections view
  3. Real-time map connections view
  4. Connection summary pane

Little Snitch Cons

  1. Slightly cumbersome install and setup
  2. Short free demo time
  3. Non-standard window controls

Rating: 4 out of 5

.

Where to buy

Little Snitch can be purchased from Objective Development for $45. A 3-hour free-trial is also available.