Tanstack Start | Snitch – A friendlier ss/netstat

Snitch – A friendlier ss/netstat(github.com)

92 points by karol-broda 5 hours ago | 13 comments

mikeryan 3 hours ago
When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.
Might need a different name.
https://www.obdev.at/products/littlesnitch/index.html
- wkat4242 3 hours ago |parent
  There's also a Linux clone of little snitch, OpenSnitch.
  - zormal 13 minutes ago |parent
    There's also https://github.com/snitch-org/snitch with the AUR package name 'snitch'.
themafia 4 hours ago
It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.
Is it possible I've missed something from the demonstration video on that page?
- karol-broda 3 hours ago |parent
  thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.
aos an hour ago
I love the recent increase in TUI-based tooling. This looks cool - will check it out!
fulafel 2 hours ago
The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
rockskon an hour ago
I just want a single tool that has a known, generalized set of capabilities on just about every distribution.
Systemd's obsession with remaking every single wheel in Linux has been aggravating enough. Please don't do it again.
cyberax 3 hours ago
Nice! Couple of notes:
1. Can you highlight the currently selected row with a different background?
2. Maybe add optional reverse DNS lookups?
coppsilgold 4 hours ago
I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
- karol-broda 3 hours ago |parent
  agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control
  - ashtakeaway 43 minutes ago |parent
    With a name like Snitch, it should be aimed at adversarial detection.
    Just my two snitches.
- tptacek 3 hours ago |parent
  Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).