Monitoring application data traffic

Network Tattletale

© Photo by Markus Spiske on Unsplash

© Photo by Markus Spiske on Unsplash

Article from Issue 259/2022

OpenSnitch, an application-based firewall, protects you from unwanted data leaks by letting you set customized rules for all your applications.

An application opening a connection to the Internet is a normal procedure and typically completely legitimate, but there are programs – even open source applications – that like to phone home or track the user. On Linux, there is usually an opt-in step – you have to actively agree to the data collection. Often, the collected data relates to telemetry functions and gives the developers information about a user's interaction with their program. However, open source does not always protect you against being investigated. In Firefox, you have to actively opt out of sending telemetry stats if you do not want this to happen.

An application firewall can reveal what's going on behind the user's back. While conventional firewalls examine the data flow packets to and from the CPU, an application firewall takes an application-specific view when monitoring the outgoing data flow. (Do not confuse an application firewall with a web application firewall [1].) Examples of application firewalls include FirePrompt [2] for Linux and GlassWire [3] for Windows. In this article, I'll take a closer look at an open source application firewall: OpenSnitch [4], a Python port of the proprietary Little Snitch [5] personal firewall for macOS. OpenSnitch development began about four years ago.


With "snitch" in its name, you can tell much about how OpenSnitch works: Snitching is exactly what this firewall does. OpenSnitch analyzes applications' outgoing data traffic and exposes trackers and similar unpleasantries if configured accordingly, letting you intervene if necessary. In general, if an application tries to connect to the network, OpenSnitch stops it first and asks if you want to allow this to happen. You grant permission by defining a rule for the application.


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Firewalld and OpenSnitch

    For maximum security, you'd better watch traffic in both directions. This hands-on workshop takes you through the steps of setting up firewalls for outgoing as well as incoming traffic.

  • FOSSPicks

    Graham looks at Krita 4.0, FreeTube 0.2.0, OpenSnitch, Yoda, Citybound, GZDoom, and much more!

  • FOSSPicks

    Graham recently found the perfect use for his old Nintendo DS Lite. Thanks to having exactly the same screen resolution, it now runs the brilliant ZXDS Sinclair ZX Spectrum emulator.

comments powered by Disqus