Show HN: A reasonably reliable traffic per application monitor using BPF (github.com)
picosnitch helps you protect your security and privacy by "snitching" on anything that connects to the internet, letting you know when, how much data was transferred, and to where.
It uses BPF to monitor network traffic per application, and per parent to cover those that just call others.
It also hashes every executable, and will complain if some mischievous program is giving it trouble.
3 comments
[ 4.3 ms ] story [ 20.7 ms ] threadI mentioned some caveats under the limitations section of the readme such as hashing fails for AppImages because they use FUSE but they're still detected, or noting that scripts are only identified by their interpreter and arguments used. However nothing should be able to bypass picosnitch completely (i.e. silently) without a Linux vulnerability to hide from the kernel itself, or if something were to replace picosnitch with a modified copy.