LittleSnitch Arrives on Linux: eBPF-Powered Network Monitor

LittleSnitch for Linux: eBPF-Powered Network Monitoring

Objective Development (ObDev) has released Little Snitch for Linux, bringing the iconic macOS network monitoring tool to the Linux platform. The application uses eBPF technology to hook into the Linux network stack.

Key Capabilities

• Real-time Connection Monitoring: See exactly which applications are communicating with which servers
• One-Click Blocking: Instantly block any unwanted connection
• Blocklists: Import domain and IP blocklists from sources like Hagezi, Peter Lowe, Steven Black, and oisd.nl
• Custom Rules: Create granular rules targeting specific processes, ports, and protocols
• Traffic Analytics: Track data volumes and traffic history over time with interactive diagrams
• Web UI: Access via http://localhost:3031, installable as a Progressive Web App

Technical Details

The tool hooks into the Linux network stack using eBPF, a mechanism for running sandboxed programs in the operating system kernel. It requires Linux kernel 6.12 or higher with BTF kernel support.

Unlike the macOS version, the Linux edition does not support the .lsrules format, and only accepts standard blocklist formats (one domain/hostname per line, hosts-style, and CIDR ranges).

Why It Matters

As supply chain attacks and data exfiltration threats grow, tools like LittleSnitch provide users with visibility into application network behavior — a critical capability for security-conscious developers and privacy advocates.

Source: obdev.at — via Hacker News