Little Snitch 6 – My Experience with Mac Network Monitor

The software company Objective Development from Austria recently released a new major version of the Mac network monitor “Little Snitch”. During version 5 onwards macOS 11 BigSur could be used, the new version 6 is now available for macOS 14 Sonoma and the upcoming Mac operating systems. I took a look at the manually operated and graphically edited firewall and shared my experiences with it Little snitch 6 summarized in this post.

Transparency note: License code was provided free of charge

Jens and I each received a free license code from Objective Development for the Little Snitch 6 test. I am sure that this will have no influence on Jens' statements (probably published in video form). And this has no influence on my test report here either. I write down my experiences and my opinions uninfluenced, without the free license code making anything unnecessarily positive.

Download, installation and system settings

While the slimmed down versions of the program, “Little Snitch Mini” and “Micro Snitch”, can be found in the Mac App Store, Litte Snitch is only available for download via the Objective Development website. The program requires extensive network and partial system access, which can only be achieved in this way. A demo version of the program can be downloaded from the linked page, which can be used for 30 days for sessions of up to three hours. With a full version license starting at 59 euros (or 39 euros as an upgrade from a previous version), the app can also be used without restrictions.

After downloading, the installation runs fairly standard. You start the dmg file, move the app to the programs folder and then start it. However, as mentioned above, it requires some permissions to monitor and control the Mac's network activities. Therefore, for example, permission to use system extensions must be activated in the macOS system settings. You will be guided through this and other necessary steps by means of appropriate messages.

Afterwards there is an introduction to the program, thanks to which you get to know the different possible uses. Among other things, the user interface is explained so that you can immediately understand the various graphical representations as well as buttons and switches. Here it is an advantage if you don't just click on "Next" until the introduction is over. If you read everything carefully, you'll be more likely to find your way into using Little Snitch 6 - even if at first glance it seems overloaded with its many options.

Key Features of Mac Network Monitor

The most important features of Little Snitch 6, some of which were only added with the upgrade to the new major version, include:

  • Monitoring of outgoing and incoming Internet connections
  • Limiting or blocking individual connections and apps
  • Integrated and subscribeable blocking lists (blacklists) that prevent multiple connections with just one click
  • Firewall rules organized into groups that can be enabled or disabled quickly and easily
  • DNS encryption for blocking server name queries by third parties
  • Network overview and controls in the Mac menu bar
  • Visualization of network activity in real time (upload and download)
  • Search function for quickly finding connections and filter rules
  • Usage statistics for long-term optimization of firewall rules
  • Notifications and audible signals to indicate specific network activity
  • Improved control of network activity on certain websites and web apps (social media, streaming services, etc.)
  • Better support for homebrew apps (rules are no longer assigned by version number but by file path)
  • And a lot more…

The practical use of Little Snitch 6

Little Snitch allows you to monitor which Mac apps connect to servers and exchange data with them. With a little research or existing specialist knowledge, you can determine whether it is a necessary and usable connection or whether you should stop it to prevent damage. A current usage example would be: B. preventing server communication from old Adobe apps because Adobe wants to prevent their use. If there is no server query, you can theoretically avoid the annoying notifications for taking out a subscription and deactivating old apps.

Another area of ​​application is protection against Malware from the Internet. The new option of importing blocking lists and activating them with one click makes blocking certain server connections extremely easy. The difference to blocking plugins for web browsers is that not only individual websites or URLs are blocked, but entire servers - and therefore tend to have several websites per server. This can be used in private life, but also in educational institutions, in companies and everywhere else.

The main program of Little Snitch 6

As described above, it pays to be careful when introducing the program. This makes the first steps in using the main program easier. But a lot of it is self-explanatory. You can view all connections, set and review rules, view an individual list of banned connections, and more. If you want to undo something, there are also two lists: “Last Changed” and “Last Used”. So if you accidentally blocked something that you didn't want to block, you can quickly find it here again.

Network connections and rules are also clearly divided into macOS services, iCloud services, Apple programs and third-party programs. So if you only want to assign firewall rules to one of these areas, you don't have to manually search for the corresponding connections. With a single click you can go directly to the respective list. Of course, you can then go into further detail there and manage an individual connection instead of applying rules for the entire app or service group.

Little Snitch 6 in the Mac menu bar

In addition to the main program, Little Snitch 6 also includes real-time monitoring of network activity in the menu bar. There is a chart showing how much is currently being downloaded and uploaded. Clicking on the menu bar icon expands the display to reveal more details. You can also use the pull-out menu to select notification options, list recent network activity, manage rules and access Little Snitch's settings.

Quit Little Snitch 6 and remove the icon from the menu bar

To complete the test, I also looked into the possibility of exiting Little Snitch 6 and removing it from the menu bar. There are use cases where you want to have a network monitor or firewall running all the time. But there is also the case that you only want to use these tools selectively for certain checks and tests. 

While the main program with its window and dock symbol disappears when you use the "Exit" option, the display in the menu bar remains active. The app continues to run in the background, as I can see by looking in the Activity indicator could see. It's also not that easy to end using the Activity Monitor, even if you want to force all of its processes to close using "Quit Immediately".

What sounds like a big disadvantage can actually be an advantage in practical use. Because if malware tries to deactivate Little Snitch in this way in order to reestablish contact with your server, it will most likely not be able to do so. And that's a good thing. If you really want to end Little Snitch's main process, then open the system settings, click on "General" on the left, then select "Login items" on the right and deactivate the "Little Snitch" entry in the "Allow in background" list.

What do the different processes mean?

We discussed closing the app directly with the Objective Development developers as part of the app test. We received the following explanations via email, which shed a little more light on the difficulty of quitting the app completely, as well as the various processes found in Activity Monitor.

Little Snitch consists of several components:

1. The app. You can start or stop it as you wish, it has no influence on whether the filter works or not. She draws your attention to this the first time you close it.

2. The Network Monitor. You can also start and end it as you wish. It takes a little longer to start if you have a lot of data that needs to be displayed. Therefore, the monitor does not automatically shut down when the window is closed. This way he can reappear more quickly.

3. The Network Extension (at.obdev.littlesnitch.networkextension). This process does the actual filtering. This used to be an extension loaded into the operating system kernel. Now this is a process that always has to be ongoing. Even if the filter is not currently active, because the statistics of the connection data are still being recorded.

4. The Daemon (at.obdev.littlesnitch.daemon). This is a helper process for Network Extension. Back when the Network Extensions were new (and not yet fully programmed), we had to have a new version ready within a few months. We didn't know what you were allowed to do in Network Extensions and what wasn't, so we planned an auxiliary process to be on the safe side. In Little Snitch Mini we did without it. We already knew what was going on. In any case, it always has to be running because it is required by the network extension.

5. The Little Snitch Agent. This is a process that runs in the background for every logged in user and (in alert mode) displays alerts, operates the status menu, keeps block lists up-to-date, makes location queries if necessary, etc. These are all things that the daemon is not allowed because it does not run in a user session. Little Snitch does not provide for stopping this process because it may always be necessary to display alerts. Alerts for potential dangers are also displayed in silent mode. And we want to update the blocklists daily. With the Mini you can turn off this process because there are no connection alerts anyway and because Apple requires it. But we advise against it.

Summary: Little Snitch as a comprehensive network monitor

As you can see, Little Snitch 6 represents a new stage in the development of comprehensive network monitoring and firewall applications. Both the general monitoring of network activities and the specific use for controlling and blocking individual connections or specific groups of apps and services can now be implemented even more easily. You can try this out using a free demo version. If you like the firewall settings and want them to be used permanently, a license can be purchased starting at 59 euros (or 39 euros to upgrade a previous version).

My tips & tricks about technology & Apple

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

4 comments on “Little Snitch 6 – My experiences with the Mac network monitor”

  1. Beatrice Willius

    I usually first block everything with Little Snitch when I install a new program. There are always programs that probably haven't heard of Little Snitch. Then I find crashes or the big white void. I then quickly put these programs in the trash.

  2. I have been using LS for many years and am very satisfied with the software itself.
    The sharp increase in prices puts me off when switching to version 6.
    We're talking about an auxiliary tool that now comes close to the price of a software suite.
    In my opinion, 59 euros is too much for a visually great firewall.
    After hearing the upgrade price of 39 euros, I tested the free alternative LuLu and found it absolutely sufficient for my purposes.
    Therefore, I will say goodbye to LS with a tear in my eye as soon as version 5 no longer runs on the current macOS version.

    1. Hello Simon!
      Yes, LuLu is also a nice software that gets the job done. What you don't have is the checking in both directions (incoming and outgoing), the fancy UI and the DNS encryption. But it is definitely a highly recommended alternative. The developer of LuLu has other great tools such as BlockBlock, KnockKnock and much more. We have to introduce them too. 😊

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.