Monitoring application data traffic
Firewall On or Off
In the main window's header bar, on the far right, you will find the play/pause button where you can turn the firewall on and off. This button is especially important initially because you need some time to define rules for all the applications that need to contact the outside world. You can use this button to break up the task into convenient chunks of time.
In the menubar below, you will find eight tabs. The Events tab lists all contacts to the outside world in real time (Figure 5). Nodes typically only lists one socket per device, from which the OpenSnitch GUI obtains the data for visualization. The default for this is /tmp/osui.sock
.
![](/var/linux_magazin/storage/images/issues/2022/259/opensnitch/figure-5/804969-1-eng-US/Figure-5_large.png)
The Rules tab, as expected, lists the application rules that have been created (Figure 6). The Hosts tab lists the remote sites that applications have attempted to contact and how often that occurred per host. The Applications tab lists the applications that tried to make contact and shows the frequency of those attempts.
![](/var/linux_magazin/storage/images/issues/2022/259/opensnitch/figure-6/804972-1-eng-US/Figure-6_large.png)
The Addresses tab keeps track of the URLs contacted and the frequency of contact attempts. Ports does the same in terms of the ports on the contacted hosts, while the Users tab lists the users involved and records the number of contact attempts initiated by the users. From any of these tabs, you can edit entries that are released for editing by right-clicking on them.
To avoid losing your way when faced with many entries, you can also sort or filter the entries on the individual tabs. At the bottom of the window, you can see the number of connections during the current uptime and how many of them were rejected (dropped).
FAQs
OpenSnitch can manage virtually anything that connects to a host from a Linux system. For multi-user systems, the rules can also be defined individually for each user. According to the developers, however, OpenSnitch occasionally misses an app's connection attempt; the project wiki [7] on GitHub explains the possible reasons for this. However, I did not experience any such oversights in my test. An FAQ [8] answers frequently asked questions relating to the application firewall.
Once you have created all your rules, OpenSnitch runs unobtrusively in the background. A notification will only appear if you install a new app that makes an attempt to contact the outside world. If an app makes a conspicuous number of connections, you will want to harden the rule for that app by checking each process for an outgoing request or the domain contacted in each case, and then confirm or deny access.
Conclusions
While OpenSnitch is annoying at first, this means it is doing its job properly. You can temporarily avoid the many requests for rules by disabling the firewall and then defining more rules when it suits you. Getting started with OpenSnitch is comparatively easy thanks to the good documentation [9].
OpenSnitch is particularly interesting for browser plugins, web apps, or third-party applications in general. It helps you keep a closer eye on these applications and make adjustments to rules as necessary. You will be surprised about what some apps try to do. In conclusion, OpenSnitch definitely improves the security of your system without asking too much of you beyond the initial setup.
Infos
- Web application firewall: https://www.f5.com/services/resources/glossary/web-application-firewall
- FirePrompt: https://fireprompt.com
- GlassWire: https://www.glasswire.com
- OpenSnitch: https://github.com/evilsocket/opensnitch
- Little Snitch: https://www.obdev.at/products/littlesnitch
- Download: https://github.com/evilsocket/opensnitch/releases
- Failure to intercept: https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Why-OpenSnitch-does-not-intercept-application-XXX
- FAQ: https://github.com/gustavo-iniguez-goya/opensnitch/wiki/FAQs
- Documentation: https://github.com/gustavo-iniguez-goya/opensnitch/wiki
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.