

Show HN: My network connection monitor for Mac - aparadja
http://radiosilenceapp.com/private-eye

======
hmottestad
Bandwidth.

Bandwidth usage would be nice. This is something that little-snitch doesn't
already do and you can't see it in activity monitor as far as I know.

Any chance of right-clik "record traffic to file for X seconds"?

~~~
aparadja
Bandwitdh measurement isn't trivial, but it's something I'd very much love to
add. Thanks for the input.

~~~
kalleboo
nettop in the command line does it (added in Lion), maybe you can scrape it
out of there or find the source to it to see how it's done.

~~~
brndnhy
Fantastic. Thank you for that.

------
nclrhombre
I like the minimalism of this, just a connection monitor, nothing else. Great
work!

1 feature request tough: I've installed RadioSilence also, and it would be
very handy to be able to drag&drop apps from PrivateEye to RadioSilence to be
silenced. Lack of this doesn't stop me from using this, but would make life a
bit easier.

~~~
aparadja
Clever, thanks!

Radio Silence already supports drag & drop. Hadn't thought about the option to
drag apps out of Private Eye. This just landed on my todo list.

------
albertzeyer
I wonder how it works, i.e. what APIs it is using, etc. Any details?

Question on SO: [http://stackoverflow.com/questions/7696890/macosx-how-to-
cap...](http://stackoverflow.com/questions/7696890/macosx-how-to-capture-
network-events-or-how-does-private-eye-
works?utm_source=Stackoverflow&utm_medium=twitter)

~~~
aparadja
Answered directly on SO.

~~~
fletcher
It seems like you check for SYN packets, so there is no way to just see the
connection _currently active_. This in my opinion limits the usefulness of the
application, it would be cool to see an update that can have a tab for "live"
connections and one for the "history". Thanks for the app anyway.

------
pepijndevos
Java network traffic isn't listed. I tried both Minecraft and the Clojure
REPL. Nothing.

It would also be useful to see the type of connection, TCP/UDP, port number,
etc.

~~~
aparadja
Thanks for the info. I'll look into the Java issue. Wonder if they do
something unorthodox with their traffic.

The connection details is something I've pondered about. Port numbers, at
least, might be useful. At some point, the user is better served by wireshark
anyway. Drawing the line isn't a trivial problem. Any suggestions are
appreciated.

------
sirn
Nice looking app! But why distributing it as PKG when it only creates Private
Eye.app and com.radiosilenceapp.nke.PrivateEye.plist?

~~~
aparadja
It has to install the plist to /Library and launch the kext after
installation. I'm not sure if that can be done just by sharing an .app bundle.

~~~
sirn
How did VMware Fusion 4 do it though? They just distributed the whole VM as a
single .app, with all kexts loads/unload dynamically on launch.

~~~
aparadja
Good question. I honestly have no idea. The kext has to be owned by root:wheel
for the system to accept it. Making a pkg installer was the simplest solution
I knew of.

Out of curiosity: is there a downside to pkg's?

~~~
tychobrahe
I believe smcfancontrol installs its kext by demand from inside the Cocoa App.
I don't know how it's done (I only do UNIX stuff on my Mac =/) but I believe
it changes the .kext owner and invokes kextload. You can 'sudo' from inside a
Cocoa App by using AuthorizationExecuteWithPrivileges:

[http://michaelobrien.info/blog/2009/07/authorizationexecutew...](http://michaelobrien.info/blog/2009/07/authorizationexecutewithprivileges-
a-simple-example/)

About PKGs: I think that they're okay, but, historically, they're maligned for
being "black boxes" that install files all over your system. App files, OTOH,
are (99% of the time) clean, live on /Applications, and sometimes use
~/Library.

------
doe88
On Lion there is also a new useful shell command called nettop.

------
elemeno
Very nice looking program - can certainly see myself using it to keep track of
what's going on on my Mac.

One thing I've noticed though, is that it doesn't seem to be catching network
activity that's taking place from the command line. I'm running an SSH
session, and just tried pinging a server from the terminal and it didn't see
either of those. If you can add that as well, then it would be even more
useful.

~~~
ovi256
It's probably using some high-level Cocoa network framework, and not kernel-
level functionality like netstat does. So my guess is only apps using the same
high-level net framework are listed.

~~~
aparadja
Actually, it does use kernel-level connection tracking.

~~~
borism
why Lion-only then?

~~~
aparadja
Because of the user interface. It's a dumb issue, but Lion changed the way
table views work. Getting from 0 to MVP was about twice as fast with the new
Lion features.

It's something I consider improving, though. Fundamentally, the same app
should work on 10.6 too.

------
CyrilMazur
Too bad it doesn't want to work on my Snow Leopard system

~~~
ra
I agree... Any reason why you don't want to support Snow Leopard?

~~~
aparadja
I would love to support Snow Leopard, and it's something I'll work on next.
Lion simply brought some much-needed upgrades to table based UI development,
which I wanted to use. It cut down the development time by a significant
amount.

Supporting Snow Leopard requires a rewrite for most of the UI logic. I wanted
to get the first version out before crossing that bog.

~~~
ra
Thanks for explaining, that makes a lot of sense.

BTW: If your firewall works on Snow Leopard and allows me to disable the P2P
part of Spotify, I will buy it.

~~~
aparadja
It works on SL, and I've heard people use it to block Spotify. There's a free
trial, let me know if it doesn't work for you!

~~~
ra
but does it just block the p2p part of spotify, and still permit the login and
direct streaming?

If so that's a selling point right there.

------
runjake
The bandwidth suggestions are good, but rather than suggest more, I'll just
say I really like the way you've laid things out. The UI lets me see data via
the angles I'd want to see it.

~~~
aparadja
Thanks! I spent a decent chunk of notebook pages and pen ink to get it the way
it currently is. It feels really good to hear someone appreciates the design.

------
oscardelben
Thanks for sharing! Any chance you share the source on Github?

~~~
aparadja
My plan is to give the software away for free, but keep the distribution
somewhat centralized and the source closed. The app is, on a business level, a
marketing tool for my Radio Silence firewall. I hope it will drive traffic and
links to the site by giving away a complementary product for free.

Sharing the source through github might work against that goal.

~~~
bcl
Or it might help you reach that goal. Opening up some of your source will give
your more advanced customers more confidence in your coding abilities.

~~~
aparadja
The open source approach surely has its benefits. However, I
think/guess/believe the free closed-source app has more direct effects on my
visitor traffic. Open sourcing the software would probably help me build some
kind of personal branding, but it's not a goal I'm actively working for right
now. Currently, my priority is to get radiosilenceapp.com more visibility and
authority.

------
evilswan
Ok what's 'helpd' and why does it call Akamai servers?

<http://imgur.com/IDc5f>

~~~
rhubarbquid
It's probably checking for updated help files. Apple regularly uses Akamai's
CDN.

------
46Bit
Looks awesome - exactly what I've been after to be honest. I'd love you if you
could make it work on 10.6 as well...

------
antirez
Related: <https://github.com/antirez/iconping>

------
makira
We do something similar in one of our app, although we also permit the user to
block connections it doesn't want to.

<http://www.metakine.com/products/handsoff/>

------
bahman2000
I'm on Lion. Installed the app, launched, window comes up but connections are
not listed.

Restarted the computer. Connections are still not listed.

Reinstalled as per FAQ. Still not working.

Am I doing something wrong?

~~~
aparadja
No connections come up even if you let the window stay open for a while?

Could you run "kextstat" on the terminal and see if
"com.radiosilenceapp.nke.PrivateEye" is listed?

~~~
Udo
It works for me. Thanks for making this, keep up the good work!

Now if you introduce the option of blocking applications, I'd uninstall
LittleSnitch for this.

~~~
aparadja
Thanks!

You can use Radio Silence to block apps. It's on the same domain, and linked
in the sidebar and header.

~~~
Udo
Great, I just bought it. Any chance of incorporating Private Eye into Radio
Silence, at least for the purpose of selecting the apps I want to block? Or
being able to drag and drop an app from Private Eye into Radio Silence would
be enough. It's just that selecting those apps is really painful from the file
dialog, especially if they're obnoxious system services like helpd.

~~~
aparadja
You're the second person to suggest that today. It's a great idea, and I'll
implement it as soon as I can.

Radio Silence already supports drag & drop. You can drag apps into its window,
if you don't like the file dialog.

Private Eye doesn't yet support dragging stuff out of it.

------
leviathan
Great app.

One feature request though, it would be very useful to be able to view the
complete URL of HTTP connections. God knows how many times I had to setup a
local proxy to find out that information.

~~~
daviddoran
I think this app works at a lower level though, by intercepting TCP
connections. To show you the URL it would have to proxy all the traffic and
understand the HTTP protocol.

~~~
aparadja
That's right. Of course, parsing the http requests isn't a monumental task,
and it could be done. I'm just not sure whether it's worth it. Wireshark
already exists, and I see no reason to compete with it.

------
andrewcooke
this looks useful, so i had a look for the linux equivalent. turns out there's
a command line utility called nethogs that does something similar (it shows
bandwidth per process, but not addresses). for opensuse you can get it here -
[http://software.opensuse.org/search?q=nethogs&baseprojec...](http://software.opensuse.org/search?q=nethogs&baseproject=openSUSE%3A11.4&lang=en&exclude_debug=true)

another command, iftop, shows connections, but not processes (that's in the
standard opensuse repos).

------
huskyr
Great work! I really like the nice clean interface.

It would be great if there would be an option to put it in the menu bar and
hide it in the dock.

------
skada
Is there something like this for Windows ? (Especially with ip resolution
feature )

------
FredBrach
Private-Eye sounds like a good entry for Tractup: <http://www.tractup.com> a
site for early product traction. :s

~~~
aparadja
Tractup doesn't support dashes in the url :).

~~~
FredBrach
I've just fixed it =) please retry.

~~~
aparadja
I already submitted the base domain, so no worries.

~~~
FredBrach
erf I really don't understand why your entry is in the beginning of my table..
I will fix this.

~~~
FredBrach
fixed

