What is Little Snitch?

Little Snitch is a tool designed to alert you on outgoing network connections. Little Snitch runs in the background and hooks into the operating system kernel while you are logged in. When an application tries to establish a network connection, Little Snitch intercepts the attempt and brings up an alert panel, telling you all the connection details including the name of the application which initiated the connection. You either choose to allow or deny the connection in the specific case, or to add a permanent rule for future connections initiated by the same application.

Install Little Snitch

1. Mount the disk image, e.g. by double-clicking the dmg-file.
2. Start the installer on the disk image application by double-clicking it.
3. The installer will perform the necessary steps of installation and open "System Preferences" for you.
4. Switch to the Little Snitch preference panel.
5. Authenticate yourself by clicking on the lock at the bottom line of the window.
6. Click the "Start" button.
7. You may want to store the Little Snitch installer application in your "Applications" folder or any other location. You need it if you want to uninstall Little Snitch.

Uninstall Little Snitch

1. Start the Little Snitch installer application from the disk image or any other location (as outlined above).
2. Choose the option "uninstall".

Little Snitch in Action

A panel like this appears if an application wants to create a network connection. Little Snitch informs you which application wants to connect to which server. By clicking on the application icon you receive additional information about the application (Unix ID, the full path and IP-address). Regarding that application, you can either allow or deny the connection for that specific case or create a permanent rule and set up conditions.

1. Period of time

   By selecting "once" you are allowing the connection of the application once. However, you will be asked again if the application ( in our case Help Viewer) wants to create more and even similar connections later on.

   By selecting "until The Application quits"(in our case Help Viewer) you are either allowing or denying the connection until the application quits. You won't be asked again for similar connections until you quit Help Viewer. After restarting Help Viewer you will be asked again.

   By selecting "forever" you are creating a permanent rule allowing or denying the connection of the application forever. Thus, future connections are automatically denied or allowed. However, you can edit or remove the newly created rule from within the Little Snitch Preference pane.

2. Condition

   The "Condition" pop-up button serves to restrict a rule to specific connections (e.g. allow/deny connections only to a specific server) or to allow any connections from this particular application by selecting "Any Connection". You can restrict the connection to specific servers by selecting "Same Server" or to specific ports by selecting "Same Port".

To allow or deny any connection from your particular application simply select "forever", select "Any Connection" within the condition pop-up button and click on "Allow Forever" or "Deny Forever".

Configuring Little Snitch

The Little Snitch preference pane within the "System Preferences" application serves to start, stop or change the configuration of "Little Snitch".

First you need to authenticate yourself by clicking on the button with the little lock at the bottom line of the window.

If little snitch is active, you can see the list with the current rules. You can change the displayed order of these rules by clicking into the column headers.

• By clicking "New..." you can create a new rule.
• By clicking "Edit..." you can edit the selected rule.
• By clicking "Duplicate..." you can copy an existing rule, modify it and save it as a new rule.
• By clicking "Delete..." you can delete the selected rule.

How to add a new rule manually

• Open the Little Snitch preference pane within the "System Preferences" application.
• Click on the "lock" button to unlock the preference pane. You will be asked for your username and password.
• By selecting "New..." you can create a new rule. (By clicking "Duplicate..." you can can copy an existing rule, modify it and save it as a new rule.)

Application: Click "Choose..." to select an application for which the rule should apply or leave "any" as a general rule for all applications. Tip: You can enter the full path within the open panel by simply typing "/" and then continue with the rest of the path.

Permission: Select "Allow" or "Deny" whether you want to add a rule which allows/denies connections from the chosen application or from "any" application if you don't choose an application.

Server: To restrict the rule to a specific server you can enter either the IP-address or the name of the server. You can also specify an IP-range by entering an IP-address and then clicking on the small button on the right side. Use the "IP Range" pop-up to select a range.

Port: To restrict the rule to a specific port enter a port number or port name like "http".

Protocol: To restrict the rule to a specific protocol enter a protocol number or name like "udp".

The same panel appears if you choose to edit or duplicate a rule.

Note: More specific rules override general rules, regardless of their order in the listing.

• A rule for a particular application overrides a rule for "any" application.
• A rule for a particular Internet address overrides a general rule.
• Only the first rule which matches is applied.
• If no rule matches, the Little Snitch alert panel appears.

An example ruleset

Here is an example rule set for denying any Internet connection for a particular application:

• TheApplication Deny any network connection.
  (deny general any network communication expect connections which are local on your machine)
• TheApplication Allow any connection to local network.
  This additional rule is necessary if TheApplication needs to reach another machine within your local network. (allows connections within your local networks)