MAC - Network/Internet Activity Monitoring Software

Mac is not my area of expertise, despite owning one so I thought I would ask the XOJO community for some suggestions. I have a friend who has network connectivity at a remote paintball site using 4G. ‘Something’ is using an inordinate amount of 4G data and I am looking for MAC recommendations for some sort of ‘network monitor’, or maybe firewall solution that can record network activity by application so we can pin down what application is using the most bandwidth over a period of time in order that we can see what can be done

I know they have links to their customer database back at the main office and it may be that this over a VPN may be the issue but I’ve not looked in a lot of detail as yet, trying to do some homework first by identifying where the problem may lie.

On Windows these sorts of applications are quite common, but having done some quick google searches for a MAC equivalent I seem to have drawn a blank.

Any suggestions?

From my Mac days, Little Snitch was my go to tool for monitoring network activity on my Mac.

2 Likes

+1 for Little Snitch

1 Like

Thanks Julian, just been playing with it, perfect for my needs, quite an eye opener on what is being connected to and certainly comprehensive with full data usage.

1 Like

Built in to the OS is Activity Monitor.app which will show you historical network data as well without a third party tool. Little Snitch is great though, I love being alerted of connections I haven’t approved and being able to decide.

how do i get to the historical network data??

It only goes a certain amount of time back, it’s not like an all-time historical data view. I’m finding that the overview on the bottom is reset at boot, but I can’t find how far back the Received Bytes column goes. I’m sorry if I made that sound more exciting than it was.

Apple’s details: https://support.apple.com/en-us/HT201464#network

Even i use LittleSnitch also, sometimes is good to see connections in terminal (realtime, not history). You can do it with iftop, available in Homebrew (brew install iftop)

Then use with: sudo iftop

I has lot of command line options, so: man iftop to read about them

Little Snitch should not be your final answer to this scenario.

If your friend really wants to control his network traffic - and this is what I read, a network, not just a single computer - then he should use a proper Firewall and Proxy Server instead. I strongly suggest https://www.ipfire.org or https://www.pfsense.org/ on a small system with 2x Ethernet Interfaces between his router and his network. For instance I am using the little Zotac Nanos https://www.zotac.com/de/product/mini_pcs/ci327-nano

When he’s on 4G then a content filtering squid proxy server is the better answer. Only with this all the f* adware, trackers and analytics stuff lurging on websites is kept out. This pest is limiting a connection bandwith not with its size but its steady ping-bombardment of connections and 3rd party content, just compare:

This is a regular news Website tracking its user and triggering all its trackers and adware stuff.

Same site, same connection, same computer, but behind content filtering proxy:

Mind the difference between less than 3 Seconds and more than 13 seconds loading time. And believe me without this bullshit, the internet is fast and usable again even when you’re using low bandwith connections.

Daily downloaded filterlists keep your system up to date. For most of my clients I am also enabling GeoIP filtering. If a small business is just targeting local or national audience, then why should it be accessable/ hackable from the rest of the world. Here in Europe I am blocking everything east of Baltic States and South of Italy keeping 90% of all SYN Floods, Portscans, SSH Attacks and Website Vulnability Scans out. Together with strict SNORT rulesets alongside with Squid Proxy Filtering and your Firewall rules you keep a network fast and healthy.

Everything is open source and you are in control of what you consider as threat and what you consider as trustworthy, not somebody else nor a company with its closed source shit nor a government with gone-wild racist and nationalistic president.

Thanks for the suggestions I installed Little Snitch on all his machines today and it was a real eye opener. His office is not set up too well either. He really needs some centralised in office file storage (they are using dropbox so for every change 1 upload and 4 new downloads to the other machines which is crazy). They have to use 4g as they are away from a decent broadband line. IMAP is also a killer on the machines as they share some mailboxes which would be better centralised on one machine and ‘POP3’d, or imapped in office’ and the other machines can access on the office LAN to save constant upload and download syncing of mailboxes.

The real data killers were apple, advert and tracking rubbish, dropbox and Apple Mail. I have made some tweeks in Mail, for example not auto downloading images in emails and so forth, turned off dropbox etc.

I have started a new topic to see if there is an apple equivalent for a ‘server’ on a Mac Mini - not the chopped down OSX thing that you can get for $20.

Tomas I like your suggestions and the map on Little Snitch showing the ‘ad’ pinging all over the world will hopefully wake them up. Its even simple things like keeping multiple web pages open in the background for no reason and the updates these seem to bring with them. I’ll have a look at your suggestions.

little snitch will cause a LOT of extra CPU overhead if you’re doing a lot of web browsing though. I just had to uninstall it because it’s background process was using 100% of a cpu while I was running a xojo developed web app. It was keyed into each connection as the app continued to update itself.

I’m seriously considering an install of https://pi-hole.net in the near future.

The funny thing is that regular internet adds don’t offend me. Bring them on! I’ll look at adds for your sponsors. As soon as you track my every move, popup adds that I have to click on to make go away or require that I look at things before I see your content then I’m not going to look at your content or I’m going to turn on my add blocker. I don’t run with it normally as I want the sites to get paid for what they do. Then it becomes so ludicrous that I have to block it completely.

I would recommend that some sites require that advertisers provide them with a simple image to show, and they serve it themselves. no bugs, no javascript, no nothing. But you can also then require that I whitelist you through my add blocker. eventually this will be worth more money to the advertisers as someone is at least seeing it than all the tracking that they can do with a thousand lines of javascript sending cookies to a thousand other sites. If you guarantee to me that I’m loading 75k of a banner add then I will allow it to load. If you can’t then I’ll block you.

I seem to remember that there’s an option in Dropbox to transfer files locally. That might at least make it faster.