Thursday, October 20, 2016

See All Your Mac’s Network Traffic in Real Time With Private Eye

private-eye-featured
Wonder which of your Mac apps are connecting to the Internet, and what they’re doing? Private Eye lets you spy on your applications, watching every outgoing and incoming request in real time. And it’s free.
There is a way to allow apps to communicate through it. If all you want to do is stop incoming requests, with a few exceptions, that should do the trick.

But many users love using a firewall to monitor network traffic, and the default macOS firewall doesn’t offer that. This is where Private Eye comes in handy: open this application and you can watch every request in real time, and see which addresses sites are connecting to. Here’s how to set up Private Eye, and put it to use.

Install Private Eye

First things first: go ahead and download Private Eye from the Radio Silence website. Click the big blue “Download” button, and you’ll see the PKG file in your Downloads folder.
private-eye-download
Go ahead and launch the installer, giving permission when necessary.
private-eye-install
When you’re done, you can find Private Eye in your Applications folder, or by searching with Spotlight.

Watch Your Network Traffic in Real Time

Launch Private Eye and it will immediately start monitoring your network traffic. Every time an application makes a request, you’ll see the name of the application and which addresses they connected to. Results are added in real time.
private-eye-running
Private Eye does not run in the background: when you open it, it starts monitoring, and when you close it, monitoring stops. This is a tool for spotting patterns in real time, not creating a massive log you can browse later.
If you want to learn more about what particular applications are doing, you can click them in the sidebar at left. For example, here’s online backup program Backblaze doing it’s thing:
private-eye-backblaze
You can also see only incoming or outgoing requests. On most Macs, there shouldn’t be many incoming requests. On mine, for example, Bittorrent Sync (now called Resilio Sync) was the only application accepting requests, which makes sense.
private-eye-incoming
If you’ve set up file sharing on your Mac, you might see more incoming requests than I did here.

Wait, What Are These Applications?

You’ll probably see a few applications you recognize, like your browser or your email client. Other applications, however, you won’t recognize at all. Don’t panic: most of them are probably perfectly normal. For example:
  • com.apple.geod is Apple’s location service, which informs applications where you are.
  • CalendarAgent, logically enough, updates Calendar even when it’s not running.
  • ksfetch updates Google products, mainly Google Chrome.
  • Spotlight Networking provides Internet suggestions when you search with Spotlight, and also when you type anything into Safari’s address bar.
  • trustd verifies the signature of software and websites.
I’m sure you’ll find a few more oddities, and you’ll need to do your own research. If something looks suspicious, Google the application name and see what you find. Most of the time you’ll learn it’s part of macOS, or related to an applications you’ve installed. Remember: don’t freak out just because an app “phones home”–it’s often with good reason. Occasionally, though, you might find something malicious, and it’s time to remove some malware from your Mac.
Private Eye fills in a gap in macOS by letting you figure out what applications are connecting to online. If you’re more interested in how much data applications are using, we recommend you check out Activity Monitor, in particular the Network tab. You’ll learn a lot.

No comments: