When we talk about rules and connections in the connection list, you should keep one thing in mind: One row in Network Monitor does not really represent one connection, it represents a group of connections matching the row’s criteria.
On the topmost level, a group consists of all connections established by instances of the same program. One level below, a group is restricted to servers in a particular domain. Whereas on the last level, it’s restricted to particular server names or addresses. These can still be a variety of connections with various protocols, to various ports and different Internet addresses for the same name.
The rule management button is part of every row in the connection list. It displays whether all or any connections represented by the row are covered by an Allow- or Deny-rule.
When you click the Allow- or Deny-section of the button, you create a rule which specifically covers the exact group of connections the row represents. We call this an associated rule. This is a very quick and convenient way to create rules for all your connections at any hierarchical level.
The button can have the following states:
|None of the connections represented by the row is covered by a rule (button is only shown when hovering over it with the mouse). Any new connections in its group trigger a connection alert or Silent Mode Activity Indication (see below).|
|There is an Allow-rule associated with the row. It covers the same group of connections as represented by the row.|
|There is a Deny-rule associated with the row.|
|Connections represented by this row are covered by an Allow-rule. The rule may cover more connections than represented by the row or it may cover only a subset. You may find the Allow-rule at a deeper or higher level, if it can be represented in Network Monitor (port- or protocol-specific rules, rules for Any Process cannot be represented).|
|Connections represented by this row are covered by a Deny-rule, similarly as above.|
|There is an associated Allow-rule for the row, but some or all connections are also covered by a Deny-rule which takes precedence over the Allow-rule. You may find it at a deeper level, if it can be represented in Network Monitor.|
|Similarly as above, but deny and allow exchanged.|
|Some of the connections represented by the row are covered by an Allow-rule, some by a Deny-rule. Neither the allow, nor the Deny-rule covers the same group of connections as represented by the row.|
|At least some of the connections represented by the row are not covered by a rule and had activity during Silent Mode. They would have triggered a connection alert without Silent Mode. Click disclosure triangles to see more properties of the not-yet-covered connections and decide at which level you want to create a rule.|
|A (possibly minimized) connection alert is pending for at least one of the connections represented by the row. The connection is said to be stalled because it’s waiting for you to create a rule, either directly in Network Monitor by clicking the rule management button or via the connection alert. Click disclosure triangles to see more details and create a more specific rule.|
|An extra-high priority Deny-rule isolates the process from the Internet. This rule was created as a consequence of a failed process identity check. Click the button to delete the rule and accept the modification to the process.|
All rows in the connection list have a context menu shown on right-click. The following options are relevant for rule management:
- Delete Rule — If there is a rule associated with the row, an option to delete it.
- Allow Connection — An option to create an associated Allow-rule. When the option key is held, the rule is created in the current profile. If the connection is stalled, an until-quit-rule can be created by holding the shift key.
- Deny Connection — An option to create an associated Deny-rule. Same option and shift key modifications as above.
- Remove “Unconfirmed” Indication — If the connection had activity in Silent Mode, this option removes the indication without creating any rules.
- Make Connections Private… — Creates a Private Connections rule for a process. If such a rule is in effect, Network Monitor does not show individual connection data for the process. All statistics are summarized in a Private Connections row.
- Show Corresponding Rule — The rule management button shows whether rules for the row exist, but it can’t show details. This option opens Little Snitch Configuration and focuses on all rules covering connections represented by the row. Note that only rules covering actually represented connections are shown. Connections which never occurred, but would be represented by the row, are not taken into account.
- Show Recently Used Rule — This entry reveals rules in Little Snitch Configuration which have been used within the last 10 minutes to decide whether or not to allow connections represented by the row. It is only available if new connections were created within the last 10 minutes.
If an application does not perform as expected and you suspect that Little Snitch may be blocking a connection which is essential for the app, you can analyze the issue in Network Monitor.
Check the rule management button for the application. Is the Deny-section red or gray, indicating the existence of a Deny-rule affecting it? Choose Show Corresponding Rule… from the context menu to see all rules affecting the application at the respective level. Optionally, use Show Recently Used Rule if you see that a connection was blocked and you want to see the responsible rule.
Was this help page useful? Send feedback.
© 2016-2023 by Objective Development Software GmbH