Connection details

When you click the “i” button to reveal connection details in the alert, a plethora of information becomes available:

The description section at the top now includes port and protocol information. The information section in the middle contains the following info fields, some of them are optional:

• IP Address: the Internet address of the remote computer.
• Reverse DNS Name: The Internet DNS system provides a service to obtain a computer name given its IP address. This reverse name is rarely the same as the name used to look up the address in the first place. This name may provide additional hints to the owner of the address.
• Established by: For outgoing connections, the full path of the connecting process.
• Connecting to: For incoming connections, the full path of the process accepting the connection.
• Process ID: The numeric Unix process identifier of the connecting or accepting process.
• Code Signature: Information about the authority who signed the connecting/accepting process.
• Code ID: A unique identifier of the connecting/accepting process, derived from the code signature. This code ID is used by rule matching (if available).
• Unsigned Library: If the code signature of the connecting/accepting process is reported to be invalid, this may be caused by loading a dynamic library which is not signed. If the process has loaded such a dynamic library, it is mentioned here.
• User: Short name and numeric identifier of the user account running the connecting/accepting process.
• Parent Application: If the connecting/accepting process is acting on behalf of a responsible app, the full path of this app.
• Process ID (parent): The numeric Unix process identifier of the parent app.
• Code Signature (parent): Information about the authority who signed the parent app.
• Code ID (parent): A unique identifier of the parent app, derived from the code signature. This code ID is used by rule matching (if available).
• Unsigned Library (parent): If the code signature of the parent app is reported to be invalid, this may be caused by loading a dynamic library which is not signed. If the app has loaded such a dynamic library, it is mentioned here.
• Alternate DNS names: If multiple names are known to resolve to the IP address of the connection, the other names (not mentioned in the description) are listed here.
• Name from DPI: If no unique name could be determined for the remote computer, but a name has been mentioned in the initial data packet, this name is mentioned here. It is very likely the name used to connect, but Little Snitch cannot prove that it was used to connect.

Was this help page useful? Send feedback.
© 2016-2024 by Objective Development Software GmbH