Little Snitch Help

Connections

We all know the experience of surfing the Internet with a web browser, receiving and sending emails etc., but what happens under the hood? We’ll try to explain some of that here. At least enough to understand the terms and concepts used by Little Snitch.

What is a connection?

We’re talking about network connections over and over again, so it’s time to explain the term. We’ll use an analogy, the telephone call. Imagine you have something you want to tell a friend and you decide to make a phone call. What happens?

  1. You choose your friend’s name from your contacts database. The database stores a number. Let’s assume you call your friend at work in a big company where the company has a phone number and each employee can be reached on an extension number. Your contacts database stores both, the phone number and the extension.
  2. You instruct your phone to call this number.
  3. Your friend’s phone rings and your friend answers the call.
  4. After a short greeting, you tell your friend the important news. Your friend responds and you talk for a while.
  5. One of the parties ends the call.

A network connection is roughly the same thing, just with data being exchanged instead of voice. Imagine an application on computer A wants to send data to an application on computer B:

  1. The application looks up the name of computer B in a global database (the Domain Name System (DNS)) and receives an Internet address (similar to the phone number of a big company). It somehow obtains the port number used by the application on computer B (similar to the extension number in our phone example). The port number may be well known (like many companies use the same extension for FAX) or it may be obtained from another database or negotiated in a previous communication.
  2. The application initiates the connection to this Internet address and port.
  3. Computer B receives the port number and checks whether a program is listening for this port. It finds the desired recipient and forwards the connection attempt to the application.
  4. The application on computer B accepts the connection.
  5. The applications usually exchange greetings and then data. There are no rules for who begins the conversation and who ends it.
  6. One of the two applications shuts down the connection.

How can we identify a connection?

While the important parameters of a phone call are the calling number and the called number (including any extensions) and who initiated the call (for billing purposes). The relevant information for network connections consists of the two Internet addresses and two port numbers and who established the connection.

Although this is true from the network’s point of view, Little Snitch goes beyond that. It does not only want to know the numbers, it wants to know names for the calling and called party. It therefore describes connections with the following information:

Is all of the Internet connection based?

No. There are connection based and connectionless protocols. Here’s a list of the protocols you are likely to encounter:

Although not all protocols used over Internet are connection-based, Little Snitch can use the same set of parameters for all the protocols mentioned above. Since ICMP does not use ports, port numbers are set to zero for this protocol.

Let’s bring this to life

With the information explained above, we can follow a real-world example: What happens, when a web page is opened in a browser:


Was this help page useful? Send feedback.
© 2016-2019 by Objective Development Software GmbH