Little Snitch is a little tool that monitors outbound connections from your system and, unless it already has a rule in place to permit or deny the connection outright, pops up a panel letting you know that an app is requesting a connection.
For example, the screen shot above was triggered by the launch of SBook as the app contacts the mothership to determine if a new version is available. Interesting.
I wonder what it is sending as a part of the "am I the latest version?" query?
Now, if you happen to have tcpflow installed (via Fink or from source or from Fred's public iDisk), you can easily answer that question.
It is just a matter of copy/paste (before hitting the allow button):
% sudo tcpflow -c -i en1 'host ip-64-7-15-234.dsl.bos.megapath.net' Password: tcpflow: listening on en1 010.000.001.004.58896-064.007.015.234.00080: GET /build.txt?myversion=5.17 HTTP/1.0 User-Agent: CFNetwork/1.1 Host: www.sbook5.com Connection: close 064.007.015.234.00080-010.000.001.004.58896: HTTP/1.1 200 OK Date: Fri, 19 Mar 2004 05:46:42 GMT Server: Apache/1.3.27 (Unix) mod_perl/1.27 PHP/4.3.4 mod_ssl/2.8.14 OpenSSL/0.9.7a Last-Modified: Mon, 29 Dec 2003 03:34:19 GMT ETag: "38747b-10-3fefa0bb" Accept-Ranges: bytes Content-Length: 16 Connection: close Content-Type: text/plain 1072668795 5.18
(If you are on Ethernet, use 'en0' instead of 'en1'.)
As expected (Simson definitely understands security & privacy), SBook doesn't do anything nefarious. But what about the other apps on the system?
I don't know. With the Little Snitch active, I'm certainly going to be keeping a closer eye on things... (link fixed!)