Objective-See: Netiquette

Netiquette
🌎 Translate
English Español

 Download

In today’s interconnected world, it’s uncommon to find an application—or even malware—that doesn’t make use of the network. Netiquette is a network monitor that lets you explore all sockets and connections through an interactive UI or the command line.
Supported OS: macOS 10.15+
Current version: 2.3.0 (change log)
Zip's SHA-1: 1274FCDE39AC4ABBDB22EF1065A47D0FB0AECD59
Source Code: Netiquette


Special mahalo to Jonathan Levin for inspiring the creation of this tool.

Running Netiquette

First download Netiquette. Depending on your browser, you may need to manually unzip the application by double-clicking on the zipped archive.

There is no need to install anything, and Netiquette can be run from anywhere. (This also means there is nothing to uninstall, simple delete the application).
Launch Netiquette by double-clicking
When launched, Netiquette will display all active network connections and sockets. This information is displayed under the process that is responsible for the network activity, and includes information such as the source/destination IP address and port, protocol, interface, state, as well as the number of uploaded and downloaded bytes:
Details of each process' network activity is shown
By default, Netiquette auto-refreshes every few seconds to ensure that the displayed network information remains up to date. Networking details related to Apple processes are hidden by default, but this and other settings can be easily customized through settings (discussed below).

At the top (right), you'll find a filter box that can be used to narrow down displayed network connections based on criteria such as process name, path, PID, or network details like IP address, port, interface, and connection state. For example, typing 'Listen' will display all network sockets that are actively listening for potential remote connections:
Use the filter box to filter network activity
At the bottom of the window, you'll find buttons to save the output, access settings, and expand or collapse all connections.

Click the 'Save' button (bottom left), to export the network activity to a JSON file:
Use the 'Save' button to export network activity
Settings
Clicking on the 'Settings' button will open the settings:
The 'General' settings pane
Under the 'General' tab, you'll find settings related to how Netiquette both enumerates and displays networking activity. The description under each, explains each setting.

Under the 'Update' tab, you can toggle automatic update checks, as well as manually check for any updates:
The 'Update' settings pane
Commandline Interface
Netiquette can also be run via the commandline, to list all active network connections.

Execute the Netiquette binary (note: specify the full path to the Netiquette binary within its application bundle) with -h or -help to display information about the self-explanatory commandline options: 
$ Netiquette.app/Contents/MacOS/Netiquette -h 

NETIQUETTE USAGE:
 -h or -help  display this usage info
 -list        enumerate all network connections
 -names       resolve remote host names (via DNS)
 -pretty      JSON output is 'pretty-printed' for readability
 -skipApple   ignore connections that belong to Apple processes

The -list commandline flag will generate a (JSON) list of all active network connections and sockets: 
$ Netiquette.app/Contents/MacOS/Netiquette -list -pretty
[
  {
    "process" : {
      "pid" : "5885",
      "path" : "\/usr\/bin\/nc",
      "signature(s)" : {
        "signatureIdentifier" : "com.apple.nc",
        "signatureStatus" : 0,
        "signatureSigner" : 1,
        "signatureEntitlements" : {
          "com.apple.security.network.server" : true,
          "com.apple.security.network.client" : true
        },
        "signatureAuthorities" : [
          "Software Signing",
          "Apple Code Signing Certification Authority",
          "Apple Root CA"
        ]
      }
    },
    "connections" : [
      {
        "remoteHostName" : "n\/a",
        "protocol" : "TCP",
        "interface" : "",
        "localAddress" : "0.0.0.0",
        "state" : "Listen",
        "remotePort" : "0",
        "localPort" : "666",
        "remoteAddress" : "0.0.0.0"
      }
    ]
  }
  ...
]


Note:
To capture the output from Netiquette, simply pipe it to a file of your choice:

$ ./Netiquette.app/Contents/MacOS/Netiquette -list > /path/to/some/file.json