[lazyjones]

I tried an earlier version of this and was a bit disappointed by the (apparent?) lack of information regarding these connections from applications, since there's so much going on on OS X and it's hard to tell what's legitimate and what isn't. It would be great if we could record traffic on a per-application/process basis and display it comfortably, or even have some built-in heuristics to identify common tasks like "Firefox update check" or "iCloud authentication".

It's very similar to the venerable "Spybot S&D" on Windows (the "TeaTimer" functionality, now apparently called "Live Protection": https://www.safer-networking.org).

[steinex]

Besides the other replys that suggested Research Assistant: Little Snitch is actually able to write pcaps per application so you can then analyze with Wireshark. Killer feature, imo.

[whorleater]

Little Snitch 3 has the research assistant thing where you can check each application and process to verify if it's legit against a database.

[frankquist]

I have the same thing with system monitors. So many processes for which I have no idea if they're legit.

[bredren]

Usually a google search resolves these questions. However, it is a big problem for when I have a non-technical person using a machine with this tool installed.

I have heard, "I never know what to do when I see these popups." Unfortunately, I don't think the research assistant will help them either.

[fnl]

That depends on your POV. Is iTunes phoning home legitimate traffic? Maybe for some/most, but I certainly block those attempts, to me iTunes is just a nuisance app, like GarageBand and a few others. LS does an excellent job at selecting the vital connections as valid and then let you decide if you want to tell Apple & Microsoft & Friends more or if you actually preferred the OS would not.