|
|
|
|
|
|
by PhantomGremlin
1765 days ago
|
|
|
I don't think this is realistic any more. There's just too much noise, too many chatty processes, too much traffic. A while ago I tried to track the start of a single application, a new install of Firefox. IIRC the first start generated traffic to about a dozen endpoints. Also, macOS and Windows generate enormous amounts of traffic (others here have noted that). The amount of background traffic is simply overwhelming. Perhaps security companies can make sense of it all, but it's far too much for most technical people. I run my own OpenBSD firewall and I've long since given up trying to understand what my Macbooks are doing. The beauty of OpenBSD itself is that it starts very few daemons, and all source code is available. So it's easy for me to understand what my firewall is doing. user@catalina ~ % ps aux |wc -l
542
vs openbsd_user$ ps aux |wc -l
42
|
|
|