[littlesnitch]

On macOS, it requires access to /dev/bpf. That's why we added filter rules for bpf there.

On Linux, we intercept at a level where packets already have an Ethernet header. I hope that Paqet injects before* this layer, but only a test can give the proof.

[thewanderer1983]

Thanks for the response. Sorry I should of been less vague. Paqet works on raw sockets with KCP. Though it's intended for good. What's to assume bad actors aren't also using this method to get around solutions like littlesnitch?

A recent example, but not the only is a Iran a botnet, using this to get around detection.

https://cybersecuritynews.com/iran-linked-botnet-exposed-aft...

[littlesnitch]

Little Snitch for Linux is not made to defend against malware. You need to code with paranoia in mind from the very beginning if you want that.