A native macOS menu-bar app that shows you, second by second, which apps are using your network and how much.
Full-quality screen recording (49 MB): network-monitor-demo.mov
No accounts. No telemetry. No background services. Zero outbound connections — the app never opens a socket of its own, enforced by a CI gate on every build.
brew install --cask lighthouse-computer/taps/network-monitorOr grab the signed .dmg from the Releases page and drag it to /Applications. Developer-ID signed, notarized, stapled — no Gatekeeper prompt.
Why no Mac App Store? The app needs
/usr/bin/nettopand/Applicationsmetadata; the App Sandbox blocks both. Install from GitHub instead.
In the menu bar — live total speed (↓ 1.2 MB/s ↑ 305 KB/s), refreshed every second.
One row per app, sorted by lifetime bytes: trust badge, PIDs, total bytes, current speed. A green dot marks anyone transmitting right now.
Type to search across app names, PIDs, ports, and services. Results group with match-type chips.
Right-click a row to hide it, kill a runaway process (graceful quit for GUI apps, SIGTERM→SIGKILL for daemons; system processes are never offered the action), or reset history.
Click a row for a floating chart panel (Live / 5 min / 15 min / 1 hr / 24 hr) with a crosshair, port breakdown, and the remote IPs behind each port. Pin up to 3 panels side by side.
This is the whole pitch — everything else is convenience.
- Zero outbound connections. No license check, no update ping, no analytics. A CI gate fails the build if any outbound-connection API reappears in shipped sources.
- All analysis is on-device. Domains, IPs, port classifications — nothing leaves the machine.
- 24-hour history cap. Downsampled to per-minute means beyond the last hour. Nothing older is written or transmitted.
Full accounting in PRIVACY-AUDIT.md.
| macOS | 13 Ventura or later |
| CPU | Apple Silicon or Intel |
| To build | Swift 5.9+ (Xcode 15 or Command Line Tools) |
| Dependencies | none — no third-party Swift packages |
git clone https://github.com/lighthouse-computer/Network-Monitor.git
cd Network-Monitor
swift test # logic suite — runs headlessly, no signing
swift run # build and launch the monitorFor the signed/notarized release path: DISTRIBUTION.md.
Sources/MonitorCore/ parsers, rule engine, identity matching — pure Foundation
Sources/NetworkUsageMonitor/ the menu-bar app: sampling, UI, policy
FilterExtension/ content-filter system extension — firewall enforcer (see Roadmap)
docs/v2.0.0/ architecture, security model, privacy audit
The monitor spawns nettop -P -n -L 1 once per second, parses the CSV, and groups per-PID byte deltas by bundle identifier — so Chrome helpers and Electron renderers collapse into one row. Code signatures are checked once per bundle and cached. Idle CPU stays near 0%.
A per-app firewall is built and in the source tree, but disabled in shipping builds. It blocks an app from the network with an identity-based rule (matched on Team ID + designated requirement, so renaming or re-signing a binary can't dodge a block), enforced by a NetworkExtension content-filter system extension that keeps running after the GUI app quits.
macOS 26 regressed activation of newly-notarized content-filter system extensions — they fail in sysextd's realize phase regardless of install location (the "cannot allow apps outside /Applications" log line is a documented red herring). Rather than ship a firewall that silently enforces nothing, it's held behind a feature flag until Apple resolves the bug.
Design and security model: ARCHITECTURE.md · RULES-ENGINE.md · SECURITY.md.
Bug reports and small fixes are welcome. Open an issue before starting anything larger. See CONTRIBUTING.md.
PolyForm Noncommercial License 1.0.0 — free for any noncommercial use: personal, study, research, nonprofits, educational and government organizations. Commercial use requires a separate paid license — see LICENSING.md. Source-available, not OSI open source.