A native macOS menu-bar app that tells you, second by second, which apps are using your bandwidth and how much — entirely on-device.
No accounts, no telemetry, no background services beyond the app itself, and zero outbound connections — the app never opens a socket of its own (verified in CI; see PRIVACY-AUDIT.md). Everything lives on your machine.
- Live total speed —
↓ 1.2 MB/s | ↑ 305 KB/s, refreshed every second. Left-click opens the popover; right-click gives Launch-at-Login + Quit.
- One row per app, sorted by lifetime bytes: name + code-signature trust · System/User chip + PIDs · last-active on the left; total bytes · ↓/↑ · current speed on the right. A green dot marks any app transmitting right now.
- Search across app names, PIDs, ports, and services — just start typing anywhere in the popover. Results group into collapsible sections with match-type chips.
- Right-click a row to hide it, multi-select several to hide, reset all-time data, or end a runaway process — a graceful quit for GUI apps,
SIGTERM→SIGKILLfor background ones; system processes are never offered the action.
Click any row for a floating panel: a history graph (Live / 5 min / 15 min / 1 hour / 24 hours) with a trading-style crosshair, plus a port/service breakdown (443 → https, 53 → dns, …) you can expand to the remote IPs behind each port. Pin up to 3 panels to compare apps live.
Traffic history is kept for at most 24 hours — a deliberate privacy cap, not a limitation. It's the only per-app behavioral record written to disk, and it's downsampled to per-minute means beyond the last hour.
The app is not sandboxed — it needs to invoke /usr/bin/nettop and read /Applications metadata, both of which the App Sandbox forbids. That's why it isn't on the Mac App Store; install from GitHub instead.
Homebrew (recommended)
brew install --cask light-house-group/taps/network-monitorDirect download — grab the .dmg from the Releases page, open it, and drag the app into /Applications. Releases are Developer-ID signed, notarized, and stapled — no Gatekeeper workaround needed.
Build from source
git clone https://github.com/Light-House-Group/Network-Monitor.git
cd Network-Monitor
swift test # logic tests (no signing, no extension)
swift run # build + run the monitor headlesslySee DISTRIBUTION.md for the signed/notarized release path.
| macOS | 13 Ventura or later |
| CPU | Intel or Apple Silicon |
| Toolchain (to build) | Swift 5.9+ (Xcode 15 or Command Line Tools) |
| Dependencies | none (no third-party Swift packages) |
The monitor spawns /usr/bin/nettop -P -n -L 1 once per second, parses the CSV, and computes per-PID byte deltas grouped by bundle identifier (so Chrome helpers / Electron renderers collapse to one row). Per-cycle spawning costs ~60 ms a tick; idle CPU stays near 0%. Code signatures are checked once per bundle and cached. Everything — parsing, classification, history — runs on-device; the app opens no socket of its own.
Sources/MonitorCore/ usage parsers, rule engine, identity matching (shared, pure)
Sources/NetworkUsageMonitor/ the menu-bar app: monitoring, UI, policy ownership
FilterExtension/ content-filter system extension — firewall data plane (see Roadmap)
docs/v2.0.0/ architecture, rules engine, security model, privacy audit
A per-app firewall — block an app from the network with an identity-based rule (matched on Team ID + designated requirement, so renaming, relocating, or re-signing a binary can't dodge a block), enforced by a NetworkExtension content-filter system extension that keeps running after the GUI app quits — is built and in the source tree, but disabled in shipping builds for now.
macOS 26 regressed activation of newly-notarized content-filter system extensions: they fail in sysextd's "realize" phase regardless of install location (the "cannot allow apps outside /Applications" log line is a documented red herring). Rather than ship a firewall that silently enforces nothing, it's held behind a single feature flag until Apple resolves the issue. The design and security model are documented in ARCHITECTURE.md, RULES-ENGINE.md, and SECURITY.md.
- Zero outbound connections. The app opens no socket of its own — no key checks, no update pings, no analytics. A CI gate fails the build if any outbound-connection API reappears in the shipped sources. Full accounting: PRIVACY-AUDIT.md.
- All flow inspection is on-device. No domains, IPs, or traffic metadata ever leave the machine.
- 24-hour history cap, downsampled beyond the last hour. Nothing older is kept.
Bug reports, fixes, and feature ideas are welcome — open an issue first for anything larger than a small fix so we can sort scope. See CONTRIBUTING.md. Maintainers shipping releases: DISTRIBUTION.md.
PolyForm Noncommercial License 1.0.0 — the source is fully public and free for any noncommercial use: personal use, hobby projects, study, research, and use by nonprofits/educational/government organizations. Commercial use requires a separate paid license from the copyright holder — see LICENSING.md to get one. This is source-available, not OSI "open source."