Skip to content
PrivateAI
← Back to Home
Threat Modeling

How to Audit Any AI Tool's Network Traffic — macOS, Linux & Windows

10 min read min readBy PrivateAI Team

Bottom line first: Most AI desktop apps phone home to 3–7 third-party analytics vendors in addition to their own API servers. Segment and Mixpanel regularly receive event payloads that include session metadata. Sentry receives crash reports that can contain stack traces with partial prompt text. None of this is secret — it's in the privacy policies — but it is invisible until you look. This playbook makes it visible in under 20 minutes per platform.


Why You Should Audit Before You Trust

You have already read the privacy policy. Good. Now verify it.

Privacy policies describe categories of data. Network traffic shows you actual payloads — the hostname, the frequency, and sometimes the content. A tool that claims "we don't sell your data" can still fire 400 analytics events per session to four separate brokers. Both statements are technically true.

The audit process here takes three passes:

  1. Discovery — what hosts does the app contact?
  2. Classification — what does each host do?
  3. Decision — block, allow, or tolerate with mitigation.

Work through all three before drawing conclusions.


macOS: Little Snitch + nettop

Step 1 — Baseline with nettop (free, built-in)

nettop is a terminal tool that shows per-process network activity in real time. No install required.

```bash

Launch nettop filtered to a specific app — replace with your app's process name

sudo nettop -p $(pgrep -x "Claude") -d

```

Flags worth knowing:

| Flag | Effect |

|------|--------|

| -d | Delta mode — shows bytes sent/received since last refresh |

| -t wifi | Filter to Wi-Fi interface only |

| -c | Column mode, easier to pipe |

| -x | Show resolved hostnames |

Let the app sit idle for 60 seconds. Note every host that receives traffic when you are doing nothing. These are your ambient beacons — the most privacy-relevant category.

Then use the app normally for five minutes. Note what changes.

Export a snapshot:

```bash

sudo nettop -P -c -x -t wifi > ~/Desktop/ai-audit-$(date +%Y%m%d).txt

```

Step 2 — Deep Inspection with Little Snitch

Little Snitch is the gold standard for macOS per-app firewall monitoring. The free trial runs in alert mode indefinitely — you do not need to buy it to audit.

After installing, set it to Silent Mode → Allow All Connections so it does not interrupt the app, but still logs everything.

Open Network Monitor (the magnifying glass icon), filter by your AI app, and sort by Connection Count descending. You are looking for:

  • Hosts you did not expect
  • Connections that fire on a timer (every 30s, 60s, 300s)
  • POST requests to analytics endpoints (Segment's ingest URL is api.segment.io, Mixpanel's is api2.mixpanel.com)

Enable Log to File under Preferences → Network Monitor to capture a session log you can diff later.

Export the rules list after your session for a paper trail:

```bash

Little Snitch stores its rules here — read-only for auditing

cat ~/Library/Application\ Support/Little\ Snitch/rules.xpl | grep -i "remote-address"

```


Linux: Wireshark + ss + tcpdump

Step 1 — Socket Snapshot with ss

ss (socket statistics) gives you a live view of open connections without needing root for your own processes.

```bash

Show all established TCP connections for a process by name

ss -tnp | grep "cursor\|ollama\|claude"

```

For a continuous watch:

```bash

watch -n 2 "ss -tnp | grep YOUR_APP_NAME"

```

Write down every remote IP. Resolve them:

```bash

Resolve IPs to hostnames

ss -tnp | grep YOUR_APP | awk '{print $5}' | cut -d: -f1 | sort -u | xargs -I{} host {}

```

Step 2 — Capture with tcpdump

tcpdump captures raw packets. Use it to build a PCAP file for Wireshark analysis.

```bash

Capture all traffic from/to your app's process — filter by resolved IP

sudo tcpdump -i any -w ~/Desktop/ai-audit.pcap host api.segment.io or host api2.mixpanel.com

```

Run this during a 5-minute usage session, then stop with Ctrl+C.

Step 3 — Analyze in Wireshark

```bash

Install if needed

sudo apt install wireshark -y

wireshark ~/Desktop/ai-audit.pcap

```

In Wireshark, apply this display filter to isolate analytics traffic:

```

http.host contains "segment" or http.host contains "mixpanel" or http.host contains "amplitude"

```

Right-click any packet → Follow → HTTP Stream to see the full payload. For TLS traffic (most modern apps), you need the app's session keys — see the "TLS Interception" section below.

Capturing TLS with SSLKEYLOGFILE

Many Electron and Python apps respect the SSLKEYLOGFILE environment variable, which writes TLS session keys to disk so Wireshark can decrypt traffic.

```bash

Launch the app with key logging enabled

SSLKEYLOGFILE=~/Desktop/tls-keys.log /usr/bin/your-ai-app &

Capture simultaneously

sudo tcpdump -i any -w ~/Desktop/ai-audit.pcap

```

In Wireshark: Edit → Preferences → Protocols → TLS → (Pre)-Master-Secret log filename → point to ~/Desktop/tls-keys.log. Reload the PCAP. Analytics POST bodies will now be readable.


Windows: Wireshark + Windows Firewall Logging

Step 1 — Enable Firewall Logging

```powershell

Run as Administrator

netsh advfirewall set allprofiles logging filename "C:\audit\fw-log.txt"

netsh advfirewall set allprofiles logging droppedconnections enable

netsh advfirewall set allprofiles logging allowedconnections enable

```

Use the app for five minutes, then parse:

```powershell

Get-Content C:\audit\fw-log.txt | Where-Object { $_ -match "ALLOW" } | Select-String "YOUR_APP_PROCESS"

```

Step 2 — Wireshark Capture on Windows

Download Wireshark from wireshark.org. During install, also install Npcap (the packet capture driver).

Set a capture filter before starting:

```

not (arp or mdns or llmnr)

```

This cuts noise. Let the capture run for 5 minutes of normal use, then stop.

Apply the same display filter as Linux:

```

http.host contains "segment" or http.host contains "sentry" or http.host contains "datadog"

```

For TLS decryption on Windows, Chrome and Edge both write to SSLKEYLOGFILE if the environment variable is set. Electron apps (most AI desktop clients) also respect it.


Red / Yellow / Green Destination Ratings

Rate every host you find against this table. When in doubt, look up the company's data retention and sub-processor list.

🔴 Red — High Privacy Risk (Block by Default)

| Destination | What It Does | Why It's Red |

|-------------|--------------|--------------|

| api.segment.io | Behavioral analytics pipeline | Aggregates user events, resells to downstream tools |

| api2.mixpanel.com | Event tracking | Session-level granularity; retains data 5 years by default |

| cdn.amplitude.com | Product analytics | Full session reconstruction possible |

| rs.fullstory.com | Session replay | Can record keystrokes and DOM state verbatim |

| bat.bing.com | Microsoft ad tracking | Should never appear in a privacy tool |

| connect.facebook.net | Meta Pixel | No legitimate reason for an AI desktop app |

Action: Block at the firewall level. If the app breaks, that is a signal, not a reason to unblock.

🟡 Yellow — Investigate Before Deciding

| Destination | What It Does | Why It's Yellow |

|-------------|--------------|-----------------|

| *.sentry.io | Error/crash reporting | Crash payloads can include stack traces with partial input data. Review what the app sends. |

| *.datadoghq.com | Infrastructure monitoring | Legitimate for SaaS ops; check if client-side SDK is also firing |

| *.intercom.io | In-app support chat | Logs your support conversations; acceptable if you use the chat feature |

| *.stripe.com | Payments | Expected; verify it only fires during payment flows, not on launch |

| *.launchdarkly.com | Feature flags | Receives your user ID and flag evaluations — low risk but watch scope |

Action: Use nettop or Wireshark to confirm these only fire during expected interactions, not at idle.

🟢 Green — Expected (Allow)

| Destination | What It Does |

|-------------|--------------|

| api.openai.com | OpenAI API — the actual work |

| api.anthropic.com | Claude API |

| *.cloudflare.com | CDN, TLS termination |

| ocsp.digicert.com / ocsp.pki.goog | Certificate revocation checks |

| .amazonaws.com / .googleapis.com | Cloud infrastructure |

| api.github.com | Update checks for dev tools |


Building a Permanent Audit Habit

A one-time audit catches today's behavior. Apps update silently.

macOS: In Little Snitch, create a Profile called "AI Audit" with all analytics destinations blocked. Switch to it when using sensitive AI tools. Little Snitch lets you switch profiles from the menu bar in two clicks.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

Linux/Windows: Add a hosts file block list for red destinations. On Linux, a persistent iptables rule is cleaner:

```bash

Block Segment permanently

sudo iptables -A OUTPUT -d api.segment.io -j DROP

sudo iptables-save > /etc/iptables/rules.v4

```

All platforms: Re-run your nettop/ss baseline after every major app update. Most analytics additions ship silently in minor versions.


What to Do When You Find Something Bad

  1. Document first — export your Wireshark PCAP and nettop log before blocking anything.
  2. Check the privacy policy — confirm whether what you found is disclosed. Undisclosed tracking is a regulatory violation in most jurisdictions.
  3. Block at the network layer — don't rely on the app's own settings. An in-app "opt out of analytics" toggle controls the event, not the SDK.
  4. File a report — if the app is marketed as privacy-focused and you found undisclosed tracking, report it to the developer and consider posting to a privacy-focused forum with your evidence.
  5. Find an alternative — our privacy-first AI tools index rates tools by their actual network behavior, not their marketing copy.

Stay Ahead of the Next Update

Network behavior changes without warning. The fastest way to catch it is to get a heads-up when we publish new audit results.

Get our AI Privacy Audit Reports — we run this playbook against the top 20 AI desktop apps quarterly and publish the full results, including PCAP screenshots, to subscribers only.

Last updated: 2026-06-05