Cloud Security
Published in

Cloud Security

Apple Macintosh Network Traffic

Noise on your network makes it more challenging to find what matters.

This is one of my posts on Network Security.

Have you ever looked at how much network traffic an Apple Macintosh generates on startup and as it continues to run? I am always monitoring the traffic on my network and each time I start up my system I see what seems like an excessive amount of traffic from Apple Macintosh computers. Perhaps it is all necessary but I suspect there are some things here I don’t need.

I briefly explored how to turn off things like Apple Push and didn’t seem to be a simple task to permanently turn it off. Additionally, there are some services I only want to run at the point I want to update my system. For the average user, they should probably just leave these services running and get updates immediately. Some of us want a little more control over the process. I don’t run certain noisy Apple protocols used for IOT devices on my network either.

When designing systems there is always a trade-off between putting everything on one port or splitting things up onto multiple addresses and ports to be able to monitor the traffic to different services or route it independently. The problem with so much noise on so many ports is that it makes it painful to create network rules and monitor traffic. I wish there was a simple dashboard in the system to control the things that generate this traffic.

Apple isn’t the only software vendor that generates a lot of noise but recently has been the noisiest on my network. I haven’t fired up my Windows or Google Chromebook systems lately. I’m guessing they do something similar, based on the traffic generated by Google Chrome and Microsoft Applications when I start them.

Maybe someday I’ll have time to delve into all this traffic further but for now, be aware of the traffic generated by your systems as I explain in my book, and understand what is and is not supposed to be there. You also may want to limit ports, protocols, and services that are either risky, based on past breaches and vulnerabilities, or simply extraneous. If you can reduce the noise on your network it will be easier to spot rogue traffic. Not to mention, every time you fire up your computer, Apple and anyone monitoring the network knows you are online.

Here’s an incomplete list of services, ports, and protocols. As I am writing this I am getting more Apple traffic alerts so this is not all-inclusive by any means.

direction: outgoing
priority: regular
process: /usr/libexec/adprivacyd
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/adprivacyd
owner: me
destination: partiality.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
owner: me
destination: gsa.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent
owner: me
destination: init.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AppleMediaServices.framework/Versions/A/Resources/amsaccountsd
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AppleMediaServicesUI.framework/amsengagementd
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 1-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 11-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 12-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 19-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 24-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 29-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 34-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 38-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 42-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 45-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 49-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 5-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 7-courier.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: init.push.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 11-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 12-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 17-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 2-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 21-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 23-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 29-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
owner: system
destination: 31-courier.push.apple.com
ports: 5223
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
owner: me
destination: init.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd
owner: me
destination: init.ess.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
owner: me
destination: configuration.ls.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
owner: me
destination: gsp-ssl.ls.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
owner: me
destination: gspe1-ssl.ls.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
owner: me
destination: gspe35-ssl.ls.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service
owner: me
destination: configuration.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service
owner: me
destination: token.safebrowsing.apple
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service
owner: me
destination: safebrowsing.googleapis.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce
owner: me
destination: init.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock
owner: me
destination: itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
owner: me
destination: itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd
owner: me
destination: cds.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
owner: me
destination: init.ess.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
owner: me
destination: pds-init.ess.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd
owner: me
destination: profile.ess.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd
owner: me
destination: init.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd
owner: me
destination: play.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/mapspushd
owner: me
destination: gspe35-ssl.ls.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/mobileassetd
owner: system
destination: gdmf.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/mobileassetd
owner: system
destination: xp.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent
owner: me
destination: swscan.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Applications/News.app/Contents/PlugIns/NewsToday2.appex/Contents/MacOS/NewsToday2
owner: me
destination: bag.itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter
owner: me
destination: itunes.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/nsurlsessiond
owner: system
destination: mesu.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/nsurlsessiond
owner: system
destination: valid.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsec-fbf
owner: me
destination: swallow.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsecd
owner: me
destination: api.smoot.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/rapportd
owner: me
destination: init.ess.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/remindd
owner: me
destination: configuration.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/rtcreportingd
owner: system
destination: pancake.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
owner: system
destination: swscan.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
owner: system
destination: xp.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/syspolicyd
owner: system
destination: api.apple-cloudkit.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/transparencyd
owner: me
destination: init-kt.apple.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd
owner: me
destination: apps.mzstatic.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd
owner: me
destination: s.mzstatic.com
ports: 443
protocol: 6

direction: outgoing
priority: regular
process: /usr/libexec/locationd
owner: system
destination: gs-loc.apple.com
ports: 443
protocol: 6

Teri Radichel

If you liked this story please clap and follow:

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

© 2nd Sight Lab 2021

____________________________________________

Check out other blog posts on the SolarWinds Hack and other cloud breaches from 2nd Sight Lab.

Want to learn more about Cybersecurity and Cloud Security? Check out: Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

For a recap of cybersecurity news last week check out the 2nd Sight Lab Cybersecurity News Blog. Malware, vulnerabilities, data breaches, cost of a data breach, cybersecurity laws, and interesting cybersecurity developments.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Teri Radichel

1.1K Followers

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty | 2ndSightLab.com