Apple Macintosh Network Traffic
Noise on your network makes it more challenging to find what matters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: OS and IoT Security | Network Security | Apple Mac Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
![](https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*_O8V1yf6x5qKD2RLsaK7JA.jpeg)
Have you ever looked at how much network traffic an Apple Macintosh generates on startup and as it continues to run? I am always monitoring the traffic on my network and each time I start up my system I see what seems like an excessive amount of traffic from Apple Macintosh computers. Perhaps it is all necessary but I suspect there are some things here I don’t need.
[Update: Have some posts at the bottom where I’m turning various services off to try to reduce network traffic and services I don’t need. Why is this not simple to find?]
I briefly explored how to turn off things like Apple Push and didn’t seem to be a simple task to permanently turn it off. Additionally, there are some services I only want to run at the point I want to update my system. For the average user, they should probably just leave these services running and get updates immediately. Some of us want a little more control over the process. I don’t run certain noisy Apple protocols used for IOT devices on my network either.
When designing systems there is always a trade-off between putting everything on one port or splitting things up onto multiple addresses and ports to be able to monitor the traffic to different services or route it independently. The problem with so much noise on so many ports is that it makes it painful to create network rules and monitor traffic. I wish there was a simple dashboard in the system to control the things that generate this traffic.
Apple isn’t the only software vendor that generates a lot of noise but recently has been the noisiest on my network. I haven’t fired up my Windows or Google Chromebook systems lately. I’m guessing they do something similar, based on the traffic generated by Google Chrome and Microsoft Applications when I start them.
Maybe someday I’ll have time to delve into all this traffic further but for now, be aware of the traffic generated by your systems as I explain in my book, and understand what is and is not supposed to be there. You also may want to limit ports, protocols, and services that are either risky, based on past breaches and vulnerabilities, or simply extraneous. If you can reduce the noise on your network it will be easier to spot rogue traffic. Not to mention, every time you fire up your computer, Apple and anyone monitoring the network knows you are online.
Here’s an incomplete list of services, ports, and protocols. As I am writing this I am getting more Apple traffic alerts so this is not all-inclusive by any means.
direction: outgoing priority: regular process: /usr/libexec/adprivacyd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/adprivacyd owner: me destination: partiality.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd owner: me destination: gsa.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent owner: me destination: init.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppleMediaServices.framework/Versions/A/Resources/amsaccountsd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppleMediaServicesUI.framework/amsengagementd owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 1-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 11-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 12-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 19-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 24-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 29-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 34-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 38-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 42-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 45-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 49-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 5-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 7-courier.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: init.push.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 11-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 12-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 17-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 2-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 21-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 23-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 29-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/ApplePushService.framework/apsd owner: system destination: 31-courier.push.apple.com ports: 5223 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resources/askpermissiond owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd owner: me destination: init.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd owner: me destination: init.ess.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: configuration.ls.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gsp-ssl.ls.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gspe1-ssl.ls.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod owner: me destination: gspe35-ssl.ls.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: configuration.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: token.safebrowsing.apple ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/Versions/A/com.apple.Safari.SafeBrowsing.Service owner: me destination: safebrowsing.googleapis.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce owner: me destination: init.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock owner: me destination: itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder owner: me destination: itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd owner: me destination: cds.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: init.ess.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: pds-init.ess.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd owner: me destination: profile.ess.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: init.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: play.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/mapspushd owner: me destination: gspe35-ssl.ls.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/mobileassetd owner: system destination: gdmf.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/mobileassetd owner: system destination: xp.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/nbagent.app/Contents/MacOS/nbagent owner: me destination: swscan.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Applications/News.app/Contents/PlugIns/NewsToday2.appex/Contents/MacOS/NewsToday2 owner: me destination: bag.itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter owner: me destination: itunes.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/nsurlsessiond owner: system destination: mesu.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/nsurlsessiond owner: system destination: valid.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsec-fbf owner: me destination: swallow.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/CoreParsec.framework/parsecd owner: me destination: api.smoot.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/rapportd owner: me destination: init.ess.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/remindd owner: me destination: configuration.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/rtcreportingd owner: system destination: pancake.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated owner: system destination: swscan.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated owner: system destination: xp.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/syspolicyd owner: system destination: api.apple-cloudkit.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/transparencyd owner: me destination: init-kt.apple.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: apps.mzstatic.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd owner: me destination: s.mzstatic.com ports: 443 protocol: 6
direction: outgoing priority: regular process: /usr/libexec/locationd owner: system destination: gs-loc.apple.com ports: 443 protocol: 6
Here are some posts where I’m turning off various servcies in a start up script.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
![](https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg)