Resolved I'm not sure but is this NSA?

int3 · May 19, 2014

So, I was checking mysql service because I'm getting trouble to connect PHP with mysql database, and then I listed my all services and grouped all and I saw this:
(Meanwhile I'm waiting for Telia network fix their trans-atlantic network links)

What is that com.apple services doing? Are just safari?
Just curious

chrfr · May 19, 2014

int3 said:
What is that com.apple services doing? Are just safari?
Just curious

Port 80 and 443 are http and https respectively. That's almost certainly your browser traffic.

lee1210 · May 19, 2014

It's not a huge deal, but you just told us a bunch of sites you're visiting and what ports you keep open on your machine. This is generally considered unwise because the internet is a bad place.

-Lee

2984839 · May 19, 2014

lee1210 said:
It's not a huge deal, but you just told us a bunch of sites you're visiting and what ports you keep open on your machine. This is generally considered unwise because the internet is a bad place.

-Lee

Whenever I'm worried about the NSA infiltrating my computer, I post a list of my open ports and browsing history on the internet.

edit: That does look like Safari to me.

int3 · May 20, 2014

556fmjoe said:
Whenever I'm worried about the NSA infiltrating my computer, I post a list of my open ports and browsing history on the internet.

edit: That does look like Safari to me.

NAT does magic my friend.

chrfr · May 20, 2014

int3 said:
NAT does magic my friend.

Not on all the external sites you've connected to.

int3 · May 20, 2014

chrfr said:
Not on all the external sites you've connected to.

What do you mean "you've connected to."? You know how PAT works?
It is based on sessions.
It has this ACL (Access Control List):
https://supportforums.cisco.com/doc...shed-connections-and-deny-all-traffic-sourced
"access-list 100 permit tcp any any established"
So, ONLY if I'm connecting to X server on X port the router allows the packet from the internet from that X server. Only if the connection is "established" and I was the one starting the connection.
So, PAT (as known as home NAT) is equal as : you won't scan or invade my closed intranet.

Cisco ccent talking here

chrfr · May 20, 2014

int3 said:
What do you mean "you've connected to."?

You posted a screen shot of your network connections. There's nothing seriously worrisome there but it's easy to see that you're using Amazon web services and connected to sublimetext.com.
You're certified on Cisco equipment and had to ask "if this was the NSA." Really?

chown33 · May 20, 2014

Your screenshot looks like output from 'lsof'. By default, it only prints the first 9 chars of the process name, so only "com.apple" is shown.

Add the option +c 0 and lsof should show the entire name. Then figure out exactly which process the "com.apple" is really referring to.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html

FWIW, processes other than Safari or its helper processes can use the HTTP or HTTPS protocols.

Finally, you can select text in a Terminal window and copy/paste it. This is generally more useful (and smaller) than screenshots. I recommend posting such output inside CODE tags so spacing is preserved.

int3 · May 20, 2014

chrfr said:
You posted a screen shot of your network connections. There's nothing seriously worrisome there but it's easy to see that you're using Amazon web services and connected to sublimetext.com.
You're certified on Cisco equipment and had to ask "if this was the NSA." Really?

I don't use amazon services. never. But yeah I was searching for sublimetext.
And yes, the service "com.apple" was unkown for me. And there was some IP's and I don't know.

But after realising that "com.apple" was the Safari, I felt less worried.

----------

chown33 said:
Your screenshot looks like output from 'lsof'. By default, it only prints the first 9 chars of the process name, so only "com.apple" is shown.

Add the option +c 0 and lsof should show the entire name. Then figure out exactly which process the "com.apple" is really referring to.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html

FWIW, processes other than Safari or its helper processes can use the HTTP or HTTPS protocols.

Finally, you can select text in a Terminal window and copy/paste it. This is generally more useful (and smaller) than screenshots. I recommend posting such output inside CODE tags so spacing is preserved.

wow nice.
I removed "-n" (don't lookup IPs to hostname) then I added "-c 0":
(I just turned on my computer):

Code:

com.apple 425           int3   12u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   16u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   75u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   77u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)

my open window is safari with 2 tabs of macrumors forums.

and 1 gmail.

chown33 · May 20, 2014

int3 said:

I removed "-n" (don't lookup IPs to hostname) then I added "-c 0":
(I just turned on my computer):

Code:

com.apple 425           int3   12u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   16u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   75u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
com.apple 425           int3   77u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)

my open window is safari with 2 tabs of macrumors forums.

and 1 gmail.

The option is +c 0 not -c 0 . You're still only getting 9 chars of process name.

Read The Fine Man Page at the supplied link, and find +c on that page. There's a full discussion of the COMMAND column in the man page.

960design · May 20, 2014

It's NOT NSA, they don't leave tracks.

int3 · May 20, 2014

chown33 said:
The option is +c 0 not -c 0 . You're still only getting 9 chars of process name.

Read The Fine Man Page at the supplied link, and find +c on that page. There's a full discussion of the COMMAND column in the man page.

I see now com.apple.webkit. nice. I didn't know safari uses webkit.

Search

Search

Resolved I'm not sure but is this NSA?

int3

macrumors member

chrfr

macrumors G5

lee1210

macrumors 68040

2984839

Cancelled

int3

macrumors member

chrfr

macrumors G5

int3

macrumors member

chrfr

macrumors G5

chown33

Moderator

int3

macrumors member

chown33

Moderator

960design

macrumors 68040

int3

macrumors member

Our Staff