Resolved I'm not sure but is this NSA?

Discussion in 'Mac Basics and Help' started by int3, May 19, 2014.

  1. int3, May 19, 2014
    Last edited: May 20, 2014

    int3 macrumors member

    int3

    Joined:
    May 19, 2014
    Location:
    Portugal
    #1
    So, I was checking mysql service because I'm getting trouble to connect PHP with mysql database, and then I listed my all services and grouped all and I saw this:
    (Meanwhile I'm waiting for Telia network fix their trans-atlantic network links) [​IMG]

    What is that com.apple services doing? Are just safari?
    Just curious :D
     
  2. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #2
    Port 80 and 443 are http and https respectively. That's almost certainly your browser traffic.
     
  3. lee1210 macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #3
    It's not a huge deal, but you just told us a bunch of sites you're visiting and what ports you keep open on your machine. This is generally considered unwise because the internet is a bad place.

    -Lee
     
  4. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #4
    Whenever I'm worried about the NSA infiltrating my computer, I post a list of my open ports and browsing history on the internet. ;)

    edit: That does look like Safari to me.
     
  5. int3 thread starter macrumors member

    int3

    Joined:
    May 19, 2014
    Location:
    Portugal
    #5
    NAT does magic my friend.
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #6
    Not on all the external sites you've connected to.
     
  7. int3, May 20, 2014
    Last edited: May 20, 2014

    int3 thread starter macrumors member

    int3

    Joined:
    May 19, 2014
    Location:
    Portugal
    #7
    What do you mean "you've connected to."? You know how PAT works?
    It is based on sessions.
    It has this ACL (Access Control List):
    https://supportforums.cisco.com/doc...shed-connections-and-deny-all-traffic-sourced
    "access-list 100 permit tcp any any established"
    So, ONLY if I'm connecting to X server on X port the router allows the packet from the internet from that X server. Only if the connection is "established" and I was the one starting the connection.
    So, PAT (as known as home NAT) is equal as : you won't scan or invade my closed intranet. :)

    Cisco ccent talking here :p
     
  8. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #8
    You posted a screen shot of your network connections. There's nothing seriously worrisome there but it's easy to see that you're using Amazon web services and connected to sublimetext.com.
    You're certified on Cisco equipment and had to ask "if this was the NSA." Really?
     
  9. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #9
    Your screenshot looks like output from 'lsof'. By default, it only prints the first 9 chars of the process name, so only "com.apple" is shown.

    Add the option +c 0 and lsof should show the entire name. Then figure out exactly which process the "com.apple" is really referring to.
    https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html

    FWIW, processes other than Safari or its helper processes can use the HTTP or HTTPS protocols.

    Finally, you can select text in a Terminal window and copy/paste it. This is generally more useful (and smaller) than screenshots. I recommend posting such output inside CODE tags so spacing is preserved.
     
  10. int3 thread starter macrumors member

    int3

    Joined:
    May 19, 2014
    Location:
    Portugal
    #10
    I don't use amazon services. never. But yeah I was searching for sublimetext.
    And yes, the service "com.apple" was unkown for me. And there was some IP's and I don't know.

    But after realising that "com.apple" was the Safari, I felt less worried.

    ----------

    wow nice.
    I removed "-n" (don't lookup IPs to hostname) then I added "-c 0":
    (I just turned on my computer):
    Code:
    com.apple 425           int3   12u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
    com.apple 425           int3   16u  IPv4 0x46693088c5b3e0cb      0t0    TCP nsaminefield.home:49392->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
    com.apple 425           int3   75u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
    com.apple 425           int3   77u  IPv4 0x46693088c5b580cb      0t0    TCP nsaminefield.home:49268->mad01s14-in-f21.1e100.net:443 (ESTABLISHED)
    my open window is safari with 2 tabs of macrumors forums. :)
    and 1 gmail.
     
  11. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #11
    The option is +c 0 not -c 0 . You're still only getting 9 chars of process name.

    Read The Fine Man Page at the supplied link, and find +c on that page. There's a full discussion of the COMMAND column in the man page.
     
  12. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
  13. int3 thread starter macrumors member

    int3

    Joined:
    May 19, 2014
    Location:
    Portugal
    #13
    I see now com.apple.webkit. nice. I didn't know safari uses webkit.
     

Share This Page