Nsurlsessiond Little Snitch

by
My father's Macbook Pro is consuming bandwidth at a prodigious rate, and he's on a metered data connection (10gb/month 4g data). What should I be sure to disable so he can control when the system wants to run updates? List of what I've already tried inside.
  1. Nsurlsessiond Little Snitch Movie
  2. Nsurlsessiond Little Snitch Online


My dad has a 2008 MBP. Since I gave it to him in 2012, he's been using it without problems on his metered connection. However, back at Christmas I updated him to OS X 10.10.2. I also suggested he try running Chrome, since Firefox was not handling the memory-constrained environment (2gb RAM, which he's now upgraded to 4gb). Starting midway through April, the system downloaded several large things without asking first, and he's hit overage charges on his connection -- he actually had to turn off his access point entirely for a few days last month, and now that he's turned it back on, he's seeing more unwanted use.
I've advised him to run Activity Monitor and keep an eye on download use. Right now the offending process seems to be nsurlsessiond, which is OS X's download management library, used by just about everything, it seems like. This morning while on the phone with me, he enabled wifi and almost immediately nsurlsessiond downloaded ~1gb!
I had him disable wifi and drive to a public wifi hotspot, where I did some remote support via TeamViewer.
Before this morning, I had already set the App Store to never download w/o user action. Today I disabled iCloud entirely, disabled Spotlight 'bing search,' and 'spotlight suggestions,' and disabled Chrome auto updates (but created a desktop shortcut he can run when he's on public wifi).
I've also shown him how to run Activity Monitor to manage network traffic. I asked him to $ sudo lsof -i and paste the results to me in an email, if the unwanted data use reoccurs while he's watching -- hopefully whatever nsurlsessiond is connecting to will give me a clue. I've advised him to keep his wifi off while he's not actively browsing, too.
For the record, my dad's pretty tech-savvy -- he was a Novell CNE in the 90s, before he retired -- but not really up to speed with TCP/IP or modern unix-like OSes. He can't change to an unmetered connection because 4G data is the only thing aside from dialup available where he lives -- no cable down his street, and too far from the CO for DSL. Satellite isn't an option because of both caps and latency. We're looking for ways to manage unwanted downloads so he can get the most out of his 4G modem. He also has an iPad and an iPhone 6 connected to the modem's wifi, but we're pretty sure the computer is at fault -- big downloads occurred while he inadvertently left the machine on while on an overnight trip away from his home with both other devices.

Question regarding dropbox components on my 10.13.6 mac: Had Dropbox installed a long time ago. I uninstalled everthing but Little Snitch firewall was showing that nsurlsessiond was connecting to api-content.dropbox.com Can someone explain why this connection is happening and what could be trigg. Jul 10, 2017  The new Little Snitch Silent Mode Little Snitch is designed to alert you when an app makes a connection. You can then decide whether to deny or allow that connection in the future. Apr 12, 2020  The culprit seems to be the nsurlsessiond process, using up 60% of one core without doing anything. I deactivated all iCould, Mail, Messages and other services that might use the process and I installed Little Snitch to check what it is up- or downloading, but the strange thing is, that the process is downloading nothing at all. Oct 25, 2016  Contribute to archae0pteryx/snitchery development by creating an account on GitHub. Little Snitch Rules. Contribute to archae0pteryx/snitchery development by creating an account on GitHub. Nsurlsessiond (ANY) (This is for proper name server addressing. Little Snitch is not available for Windows but there are plenty of alternatives that runs on Windows with similar functionality. The most popular Windows alternative is GlassWire, which is free.If that doesn't suit you, our users have ranked 25 alternatives to Little Snitch and 13 are available for Windows so hopefully you can find a suitable replacement. Reinstalled Catalina. Nsurlsessiond, trustd, syslogd, launchd and WindowServer are now massively slowing down my laptop, to the point the dock lags and fans rev up. Anyone have any idea why? I’ve tried using little snitch to see what IP addresses the daemons are connecting to and they’re all mostly all Apple related, so I hope my Apple.

posted by Alterscape to Computers & Internet (9 answers total) 1 user marked this as a favorite
He also has an iPad and an iPhone 6 connected to the modem's wifi, but we're pretty sure the computer is at fault
I'd just do the routine checks on those things also, there may be some weird way they are interacting with the desktop machine/internet if they're doing wireless sync stuff. I feel like turning off iCloud is going to nail this (I can't think of anything else that would do updates approaching that magnitude), but if not.
So you've got the app store sorted. How about things like
- Adobe Flash and any other software with an updater that doesn't go through the app store
- Other browsers which may be downloading updates even if they're not the one's he's using (and all the related add-ons for example. Firefox can check that.)
- Antivirus stuff that would download update packages
- Itunes - any checking stuff it does (genius, covers, etc)
I haven't used the new Photos app but if he has that make sure it's not adding locations to some idiot online map or otherwise tying to sync to some cloud thing. Otherwise I'd dive into the forums, the people there are pretty helpful and might be able to help you untangle this or think of things you haven't before. There's some good info in this thread for example including a script that will kill nsurlsessiond until the next reboot.
posted by jessamyn at 12:57 PM on May 2, 2015

I also suggested he try running Chrome
Hm. Chrome does anticipatory pre-rendering: if you load a page, it will check the links and pull in content from them so that if/when you click on a link. Of course, if you don't click on a link, you've pulled in content that you don't need, which is problematic on a metered connection. You can disable this in the advanced settings ('Prefetch resources to load pages more quickly') but it's on by default. That said, I wouldn't expect it to pull down a gig from prefetching, and I don't think it uses nsurlsessiond.
More broadly, Little Snitch will provide more granular information on real-time network activity, with a menubar indicator of incoming/outgoing traffic.
posted by holgate at 12:59 PM on May 2, 2015 [2 favorites]

I use iStat Menus, which displays, among other things, a network activity monitor in my menubar. If you see it spike, you can generally click to see what application is responsible.
posted by zachlipton at 1:04 PM on May 2, 2015

Under System Preferences > App Store, make sure 'Download newly available updates in background' is unchecked. The three 'Install..' options should be unchecked, as well.
Turn. Off. iCloud.
posted by Thorzdad at 1:29 PM on May 2, 2015 [1 favorite]

I came in here to suggest using Little Snitch to restrict outgoing connections very granularly.
posted by tapir-whorf at 2:35 PM on May 2, 2015 [1 favorite]

Nsurlsessiond little snitch
Good answers, everyone -- thank you! He's resistant to spending $35 on Little Snitch, but I told him it may be worth it in terms of peace-of-mind. I may just buy it for him, heh.
posted by Alterscape at 8:49 PM on May 2, 2015

Make sure to check that the iPhone and iPad aren't set to automatically backup and update when plugged in, locked, and connected to Wifi. I have a hotspot too and was eating data like crazy. I finally realized that when I plugged in my phone and iPad each night to charge while I slept they were automatically backing up EVERYTHING (hey lots of photos!) and eating my data. Now I do it manually when I'm on a friends wifi.
posted by MultiFaceted at 11:12 PM on May 2, 2015

(Little Snitch is on sale right now via MacUpdate.)
posted by holgate at 10:51 PM on May 4, 2015

I just saw this Lifehacker article on the TripMode app, which provides you with a menu bar widget to manage which apps can use bandwidth.
No experience with it, but I thought of this question when I saw it.
posted by misterbrandt at 1:41 PM on May 6, 2015

Nsurlsessiond Little Snitch Movie

« Older Anything like the Harvard Extension School in the.. Sounds like Gymnopédies Newer »
This thread is closed to new comments.

OSX hacks, tweaks and cleaners.October 25, 2012
OSX: How to copy plain-text always, everywhere,..June 6, 2011
Once you see my sweet moves you're gonna stay..May 20, 2010
What are the Mac Software Must HavesMay 29, 2008
Best Free Programs for a Mac?November 16, 2006
Snitch

Snitchery

Little snitch Rule set(s)

Installation:

  1. Open Littledsnitch config
  2. Place hot_pocket in wave: do
  3. cook on high for 2.5 min
  4. click import rules (where applicable i.e. 'all over')

Theory / Mechanics / General Thoughts

Litle snitch has some really amazing features, namely, auto profile switching for different networks.

I always begin with setting a 'deny connections' for everything, then, allowing what I need. It took me a long time to figure this part out. This will save you from having a pop up every goddamn second when you fire this baby up.

When you import these rules you'll most certainly have applications that I don't and vice versa. You will see this expressed in the approprate menu on the left side of the Little Snitch config.

This set is nowhere near finished but it's a great starting point for someone to 'train' their own firewall. My general 'rule of thumb' (sorry ladies) has been to adhere to the rule of least permissions. This is great in theory but unfortunately in the real world it becomes extrememly annoying to approve rules on a domain by domain basis. So, I have been training the snitch via Port and Protocol and not the full-on, super annoying, domain based rules.

Rules and Profiles

Nsurlsessiond Little Snitch Online

Profiles:

  • Home
  • Obviously, home network with very permissive rules.
  • Hotspot
  • This one is a work in progress as I rarely use 'hotspots'
  • iPoop (iPhone)
  • This is similar to the Hotspot but should be used with a 'trusted device'
  • Public
  • Super strict ruleset for public networks.
  • Public +
  • Similar to Public but a bit more permissive in order to get work done.
  • Vadded (VPN)
  • I used mullvad as my preferred VPN provider for a long time. Now, I configure my own VPN's through digital ocean. The idea is the same either way, because of encryption, we can use this as the permissive set.

Rules:

  • Effective in all profiles

  • Only the default system bits and VPN connectivity.

  • Home

  • accountsd (443)

  • Addressbook (443)

  • Adobe desktop service (DENY) (I HATE THE AMOUNT OF ADOBE BS.)

  • AGS (see above)

  • Airplay (7000)

  • AKD (443)

  • Alfred (443)

  • Atom (443)

  • Calender Agent (443)

  • Clip Menu (DENY)

  • CloudD (443)

  • com.geod (80, 443) (For device tracking)

  • Safe Browsing (443)

  • Contacts (443)

  • Core Sync (Adobe) (DENY)

  • Creative Cloud (443)

  • Docker (443)

  • Firefox (ANY)

  • Gamed (DENY) (I fucking hate gamed!)

    Little snitch 3.7 cracked

  • Google Update (DENY) (I prefer to do this manually)

  • helpd (DENY) (i google anyway)

  • imagent (5523) (This is for messages to work)

  • iStat Menus (443)

  • iTerm2 (ALLOW ALL)

  • iTunes (443)

  • ksfetch (DENY) (This is for google update and I have no faith in google. Again. Manually take care of updates. Also, when / if you use Chrome it will tell you there're updates anyway.)

  • Little Snitch Update (443)

  • locationd (443) (This is for find my mac to work. I always keep this enabled for all profiles because if my laptop is ever stolen, i'd hate to have little snitch block me from finding it! (this HAS happened to me!))

  • Mail (443, 585, 143, 993, 465)

  • mapspushd (443 to domain: apple)

  • MEGAclient (ANY)

  • Messages (DENY 80, ALLOW 443)

  • nbagent (ANY) (This is for NETBIOS and the Bonjour service as far as I have read.. I need to play with this one a bit more)

  • node (ANOTHER ADOBE BS.. DENY)

  • node (for creative cloud allow 443)

  • nsurlsessiond (ANY) (This is for proper name server addressing. I need to investigate this one as well)

  • OPENVPN (ALLOW ANY) (both user processes and system)

  • photolibraryd (DENY) (I don't use the photo cloud BS.. so.. deny.)

  • Photos Agent (443) (as far as I can tell, this one is just for photo app updates and the like.)

  • Safari (ANY)

  • Slack (443)

  • SoftwareUpdateD (deny) (i need to revisit this one)

  • Spectacle (443) (another one I need to revisit)

  • Stocks (443)

  • Store Accountsd (ANY)

  • Store Assets D (443)

  • Thunderbird (DENY 80, ALLOW mail protocol ports only)

  • Transmission (DENY) (We don't want un-encrypted torrents on our home network do we?)

  • Unity (443)

  • User event agent (80) (revisit)

  • Weather (443 to apple only)