2

Since a few versions back (I guess it was 10.10 or 10.9) MacOS has this binary /usr/libexec/nsurlsessiond that accesses network on behalf of other processes.

I believe this has to do with Apple trying to help and control network connectivity for apps that are distributed through app store.

But whatever the reason is, there seems to be no way to know what process is using /usr/libexec/nsurlsessiond and what they are doing?

Even using tools like LittleSnitch, you can only see what target they are trying to access (in my case it is usually either 'CloudFront` or 'S3').

My question is is there a way (other than running wireshark constantly to capture an event that happens once a day at some random time), to see who is calling /usr/libexec/nsurlsessiond and what are they doing?

Mike Ounsworth
  • 59,005
  • 21
  • 158
  • 212
Ali
  • 733
  • 1
  • 10
  • 18
  • Unfortunately I don't know if there is a way to know what triggered it, but I think it's mainly used for Spotlight (Suggestions and Bing Searches), and possibly iCloud stuff. Similar question on Apple SE: https://apple.stackexchange.com/questions/180465/how-to-make-nsurlsessiond-actions-less-anonymous-to-the-user – Alexander O'Mara Nov 18 '16 at 21:02

0 Answers0