sudo lsof -p $(pgrep fzmacappproxy) |wc -l 22 AU-L-0534:udppassthrough_withmitm richardwang$ sudo lsof -p $(pgrep fzmacappproxy) -iTCP -iUDP -n -P | wc -l 132 AU-L-0534:udppassthrough_withmitm richardwang$ sudo lsof -p $(pgrep fzmacappproxy) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME com.famil 960 root cwd DIR 1,11 384 746134 /private/var/root/Library/Containers/com.familyzone.macappproxy.fzmacappproxy/Data com.famil 960 root txt REG 1,11 55592080 2909353 /Library/SystemExtensions/8D1C106D-6EA1-469B-87D9-45420894F5A7/com.familyzone.macappproxy.fzmacappproxy.systemextension/Contents/MacOS/com.familyzone.macappproxy.fzmacappproxy com.famil 960 root txt REG 1,11 48316 2908354 /Library/Preferences/Logging/.plist-cache.0ZkpciiO com.famil 960 root txt REG 1,11 32768 2908378 /private/var/db/mds/messages/se_SecurityMessages com.famil 960 root txt REG 1,11 169659 2920492 /private/var/db/analyticsd/events.whitelist com.famil 960 root txt REG 1,11 2160672 1152921500312810115 /usr/lib/dyld com.famil 960 root txt REG 1,11 29638992 1152921500312821865 /usr/share/icu/icudt68l.dat com.famil 960 root 0r CHR 3,2 0t0 331 /dev/null com.famil 960 root 1u CHR 3,2 0t0 331 /dev/null com.famil 960 root 2u CHR 3,2 0t0 331 /dev/null com.famil 960 root 3 NPOLICY com.famil 960 root 4u KQUEUE count=0, state=0xa com.famil 960 root 5u systm 0xd9d0d6782b7f00ed 0t0 [ctl com.apple.flow-divert id 1 unit 1] com.famil 960 root 6u IPv4 0xd9d0d67cf90fdfc5 0t0 TCP localhost:49219->localhost:openmailpxy (ESTABLISHED) com.famil 960 root 7u KQUEUE count=0, state=0xa com.famil 960 root 8 PIPE 0x16f4b00565915ab4 16384 ->0xacbf0638a900fdfd com.famil 960 root 9 PIPE 0xacbf0638a900fdfd 16384 ->0x16f4b00565915ab4 com.famil 960 root 10 CHAN flowsw 6980A6AE-9572-43AE-AEEE-94C5DAFD734A[18] user-packet-pool com.famil 960 root 11u unix 0xd9d0d67cf900b56d 0t0 ->0xd9d0d67cf900b635 com.famil 960 root 12u systm 0xd9d0d6782b7eff6d 0t0 [ctl com.apple.netsrc id 6 unit 18] com.famil 960 root 13u IPv4 0xd9d0d67cfa8e4a65 0t0 TCP 192.168.0.183:49307->208.109.201.35.bc.googleusercontent.com:https (ESTABLISHED) AU-L-0534:udppassthrough_withmitm richardwang$ sudo lsof -p $(pgrep fzmacappproxy) -iTCP -iUDP -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME launchd 1 root 7u IPv6 0xd9d0d67cf90932ed 0t0 TCP *:22 (LISTEN) launchd 1 root 8u IPv4 0xd9d0d67cf9118a65 0t0 TCP *:22 (LISTEN) launchd 1 root 10u IPv6 0xd9d0d67cf90932ed 0t0 TCP *:22 (LISTEN) launchd 1 root 11u IPv4 0xd9d0d67cf9118a65 0t0 TCP *:22 (LISTEN) launchd 1 root 13u IPv4 0xd9d0d6782be640bd 0t0 UDP *:* launchd 1 root 35u IPv4 0xd9d0d6782be5de5d 0t0 UDP *:138 configd 111 root 25u IPv4 0xd9d0d6782be5f9ed 0t0 UDP *:* configd 111 root 28u IPv4 0xd9d0d6782be5f3cd 0t0 UDP *:* configd 111 root 29u IPv4 0xd9d0d6782be5f6dd 0t0 UDP *:* configd 111 root 30u IPv4 0xd9d0d6782be6031d 0t0 UDP *:* remoted 118 root 3u IPv6 0xd9d0d67cf90939cd 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49152->[fe80:7::aede:48ff:fe33:4455]:59602 (ESTABLISHED) remoted 118 root 4u IPv6 0xd9d0d67cf90940ad 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49153 (LISTEN) remoted 118 root 5u IPv6 0xd9d0d67cf909478d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49154 (LISTEN) remoted 118 root 6u IPv6 0xd9d0d67cf9094e6d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49155 (LISTEN) remoted 118 root 7u IPv6 0xd9d0d67cf909554d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49156 (LISTEN) remoted 118 root 8u IPv6 0xd9d0d67cf9095c2d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49157 (LISTEN) remoted 118 root 9u IPv6 0xd9d0d67cf909630d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49158 (LISTEN) remoted 118 root 10u IPv6 0xd9d0d67cf90969ed 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49159 (LISTEN) syslogd 136 root 10u IPv4 0xd9d0d6782be37cfd 0t0 UDP *:62736 locationd 149 _locationd 11u IPv4 0xd9d0d6782be410bd 0t0 UDP *:* AgentMon 150 root 9u IPv4 0xd9d0d67cf9115505 0t0 TCP 192.168.0.183:49179->194.31.144.50:5721 (ESTABLISHED) fc-system 155 root 13u IPv4 0xd9d0d67cf9117fc5 0t0 TCP 127.0.0.1:5770 (LISTEN) fc-system 155 root 19u IPv4 0xd9d0d67cf90dd505 0t0 TCP 192.168.0.183:60721->35.244.73.253:443 (CLOSED) fc-system 155 root 20u IPv4 0xd9d0d67cfa8e1fc5 0t0 TCP 192.168.0.183:63332->34.117.241.107:443 (CLOSED) fc-system 155 root 21u IPv4 0xd9d0d67cf90fb505 0t0 TCP 192.168.0.183:52666->35.197.166.202:443 (CLOSED) fc-system 155 root 23u IPv4 0xd9d0d67cf90fea65 0t0 TCP 127.0.0.1:5768->127.0.0.1:49219 (ESTABLISHED) fc-system 155 root 24u IPv4 0xd9d0d67cf9117505 0t0 TCP 127.0.0.1:5768 (LISTEN) fc-system 155 root 25u IPv4 0xd9d0d67cf90f0a65 0t0 TCP 192.168.0.183:51534->54.66.249.77:443 (CLOSED) fc-system 155 root 26u IPv4 0xd9d0d67cfa8eaa65 0t0 TCP 127.0.0.1:5768->127.0.0.1:49269 (ESTABLISHED) PerfPower 158 root 12u IPv4 0xd9d0d6782be63dad 0t0 UDP *:* PerfPower 158 root 14u IPv4 0xd9d0d6782be5226d 0t0 UDP *:* PerfPower 158 root 15u IPv4 0xd9d0d6782be5162d 0t0 UDP *:* PerfPower 158 root 16u IPv4 0xd9d0d6782be5257d 0t0 UDP *:* KaseyaEnd 160 root 21u IPv4 0xd9d0d67cf90edfc5 0t0 TCP 192.168.0.183:49290->194.31.144.50:5721 (ESTABLISHED) bluetooth 165 root 11u IPv4 0xd9d0d6782be49b4d 0t0 UDP *:* bluetooth 165 root 12u IPv4 0xd9d0d6782be4a78d 0t0 UDP *:* bluetooth 165 root 14u IPv4 0xd9d0d6782be59dad 0t0 UDP *:* AirPlayXP 169 root 3u IPv4 0xd9d0d6782be53e5d 0t0 UDP *:* AirPlayXP 169 root 4u IPv4 0xd9d0d6782be5447d 0t0 UDP *:* AirPlayXP 169 root 6u IPv4 0xd9d0d6782be5321d 0t0 UDP *:* loginwind 177 richardwang 8u IPv4 0xd9d0d6782c94916d 0t0 UDP *:* symptomsd 194 _networkd 25u IPv4 0xd9d0d6782be6347d 0t0 UDP *:* findmydev 204 root 3u IPv6 0xd9d0d67cf90970cd 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49160->[fe80:7::aede:48ff:fe33:4455]:49272 (ESTABLISHED) mDNSRespo 243 _mdnsresponder 6u IPv4 0xd9d0d6782be4f78d 0t0 UDP *:5353 mDNSRespo 243 _mdnsresponder 7u IPv6 0xd9d0d6782be4fa9d 0t0 UDP *:5353 airportd 267 root 5u IPv4 0xd9d0d6782be618ed 0t0 UDP *:* airportd 267 root 6u IPv4 0xd9d0d6782be6283d 0t0 UDP *:* airportd 267 root 11u IPv6 0xd9d0d6782be62e5d 0t0 UDP *:* airportd 267 root 18u IPv4 0xd9d0d6782be4983d 0t0 UDP *:* airportd 267 root 23u IPv4 0xd9d0d6782be61bfd 0t0 UDP *:* airportd 267 root 24u IPv4 0xd9d0d6782be4ee5d 0t0 UDP *:* airportd 267 root 25u IPv4 0xd9d0d6782be4c62d 0t0 UDP *:* airportd 267 root 29u IPv4 0xd9d0d6782be5c57d 0t0 UDP *:* airportd 267 root 31u IPv4 0xd9d0d6782be47f5d 0t0 UDP *:* bosUpdate 303 _softwareupdate 3u IPv6 0xd9d0d67cf908d0ad 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49294->[fe80:7::aede:48ff:fe33:4455]:49268 (ESTABLISHED) corekdld 304 root 3u IPv6 0xd9d0d67cf9097e8d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49161->[fe80:7::aede:48ff:fe33:4455]:49265 (ESTABLISHED) SubmitDia 305 root 3u IPv6 0xd9d0d67cf90977ad 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49155->[fe80:7::aede:48ff:fe33:4455]:49286 (ESTABLISHED) SubmitDia 305 root 5u IPv6 0xd9d0d67cf9098c4d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49173->[fe80:7::aede:48ff:fe33:4455]:49281 (ESTABLISHED) Kaseya.Ag 335 root 12u IPv4 0xd9d0d67cfa8ed505 0t0 TCP 192.168.0.183:49270->194.31.144.50:5721 (ESTABLISHED) wifip2pd 359 root 3u IPv4 0xd9d0d6782be56c4d 0t0 UDP *:* biometric 451 root 3u IPv6 0xd9d0d67cf909856d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49172->[fe80:7::aede:48ff:fe33:4455]:49285 (ESTABLISHED) mobileact 576 root 3u IPv6 0xd9d0d67cf9092c0d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49180->[fe80:7::aede:48ff:fe33:4455]:49278 (ESTABLISHED) rapportd 609 richardwang 3u IPv4 0xd9d0d67cf9113fc5 0t0 TCP *:49181 (LISTEN) rapportd 609 richardwang 4u IPv6 0xd9d0d67cf909932d 0t0 TCP *:49181 (LISTEN) rapportd 609 richardwang 5u IPv4 0xd9d0d6782be3e26d 0t0 UDP *:* rapportd 609 richardwang 6u IPv4 0xd9d0d6782be398ed 0t0 UDP *:* identitys 618 richardwang 23u IPv4 0xd9d0d6782be5693d 0t0 UDP *:* identitys 618 richardwang 28u IPv4 0xd9d0d6782be52f0d 0t0 UDP *:* cloudd 623 richardwang 47u IPv4 0xd9d0d67cf9103fc5 0t0 TCP 192.168.0.183:63191->17.248.252.111:443 (CLOSED) cloudd 623 richardwang 55u IPv4 0xd9d0d67cf90f7505 0t0 TCP 192.168.0.183:51312->17.248.252.108:443 (CLOSED) ControlCe 636 richardwang 17u IPv4 0xd9d0d6782be5193d 0t0 UDP *:* ControlCe 636 richardwang 20u IPv4 0xd9d0d67cf9113505 0t0 TCP *:7000 (LISTEN) ControlCe 636 richardwang 21u IPv6 0xd9d0d67cf909232d 0t0 TCP *:7000 (LISTEN) ControlCe 636 richardwang 22u IPv4 0xd9d0d67cf9111fc5 0t0 TCP *:5000 (LISTEN) ControlCe 636 richardwang 23u IPv6 0xd9d0d67cf908bc0d 0t0 TCP *:5000 (LISTEN) ControlCe 636 richardwang 26u IPv4 0xd9d0d6782be5416d 0t0 UDP *:* sharingd 643 richardwang 4u IPv4 0xd9d0d6782be4231d 0t0 UDP *:* sharingd 643 richardwang 8u IPv4 0xd9d0d6782be3d93d 0t0 UDP *:* sharingd 643 richardwang 9u IPv4 0xd9d0d6782be3ccfd 0t0 UDP *:* sharingd 643 richardwang 10u IPv4 0xd9d0d6782be3d00d 0t0 UDP *:* sharingd 643 richardwang 11u IPv4 0xd9d0d6782be3a83d 0t0 UDP *:* sharingd 643 richardwang 26u IPv4 0xd9d0d6782be646dd 0t0 UDP *:* sharingd 643 richardwang 27u IPv4 0xd9d0d6782be6562d 0t0 UDP *:* parsecd 656 richardwang 7u IPv4 0xd9d0d67cf9105fc5 0t0 TCP 192.168.0.183:62067->52.65.101.65:443 (CLOSED) Google 687 richardwang 19u IPv4 0xd9d0d67cf90e3fc5 0t0 TCP 192.168.0.183:60284->35.201.11.93:443 (CLOSED) Google 687 richardwang 24u IPv4 0xd9d0d67cf910f505 0t0 TCP 192.168.0.183:63114->142.250.66.227:80 (CLOSED) Google 687 richardwang 25u IPv4 0xd9d0d67cf9101fc5 0t0 TCP 192.168.0.183:49292->172.217.194.188:5228 (ESTABLISHED) Google 687 richardwang 26u IPv4 0xd9d0d67cf90f5fc5 0t0 TCP 192.168.0.183:62240->142.250.76.99:80 (CLOSED) Google 687 richardwang 29u IPv4 0xd9d0d67cf90e7fc5 0t0 TCP 192.168.0.183:58067->142.250.66.170:443 (CLOSED) Google 687 richardwang 32u IPv4 0xd9d0d67cf910d505 0t0 TCP 192.168.0.183:49730->17.253.121.201:443 (CLOSED) Google 687 richardwang 38u IPv4 0xd9d0d67cfa8e6a65 0t0 TCP 192.168.0.183:60196->142.250.76.99:80 (CLOSED) Google 687 richardwang 39u IPv4 0xd9d0d67cf90db505 0t0 TCP 192.168.0.183:54193->17.188.22.22:443 (CLOSED) Google 687 richardwang 40u IPv4 0xd9d0d67cfa8e7505 0t0 TCP 192.168.0.183:64512->17.188.22.22:443 (CLOSED) Google 687 richardwang 41u IPv4 0xd9d0d67cf9116a65 0t0 TCP 192.168.0.183:58680->17.188.22.22:443 (CLOSED) Google 687 richardwang 42u IPv4 0xd9d0d67cf90f7fc5 0t0 TCP 192.168.0.183:65068->17.253.121.201:443 (CLOSED) WirelessR 689 root 3u IPv4 0xd9d0d6782be4fdad 0t0 UDP *:* WirelessR 689 root 4u IPv4 0xd9d0d6782be649ed 0t0 UDP *:* WirelessR 689 root 5u IPv4 0xd9d0d6782be64cfd 0t0 UDP *:* WiFiAgent 711 richardwang 6u IPv4 0xd9d0d6782be5352d 0t0 UDP *:* wifiveloc 738 root 3u IPv4 0xd9d0d6782be4e52d 0t0 UDP *:* com.apple 745 richardwang 9u IPv4 0xd9d0d6782be62b4d 0t0 UDP *:* com.apple 745 richardwang 14u IPv4 0xd9d0d6782be6000d 0t0 UDP *:* com.famil 960 root cwd DIR 1,11 384 746134 /private/var/root/Library/Containers/com.familyzone.macappproxy.fzmacappproxy/Data com.famil 960 root txt REG 1,11 55592080 2909353 /Library/SystemExtensions/8D1C106D-6EA1-469B-87D9-45420894F5A7/com.familyzone.macappproxy.fzmacappproxy.systemextension/Contents/MacOS/com.familyzone.macappproxy.fzmacappproxy com.famil 960 root txt REG 1,11 48316 2908354 /Library/Preferences/Logging/.plist-cache.0ZkpciiO com.famil 960 root txt REG 1,11 32768 2908378 /private/var/db/mds/messages/se_SecurityMessages com.famil 960 root txt REG 1,11 169659 2920492 /private/var/db/analyticsd/events.whitelist com.famil 960 root txt REG 1,11 2160672 1152921500312810115 /usr/lib/dyld com.famil 960 root txt REG 1,11 29638992 1152921500312821865 /usr/share/icu/icudt68l.dat com.famil 960 root 0r CHR 3,2 0t0 331 /dev/null com.famil 960 root 1u CHR 3,2 0t0 331 /dev/null com.famil 960 root 2u CHR 3,2 0t0 331 /dev/null com.famil 960 root 3 NPOLICY com.famil 960 root 4u KQUEUE count=0, state=0xa com.famil 960 root 5u systm 0xd9d0d6782b7f00ed 0t0 [ctl com.apple.flow-divert id 1 unit 1] com.famil 960 root 6u IPv4 0xd9d0d67cf90fdfc5 0t0 TCP 127.0.0.1:49219->127.0.0.1:5768 (ESTABLISHED) com.famil 960 root 7u KQUEUE count=0, state=0xa com.famil 960 root 8 PIPE 0x16f4b00565915ab4 16384 ->0xacbf0638a900fdfd com.famil 960 root 9 PIPE 0xacbf0638a900fdfd 16384 ->0x16f4b00565915ab4 com.famil 960 root 10 CHAN flowsw 6980A6AE-9572-43AE-AEEE-94C5DAFD734A[18] user-packet-pool com.famil 960 root 11u unix 0xd9d0d67cf900b56d 0t0 ->0xd9d0d67cf900b635 com.famil 960 root 12u systm 0xd9d0d6782b7eff6d 0t0 [ctl com.apple.netsrc id 6 unit 18] com.famil 960 root 13u IPv4 0xd9d0d67cfa8e4a65 0t0 TCP 192.168.0.183:49307->35.201.109.208:443 (ESTABLISHED) corespeec 1023 richardwang 3u IPv6 0xd9d0d67cf908830d 0t0 TCP [fe80:7::aede:48ff:fe00:1122]:49268->[fe80:7::aede:48ff:fe33:4455]:49261 (ESTABLISHED) JavaAppLa 1043 richardwang 48u IPv6 0xd9d0d67cf908b32d 0t0 TCP 127.0.0.1:49269->127.0.0.1:5768 (ESTABLISHED) iCloudNot 1060 richardwang 11u IPv4 0xd9d0d67cf90f4a65 0t0 TCP 192.168.0.183:61861->17.248.252.15:443 (CLOSED) netbiosd 1600 _netbios 3u IPv4 0xd9d0d6782be640bd 0t0 UDP *:* netbiosd 1600 _netbios 4u IPv4 0xd9d0d6782be5de5d 0t0 UDP *:138 jamf 54169 root 69u IPv4 0xd9d0d67cf9103505 0t0 TCP 192.168.0.183:54032->52.62.51.159:443 (CLOSED) mdmclient 55838 root 5u IPv4 0xd9d0d67cf910aa65 0t0 TCP 192.168.0.183:54094->52.62.51.159:443 (CLOSED) ksfetch 55853 richardwang 8u IPv4 0xd9d0d67cf9106a65 0t0 TCP 192.168.0.183:65250->172.217.167.78:443 (CLOSED) AU-L-0534:udppassthrough_withmitm richardwang$