Little Snitch shows coreaudiod attempting to connect

[ehmjay]

So I'm probably just being paranoid but ever since upgrade to Yosemite I've noticed Little Snitch is telling me that "coreaudiod" is trying to access a bunch of IP addresses.

I thought it a little weird that the core audio process would be trying to dial out, and then immediately thought "holy crap! Is something recording my audio and trying to send it somewhere!?"

I was just wondering if this is "normal" behaviour. The first IP address I recorded it trying to connect to was 192.168.0.21 which a Google search said *might* be related to a virus? But then the second one it popped up with, 192.168.1.152 when googled said it was likely router related.

If anyone can put my mind at ease it'd be greatly appreciated.

 

[ehmjay]

Just happened again. Different IP address this time. Here's the report from Little Snitch.

 

[Apple_Robert]

I would delete your picture, as it shows your IP address.

 

[bankshot]

192.168.*.* addresses are all private, so it's certainly not try to connect or send information to the internet. Do you have any Airplay devices on your local network? Could it be trying to contact them? A quick Google search indicates that Airplay does use port 5000 for audio streaming.

 

[matt2053]

So I'm probably just being paranoid but ever since upgrade to Yosemite I've noticed Little Snitch is telling me that "coreaudiod" is trying to access a bunch of IP addresses.

I thought it a little weird that the core audio process would be trying to dial out, and then immediately thought "holy crap! Is something recording my audio and trying to send it somewhere!?"

I was just wondering if this is "normal" behaviour. The first IP address I recorded it trying to connect to was 192.168.0.21 which a Google search said *might* be related to a virus? But then the second one it popped up with, 192.168.1.152 when googled said it was likely router related.

If anyone can put my mind at ease it'd be greatly appreciated.

I can put your mind at ease-- 192.168.x.x addresses are local addresses, on your local network. The connection attempt is not leaving your LAN, it's attempting to connect to another device *on your network.*

 

[YanniDepp]

I'd bet a lot of money that it's AirPlay looking for things to AirPlay to.

 

[ehmjay]

Just heard from the little snitch guys and they confirmed that it is in fact AirPlay.

Not sure why it never popped up on previous versions of OS X but at least my mind is at ease.

Thanks guys.

 

[flibbidy]

Same issue, different address...

I've just had the same issue pop up, but with a different IP.

Core audio tried to connect to 172.16.1.65

This is definitely *not* on my own network, which is entirely 192.168.*.* format.

Is Coreaudio trying to connect Airplay to someone else's network?

I live in an apartment building, and pretty much every apartment has wi-fi, so I can see how it would be in the realm of possibility.

 

[SlCKB0Y]

I've just had the same issue pop up, but with a different IP.

Core audio tried to connect to 172.16.1.65

This is definitely *not* on my own network, which is entirely 192.168.*.* format.

Is Coreaudio trying to connect Airplay to someone else's network?

I live in an apartment building, and pretty much every apartment has wi-fi, so I can see how it would be in the realm of possibility.

172.16.x.x is also a private IP address.

 

[flibbidy]

Yes, it's a private address... but it's not on my network.

What is it trying to connect to?

Someone else's AirPlay device, somewhere in my apartment building?

 

[cjmillsnun]

Yes, it's a private address... but it's not on my network.

What is it trying to connect to?

Someone else's AirPlay device, somewhere in my apartment building?

No, being a private address, it (your mac) has to be connected to that network (not just the network visible but full on sending and receiving packets).

It's just likely trying to find devices and is trying private addresses. The only other possibility is that someone has connected to your network. Somehow I doubt this.

 

[Klasw]

Got this problem also

Hello!

I got his outgoing connection also. I my case the process coreaudiod are trying to connect to 192.168.1.2, witch is my router!

I think its wrong to say, as it hade been said in this tree, that its nothing to worried about if its a local adress. If an intruder get an IP on your local network, for example by bad wifi security and If it is the router I think it is problematic when main OS processes trying to connect out.

Mac configuration for Airplay is not good. At least I cant fin a way to turn it off.

(excuse my bad english, it is not my first languages)

 

[simonsi]

Yes, it's a private address... but it's not on my network.

What is it trying to connect to?

Someone else's AirPlay device, somewhere in my apartment building?

Are you on a vpn? Typically you may get a 172. range address whilst you are on a vpn...even if your an is 192...

----------

Hello!

I got his outgoing connection also. I my case the process coreaudiod are trying to connect to 192.168.1.2, witch is my router!

192.168.1.1 would normally be your router (which cold be being used as a gateway to the internet.

192.168.1.2 is most likely a device on your network...

 

[ianj1972]

I love little snitch but this is arguably its biggest 'problem', if you don't understand how this stuff works it can cause some deep rooted paranoia!

If an intruder has got into your network, AirPlay broadcasting is amongst the least of your worries.

 

[Klasw]

...
192.168.1.2 is most likely a device on your network...

A bit bad explanation off me, I have two routers. Extern is 192.168.1.X network and intern is 192.168.0.X network. The intern router got the IP 192.168.1.2, as gateway to the extern.

I also seen in Little Snitch that thee is a connection to airplay.us (who goes to apple.com, if you try to connect the URL), my bee it is that. But way would a sound driver want to connect to a internet url?

 

[simonsi]

A bit bad explanation off me, I have two routers. Extern is 192.168.1.X network and intern is 192.168.0.X network. The intern router got the IP 192.168.1.2, as gateway to the extern.

I don't understand, if you are looking on the internal network, the gateway/router ip address would still be a 192.168.0.X address, it wouldn't see the 192.168.1.X range.

I think you mean on the network between the two routers? That could be a different range but again it wouldn't be visible on either the WAN side of the external router, or the LAN side of the internal router (where your network devices are)???

Either way you clearly understand it

Are you sure Airplay isn't just trying to connect to all ip addresses on the network as a discovery activity?

 

[Klasw]

I don't understand, if you are looking on the internal network, the gateway/router ip address would still be a 192.168.0.X address, it wouldn't see the 192.168.1.X range.

I think you mean on the network between the two routers? That could be a different range but again it wouldn't be visible on either the WAN side of the external router, or the LAN side of the internal router (where your network devices are)???

Either way you clearly understand it

Are you sure Airplay isn't just trying to connect to all ip addresses on the network as a discovery activity?

It is easy, Little Snitch report that coreaudiod want to connect to 192.168.1.2 . 192.168.1.2 is the IP off inern router witch it got from the extern router. Little Snitch actually see it.

I got two routers, witch to different IP span, for reason who is not important here.

 

[leman]

Core audio tried to connect to 172.16.1.65

This is definitely *not* on my own network, which is entirely 192.168.*.* format.

That could be your iPhone/iPad whatever connected via an ad-hoc WiFi or Bluetooth connection.

I think its wrong to say, as it hade been said in this tree, that its nothing to worried about if its a local adress. If an intruder get an IP on your local network, for example by bad wifi security and If it is the router I think it is problematic when main OS processes trying to connect out

If you have an intruder in your local network then Airplay is the least of your worries. What are you afraid of? That the intruder will play your music? Either you want full security or you want convenience. Services like Airplay, Bonjour advertising, Continuity are not possible without some sort of automated network discovery. If you need a 100% closed system, OS X is a wrong choice to begin with.

 

[fhall1]

A bit bad explanation off me, I have two routers. Extern is 192.168.1.X network and intern is 192.168.0.X network. The intern router got the IP 192.168.1.2, as gateway to the extern.

I also seen in Little Snitch that thee is a connection to airplay.us (who goes to apple.com, if you try to connect the URL), my bee it is that. But way would a sound driver want to connect to a internet url?

Without seeing your network diagram I can't be sure, but hopefully you're not using the two routers as a way to keep traffic segregated between your internal and external networks as separate subnets where machines on one net can't see machines on the other. You need three routers for that.

 

[simonsi]

Without seeing your network diagram I can't be sure, but hopefully you're not using the two routers as a way to keep traffic segregated between your internal and external networks as separate subnets where machines on one net can't see machines on the other. You need three routers for that.

I think that is what he is trying to do, hence a machine on one subnet looking for an ip on the other, the ranges arent segregated as the OP thinks.

 

[Klasw]

Without seeing your network diagram I can't be sure, but hopefully you're not using the two routers as a way to keep traffic segregated between your internal and external networks as separate subnets where machines on one net can't see machines on the other. You need three routers for that.

Off topic, but actually it is one of the reason. I thought NAT should take care off that?

Thank you very much for you respond, I the learned something to day!

 

[Klasw]

That could be your iPhone/iPad whatever connected via an ad-hoc WiFi or Bluetooth connection.



If you have an intruder in your local network then Airplay is the least of your worries. What are you afraid of? That the intruder will play your music? Either you want full security or you want convenience. Services like Airplay, Bonjour advertising, Continuity are not possible without some sort of automated network discovery. If you need a 100% closed system, OS X is a wrong choice to begin with.

What I am afraid off?
That is for me a very bad answer on he question way a sound driver is connecting out on internet. First it is an respond with a question, and not with a explanation. Second , it is also a bit insulting, you don´t know my security reason. My bee I am political activist, who want to keep my Chomsky sound lectures for my self? Ore my bee I just want to know that no one easily is spying on me, you should respect that. Last, you never know what a driver can bee used for, their have been drivers used as backdoors before, in computer history.

I also understand their not even is 100% closed system (I am no that uneducated), People have the right to know way their privacy is violated, especially when they pay a lot of money for a computer and an OS. But I am glad that I have Linux on other machines, for sure. If it wasn't for some program like Dreamweaver, I do not know if I ever would have bought a MaC.

Mac It is quite nice an neat in manny aspects, though, like Airplay. But you should be with a choice to turn it off. I dont know wy you can not turn it of on MaCbook (on an Ipad you can). That is probably the main question for this tree, an ON/OFF button. It is a question for Macintosh also. I will adress them on this issue.

 

[leman]

That is for me a very bad answer on he question way a sound driver is connecting out on internet.

Its not connecting out to internet, we have already established that much. So the security issue only appears if you have intruder in your local network. At which point Airplay is probably the least of your issues.

 

[Klasw]

Its not connecting out to internet, we have already established that much. So the security issue only appears if you have intruder in your local network. At which point Airplay is probably the least of your issues.

I got connection request in Little Snitch to the url; airport.us just after my login and just before coreaudiod want to connect on the gateway. That is very suspicious. Before upgrade to Yosemite this did not happening. I want to know what is going on.

 

[simonsi]

I got connection request in Little Snitch to the url; airport.us just after my login and just before coreaudiod want to connect on the gateway. That is very suspicious. Before upgrade to Yosemite this did not happening. I want to know what is going on.

That url redirects to apple.com - did you try and load it before getting worried?

I'd expect it is for some cloud/music function or other introduced with Yosemite (Yosemite was quite public with its long list of new features), personally I'm not too worried....

If you are still worried (I'll bet you are), then ask Apple.