I don't understand as, sudo lsof -l|grep EST,
works here.
What do you mean that it works?
I don't understand as, sudo lsof -l|grep EST,
works here.
But it doesn't show all the active connections. Again, for Safari, it only shows an open file named "RESTRICTED_OPENER_DOMAINS.wplist" somewhere in /private/varI don't understand as, sudo lsof -l|grep EST,
works here.
sudo tcpdump -i en7 udp
It shows the ESTABLISHED connections.
Another more sophisticate network "sniffer" I recommend is Wireshark
But I have no idea what is actually causing it or how to fix it.
% su - $ADMINNAME
Password: --> Authenticate
% sudo lsof -l|grep EST
Password: --> Authenticate
Hmmm now there's an idea. Maybe that explains it. Still very strange though. The same processes are running and appearing under network activty. But besides what you are suggesting, I cannot think of a single reason why they'd all suddenly no longer make remote connections.But without further investigation, my only reason I think something is hidden is that you see a difference from the previous OS. I trust your memory.
One thing I do notice is that a a number of the Apple processes, which communicate to their servers via https, are using the UDP-based QUIC protocol. Maybe that's new and the reason you no longer see established connections to Apple servers that you used to see. But, that's just a guess.
Hmmm now there's an idea. Maybe that explains it. Still very strange though. The same processes are running and appearing under network activty. But besides what you are suggesting, I cannot think of a single reason why they'd all suddenly no longer make remote connections.
I am a bit confused. I don't have a separate admin account, the environment variable ADMINNAME is not set and, even if it was possible, I can't see why we would need to login as admin and still have to run the command with sudo.
I am a bit confused. I don't have a separate admin account, the environment variable ADMINNAME is not set and, even if it was possible, I can't see why we would need to login as admin and still have to run the command with sudo.
Tried it. But I see no difference.lsof version in 15.4.1 is 4.91. To build and run lsof 4.99.4 from source:
Code:git clone https://github.com/lsof-org/lsof.git cd lsof ./Configure darwin make ./lsof -h
Apologies, I seen you were replying to someone else and thought the comment was related to their query. Well this is all very strange. Surely it must be a bug, as there's no reason why they'd just decide to hide that traffic from a termina tool.You did read my post that I've confirmed processes are hidden in lsof output? It was at the end of my post #29.
As @svenmany suggested, you can now report a bugTried it. But I see no difference.
It seems that Sonoma was shipping the same version of lsof (4.91) as Sequoia, so something must have changed in Darwin.
I'm not familiar with the lsof command, I use Netiquette to monitor connections. https://objective-see.org/products/netiquette.html
# netstat -naptcp | grep 5223
tcp4 0 0 10.0.1.2.62934 17.57.145.40.5223 ESTABLISHED
# lsof -n -i@17.57.145.40
#
# nettop -l 1 -p 353
time interface state bytes_in bytes_out rx_dupe rx_ooo re-tx rtt_avg rcvsize tx_win tc_class tc_mgt cc_algo P C R W arch
10:22:15.068310 apsd.353 7192 B 80 KiB 694 B 0 B 0 B
10:22:15.065905 tcp4 10.0.1.2:63655<->17.57.145.40:5223 en0 Established 7192 B 80 KiB 694 B 0 B 0 B 20.22 ms 128 KiB 124 KiB RD - cubic - - - - ch
# lsof -n -p 353
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apsd 353 root cwd DIR 1,13 704 2 /
apsd 353 root txt REG 1,13 4238592 1152921500312231194 /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
apsd 353 root txt REG 1,13 66840 117741019 /Library/Preferences/Logging/.plist-cache.vs9ei1aH
apsd 353 root txt REG 1,13 32768 117741085 /private/var/db/mds/messages/se_SecurityMessages
apsd 353 root txt REG 1,13 235024 115285746 /private/var/db/timezone/tz/2025b.1.0/icutz/icutz44l.dat
apsd 353 root txt REG 1,13 293171 117741238 /private/var/db/analyticsd/events.allowlist
apsd 353 root txt REG 1,13 110 1152921500312087311 /System/Library/CoreServices/SystemVersion.bundle/en_AU.lproj/SystemVersion.strings
apsd 353 root txt REG 1,13 2288832 1152921500312522782 /usr/lib/dyld
apsd 353 root txt REG 1,13 32768 57996658 /private/var/root/Library/Group Containers/group.com.apple.apsd/ApplePushService/aps.db-shm
apsd 353 root txt REG 1,13 1137487 1152921500312129906 /System/Library/Frameworks/CFNetwork.framework/Versions/A/Resources/DafsaData.bin
apsd 353 root txt REG 1,13 33979312 1152921500312533288 /usr/share/icu/icudt76l.dat
apsd 353 root txt REG 1,13 285127 1152921500312129910 /System/Library/Frameworks/CFNetwork.framework/Versions/A/Resources/Localizable.loctable
apsd 353 root 0r CHR 3,2 0t0 336 /dev/null
apsd 353 root 1u CHR 3,2 0t0 336 /dev/null
apsd 353 root 2u CHR 3,2 0t6726 336 /dev/null
apsd 353 root 3u REG 1,13 946176 57996615 /private/var/root/Library/Group Containers/group.com.apple.apsd/ApplePushService/aps.db
apsd 353 root 4 NPOLICY
apsd 353 root 5u REG 1,13 4152 57996657 /private/var/root/Library/Group Containers/group.com.apple.apsd/ApplePushService/aps.db-wal
apsd 353 root 6u REG 1,13 32768 57996658 /private/var/root/Library/Group Containers/group.com.apple.apsd/ApplePushService/aps.db-shm
apsd 353 root 7r REG 1,13 946176 57996615 /private/var/root/Library/Group Containers/group.com.apple.apsd/ApplePushService/aps.db
apsd 353 root 8u systm 0x78f4c0f338579e6f 0t0 [ctl com.apple.netsrc id 7 unit 11]
apsd 353 root 10 CHAN flowsw 366038F0-E6FC-4FA7-888F-7C7AE39789E5[5] user-packet-pool
apsd 353 root 11u unix 0x8b955eea09b03eee 0t0 ->0x728ca4b80a7aa9c3
apsd 353 root 12r REG 1,13 68777 128838846 /Library/Preferences/com.apple.apsd.plist