Debugging weird traffic patterns on the mac, you can use nettop. It shows the actual amount of data transferred by the process. It’s very helpful.
Commandline
nettop -m tcp
Example
kernel_task.0 1512 MiB 1041 MiB 387 KiB 11 MiB 1823 KiB
tcp4 1.1.1.30:52104<->1.1.1.29:548 en0 Established 1512 MiB 1041 MiB 387 KiB 11 MiB 1823 KiB 145.12 ms 791 KiB 1545 KiB BK_SYS
vpnagentd.88 158 KiB 554 MiB 0 B 0 B 74 B
tcp4 1.1.1.30:56141<->1.1.1.12:443 en0 Established 26 KiB 12 KiB 0 B 0 B 74 B 77.25 ms 128 KiB 32 KiB BE
tcp4 127.0.0.1:29754<->localhost:49229 lo0 Established 131 KiB 554 MiB 0 B 0 B 0 B 1.22 ms 266 KiB 379 KiB BE
com.crowdstrike.341 995 KiB 5615 KiB 675 B 279 B 29 KiB
tcp4 1.1.1.30:51978<->ec2-50-18-194-39.us-west-1.compute.amazonaws.com:443 en0 Established 995 KiB 5615 KiB 675 B 279 B 29 KiB 93.69 ms 128 KiB 55 KiB RD
Leave a Reply