Question about NETransparentProxy in macOS Catalina

Yes, HTTP(S) traffic is usually pretty easy to identify either via ports or an NEFlow:

New flow: NEFlow type = stream, app = com.avname.avappname, name = tsa.avname.com, address = 0.0.0.0, port = 443)

The problem here is that there are no solid rules for how to identify AV traffic. Each of these apps uses the network in its own way, so catching this traffic will require a bunch of special cases for each app and how these flows are presented for your AV applications.

You could try and narrow down what your flow looks like, i.e., protocol, address, port by running a packet trace and then starting your audio/video session. This may give you more information on how to identify your flows for the includedNetworkRules.

Matt Eaton

DTS Engineering, CoreOS

meaton3@apple.com

Hi Matt,

Thanks for your reply.

Those audio/video session's destination ports may change all the time, makes it's extremely difficult to identify. So I'm wondering if there is any mechanism that I can just set an "IncludeApp" instead of "NetworkSettings" to specifically proxy an App's traffic? If NETransparentProxy cannot do it, do you know any other way that I can try?

Thanks,

Xin

Xin,

Assigning apps or bundle identifiers to NETransparentProxyNetworkSettings instead of NENetworkRules is not supported. You would need to open an enhancement request for this. If you do choose to open an enhancement request, please follow up with the bug number on this thread so I can copy myself on it.

Matt Eaton

DTS Engineering, CoreOS

meaton3@apple.com

Thanks, Matt. I opened an enhancement request, and I got reponse suggest me to use App Proxy instead. I will give it a try.

-Xin

Thanks Xin,

Could you provide me with the feedback number?

Matt Eaton

DTS Engineering, CoreOS

meaton3@apple.com