Previous 1 2 Next 22 Replies Latest reply: Dec 12, 2009 4:36 PM by kshimmy
ReidRik_Von Level 1 Level 1 (0 points)
Since upgrading to SL My Little Snitch has been reporting:

"SubmitDiagInfo"
wants to connect to radarsubmissions.apple.com on TCP port 443
IP Address 17.254.2.214
Reverse DNS Name radarsubmission.apple.com
Established by /System/Library/CoreServices/SubmidDiagInfo
Unix PID 10137

5-6 times per day. THis sounds nefarious...is it?

MBP 2.6
  • Anton Rang Level 1 Level 1 (70 points)
    Have you had any processes crash? Did you give permission for Apple to collect diagnostic data? When I had my first application crash, a dialog came up saying that my computer had other diagnostic data available, and asked if I wanted to let Apple see it. My guess is that your system has a crash report or other data that is being submitted.

    It's not nefarious; this is just Apple's way of having a better chance of fixing bugs!
  • ReidRik_Von Level 1 Level 1 (0 points)
    I have had several apps crash including safari, word, firefox and one or 2 others. As I recall, each app that crashed asked me if I wanted to submit the crash report which I did. Regarding what I mention above, it was not preceded by a crash, they just appeared...
  • Marcus Girvan Level 1 Level 1 (0 points)
    I have had a few of these warnings through LittleSnitch. I have just had another. Nothing has crashed or hung up. Until Apple tells us what the purpose of these messages is, I will not authorise connection.
  • Tomas Dominguez Level 1 Level 1 (0 points)
    If you type in the Terminal

    +man SubmitDiagInfo+

    It gives you the manual page for the service/command, apparently it gives you the choice to opt-in when some program or the system crashes and from that moment on it sends crash logs to apple periodically, it also seems to clean old crash log that are no longer needed. You can disable the service in the Console application by using the +"Reset Diagnostic Reporting"+ button available in the preferences window.

    Hope this helps.
  • ReidRik_Von Level 1 Level 1 (0 points)
    Thanks for this. I "REset" in Console and will keep an eye on this.
  • Ralph Strauch Level 1 Level 1 (25 points)
    I tried resetting the Console prefs, several times. I'm still getting the message. I guess I'll just tell Little Snitch to deny forever.

    Ralph
  • parkerpress Level 1 Level 1 (35 points)
    I am also seeing the repeated connection attempts via Little Snitch, even after resetting as suggested earlier in the thread. Although I don't think I'd want to block it, since I think real crash-dumps can help Apple with the new SL debugging. But it is getting annoying.


    I'm wondering if it isn't just broadcasting "stats" and an "I'm Fine" message (which would be a REALLY bad thing if it was).

    Steve

    Message was edited by: parkerpress
  • Rob Repp Level 1 Level 1 (15 points)
    Has anyone tried a WireShark dump to see exactly what's being sent?
  • Doug F. Level 2 Level 2 (185 points)
    Since it is connecting to port 443, it is likely the data is SSL encrypted and hence a wire trace would not show anything of value.

    You'd need to patch the program somehow to get the data stream before encryption and after decryption.
  • William Lloyd Level 7 Level 7 (20,925 points)
    SubmitDiagInfo should give you a clue... it's diagnostic information.

    If you want to see the logs that are being sent, open up Console and look in the "Diagnostic Info" section. There are various reports... many of them "spin" reports which show when the OS gets a beachball. Often, these are applications that are hanging or operating slowly. If Apple apps are beachballing, I bet they want to know about it and why, so they can address it if it's bugs
  • parkerpress Level 1 Level 1 (35 points)
    Some "interesting" findings. It appears that Mail may be the culprit (in my case). I believe I get these "SubmitDiagInfo" messages following the "Console entries" below. I'm going to start watching the console much more closely each time LittleSnitch pops a warning and will post here if I find a common thread...

    9/17/09 11:20:47 AM Mail[42695] * Assertion failure in -[MessageViewer _countStringForType:isDrafts:omitUnread:totalCount:], /SourceCache/Mail/Mail-1076/MessageViewer.subproj/MessageViewer.m:5078
    deleted count greater than total count
    <<<<<SNIP>>>>>

    9/17/09 11:20:48 AM Mail[42695] * Assertion failure in -[MessageViewer _countStringForType:isDrafts:omitUnread:totalCount:], /SourceCache/Mail/Mail-1076/MessageViewer.subproj/MessageViewer.m:5078
    deleted count greater than total count
    <<<<<SNIP>>>>>

    9/18/09 10:52:52 AM Mail[255] * Assertion failure in +[Library flagsChangedForMessages:flags:oldFlagsByMessage:newFlagsByMessage:updateUnreadC ount:], /SourceCache/Message/Message-1076.1/Library.subproj/Library.m:718
    This method must be called off the main thread
    <<<<<SNIP>>>>>
  • Jon P Level 1 Level 1 (85 points)
    When you were first prompted to allow reports to be sent to Apple you allowed it. This is why little snitch keeps prompting you. You should be able to go to the console and set the preferences to stop the submissions. Alternately there is a man page for SubmitDiagInfo which you may want to read.

    Honestly Apple probably gets so many thousands of these I doubt they even really have time to read yours. So I wouldn't worry about it. They probably use some type of metric on the number of reports received say for example after a security update that maybe went wrong. If they saw a drastic rise in the number of reports, scanning the first couple of reports might help them discern more about the problem. I doubt there is even any user info there other then the type of machine, amount of ram etc.

    -j-
  • mokum von Amsterdam Level 1 Level 1 (0 points)
    Check your system log file [/var/log/system.log] to see what the reports being send are about. Mine shows:

    Sep 21 18:49:42 macbookpro SubmitDiagInfo[52180]: Submitted crash report: /Library/Logs/DiagnosticReports/ExecuteFromAllLaunchD2009-09-15-121042localhost.crash
    Sep 21 18:49:43 macbookpro SubmitDiagInfo[52180]: Submitted spin report: /Library/Logs/DiagnosticReports/SystemUIServer2009-09-21-121023macbookpro-meij-net.spin
    Sep 21 18:49:45 macbookpro SubmitDiagInfo[52180]: Submitted spin report: /Library/Logs/DiagnosticReports/loginwindow2009-09-21-121023macbookpro-meij-net.spin
    Sep 21 18:49:46 macbookpro SubmitDiagInfo[52180]: Submitted crash report: /Library/Logs/DiagnosticReports/mc2009-09-21-155935localhost.crash
    Sep 21 18:49:48 macbookpro SubmitDiagInfo[52180]: SubmitDiagInfo successfully uploaded 8 diagnostic messages.

    If only this will assist apple in solving issues with SL, I am one happy camper.
  • ebompard Level 1 Level 1 (0 points)
    As far I can see, the sent content isn't much an issue, except if you don't want Apple to know the software you're using.

    Still, I'd like to get rid of the submissions : I don't like the idea I have no means to disable an automatic message.
    No ideas ?
Previous 1 2 Next