Announcement: Upgrade to macOS Catalina

Experience dedicated apps for music, TV, and podcasts, plus smart new features like Sidecar. Learn how to upgrade >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: What is rapportd? In /usr/libexec/rapportd After update to 10.13.2 Firewall asked about it

What is /usr/libexec/rapportd?

After update to 10.13.2 Firewall asked whether I want to allow network access.

Is it from apple?

If not-where does it come from? The only thing I found was that Trusteer has a tool named rapport but I did not install it (maybe in combination with another product but not that I am aware of).

OBS MacBook Pro (15-inch 2.4/2.2 GHz), macOS High Sierra (10.13.2)

Posted on

Reply
Question marked as Helpful

Dec 7, 2017 12:23 PM in response to tbhunderbird In response to tbhunderbird

This happens to me too. I don't think it is related to Trusteer nor IBM.


Examination of the /usr/libexec/rapportd (dated Dec 1, 2017 15:46) shows a '--version' option as:


Rapport daemon version 120.48


Makes uses of the following classes:

  • com.apple.rapport
  • com.apple.rapportd
  • com.apple.notifyd.matching
  • com.apple.rapport.prefsChanged
  • com.apple.rapport.Client
  • com.apple.rapport.KeepAlive
  • com.apple.private.xpc.launchd.event-monitor


Appears to be an XPC-based network daemon with levels of -->multipeer<-- 'chatty'-nist and private/public flag.


Pattern 'rapportd' is found in the following file:

  • /usr/libexec/rapportd
  • /usr/sbin/systemstats <--- sounds legit
  • /usr/share/man/man8/rapportd.8


So, there is a MAN page: Executed 'man rapportd' and I get the following:


rapportd(8) BSD System Manager's Manual rapportd(8)


NAME

rapportd -- Rapport Daemon.


SYNOPSIS

Daemon providing support for the Rapport connectivity framework.


Use '/usr/libexec/rapportd -V' to get the version.


LOCATION

/usr/libexec/rapportd


December 7, 2017


Looks like this is directly related to the Mac OSX System Update that I performed on that man page's date timestamp.


But ZERO hit on Bing/Google/Search.Com on the search phrase "Rapport connectivity framework"

There’s more to the conversation

Read all replies
Question marked as Helpful

Dec 7, 2017 12:23 PM in response to tbhunderbird In response to tbhunderbird

This happens to me too. I don't think it is related to Trusteer nor IBM.


Examination of the /usr/libexec/rapportd (dated Dec 1, 2017 15:46) shows a '--version' option as:


Rapport daemon version 120.48


Makes uses of the following classes:

  • com.apple.rapport
  • com.apple.rapportd
  • com.apple.notifyd.matching
  • com.apple.rapport.prefsChanged
  • com.apple.rapport.Client
  • com.apple.rapport.KeepAlive
  • com.apple.private.xpc.launchd.event-monitor


Appears to be an XPC-based network daemon with levels of -->multipeer<-- 'chatty'-nist and private/public flag.


Pattern 'rapportd' is found in the following file:

  • /usr/libexec/rapportd
  • /usr/sbin/systemstats <--- sounds legit
  • /usr/share/man/man8/rapportd.8


So, there is a MAN page: Executed 'man rapportd' and I get the following:


rapportd(8) BSD System Manager's Manual rapportd(8)


NAME

rapportd -- Rapport Daemon.


SYNOPSIS

Daemon providing support for the Rapport connectivity framework.


Use '/usr/libexec/rapportd -V' to get the version.


LOCATION

/usr/libexec/rapportd


December 7, 2017


Looks like this is directly related to the Mac OSX System Update that I performed on that man page's date timestamp.


But ZERO hit on Bing/Google/Search.Com on the search phrase "Rapport connectivity framework"

Dec 7, 2017 12:23 PM

Reply Helpful (4)

Dec 7, 2017 1:44 PM in response to tbhunderbird In response to tbhunderbird

Also, Rapport Connectivity Framework (rapportd) daemon opens TCP port 49158, so your firewall should be blocking it until this daemon has been vetted, publicly and by Apple.


# lsof -i -P | grep -i rapport

rapportd 334
jdoe3uIPv4 0xc1e2ffdef2ba45df0t0TCP *:49158 (LISTEN)

rapportd 334 jdoe4uIPv6 0xc1e2ffdeed4f37b70t0TCP *:49158 (LISTEN)


Internet Storm Center has little info on this port number:


TCP/UDP Port 49158 Activity - SANS Internet Storm Center

Dec 7, 2017 1:44 PM

Reply Helpful (1)

Dec 9, 2017 11:34 AM in response to tbhunderbird In response to tbhunderbird

I don't know what it is but it is causing my iMac to wake up a lot. In terminal if you issue this command:


log show --style syslog | fgrep "Wake reason"


You may find lots of lines with "Wake reason: Enet.Service - Connection attempt with TCP from..." I found my Apple TV, iPad and iPhone were trying to connect. I found out the port they are trying to connect to is this command, '/usr/libexec/rapportd'.

Dec 9, 2017 11:34 AM

Reply Helpful

Dec 10, 2017 10:28 AM in response to tbhunderbird In response to tbhunderbird

I have also seen network access issues related to rapportd. In my case, the problem is that my iPhone and iPad, when they are on my local WiFi, try to contact rapportd running on my iMac. This did not happen before the Mac OS 10.13.2 update. I have removed rapportd, and everything seems to work fine on my iMac.

Dec 10, 2017 10:28 AM

Reply Helpful

Dec 10, 2017 6:02 PM in response to neliason In response to neliason

There are probably many ways to do it. I used Recovery Mode to pull up a terminal window. I then used Unix commands to go to where the file is stored (cd /Volumes/XXX/usr/libexec/ where XXX is the name of your boot disk) and moved the file up one level (mv rapportd ../rapportd). When you start up Mac OS, you will get log messages that launchd could not find the file, but I have not found any other problems. If you are not familiar with Unix, you should probably not try this way. Perhaps others can respond with a non-Unix way.

Dec 10, 2017 6:02 PM

Reply Helpful

Dec 10, 2017 8:20 PM in response to tbhunderbird In response to tbhunderbird

getting the same thing, already clean installed sierra onto my air will be doing the same with my MacBook pro .. high sierra has been nothing but problems for me. i read Pat Wardle's blog quite often (responsible for many recent security updates). he has private bugs which are stunning to say the least. this "version" was rushed. nothing makes sense and everything needs constant network connectivity. at least Sierra worked "well".


personally i believe this rapportd "daemon" (i also viewed the man page) is for crypto currencies. high sierra is junk. i can't wait until Huawei's next ZenBook is released.. ill be moving over to a linux system with one of their high end laptops. never thought id say this, huge apple fan boy too. iPad pro, air, probook, iPhone X, Airport Extreme 2TB, with express extenders and every imaginable accessories ..


RIP - Apple ... Steve Jobs would be so sad. problems and no innovation ...

Dec 10, 2017 8:20 PM

Reply Helpful

Dec 11, 2017 7:58 AM in response to GreenMamba In response to GreenMamba

What is extremely disappointing of Apple Support is their unwillingness to explain in their Support Discussion groups, much less in their 10.13.2 Release Notes, what exactly this `rapportd` daemon does.


All we know from the threads and my experiences are these:

  • It is an undocumented 'Rapport Connectivity Framework' (RCF),
  • Port 49158/tcp
  • It is not power-friendly, wakes up the entire box too often
  • systemstat starts this rapportd daemon
  • RCF is a multi-client chatty protocol
  • iPhone and iPad makes effort to connect with iMac

Dec 11, 2017 7:58 AM

Reply Helpful (3)
User profile for user: tbhunderbird

Question: What is rapportd? In /usr/libexec/rapportd After update to 10.13.2 Firewall asked about it