How do I capture localhost traffic in instruments?

Is there a way to configure it so that localhost traffic is included in the recording?

I suspect not. But before I say anything definitive…

The documentation for network-interface-detection schema

I’m not familiar with that. Please post a link to the doc you’re referring to.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for your response.

I’m not familiar with that. Please post a link to the doc you’re referring to.

Maybe "documentation" is the wrong word, but I'm referring to the information about that schema that is viewable in the instruments "document inspector" accessible from "document" in the menu bar -> "inspector" -> "schemas". This seems to be the only "documentation" available describing instruments' schemas/tables, but it doesn't say anything about how these tables are populated.

I know from the available WWDC talks that we can create custom modelers that use these tables, so I was hoping that maybe the fact that localhost traffic wasn't showing up was that the "Network Connections" instrument itself was configured to not show it but that the data was available in the table.

Because if I'm not mistaken, the only way currently to provide custom inputs into instruments is with os_signposts? which in my case is something I can't do since I can't modify the source of the application I wish to trace for.

Thanks for the pointers. I’ve always been curious as to how this stuff actually works, and your info gave me a useful thread to pull on [1].

My research confirms that Instruments goes out of its way to exclude loopback connections from its recording. This happens at a pretty low level, so it’s not the case that the data was recorded and you just have to find a way to show it.

I’d appreciate you filing an enhancement request for a way to configure this. Once you’re done, post your bug number here and I’ll use that to explore a potential workaround.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] It’s the same infrastructure that backs nettop; see its man page. There’s also the mysterious netlog, which has a man page but AFAICT isn’t actually installed on the system O-:

ooh, interesting note about nettop, I actually didn't know that command exists...out of curiosity how did you find out it was using the same infratructure as nettop? did you trace instruments itself or something like that?

For the enhancement request, see FB19925681.

out of curiosity how did you find out it was using the same infratructure as nettop?

I started with the question “How does nettop work?”

% otool -L `which nettop`
/usr/bin/nettop:
    …
    /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
    …

I then asked “Does Instruments work the same way?”

% vmmap Instruments | grep NetworkStatistics
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…
… /System/Library/PrivateFrameworks/NetworkStatistics.framework/…

I guess so (-:

For the enhancement request, see FB19925681.

Thanks. I’m gonna use this bug to drive some more research and then get back to you.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"