Network X-Ray > Documentation > Under the Hood

Overview

Traditionally security tools have collected information by injecting their code into the Mac’s kernel (KEXTs) or individual application processes.

Unfortunately, these technique can make the Mac unstable, introduce new security vulnerabilities hackers can exploit, or allow unscrupulous developers to collect sensitive information about you.

To limit these dangers to Apple’s users, Apple introduced a new System Extension framework in Catalina (macOS 10.15).

Network X-Ray leverages these new System Extension frameworks for processing operating system data to let you know what is happening on your Mac.

Network X-Ray application

Network X-Ray actually consists of several components represented by the blue boxes in the figure above.

When you download Network X-Ray from the Mac App Store, the primary Network X-Ray application and a network system extension are installed (see the green box).

At this point Network X-Ray can process and present to you DNS information (from the Packet data), connections to remote servers (from the Flows data), and URL information for applications using Apple’s URL library (from URLs data).

What is missing? The name of the programs making each of these connections.

Endpoint System Extension

If you download the optional Endpoint System Extension from NetSQ LLC’s web site (link), you also get information about the programs initiating each connection, where those programs are installed on your Mac, how those programs were started, and other information.

These data sources are fused together by Network X-Ray to provide you with a comprehensive view of what your Mac is doing on the network and why.