Apple - xpcproxy using all my bandwidth

In my case, it was nsurlsessiond (by sudo lsof | grep -i nsurl)

Fired up Charles with https MITM'ing, but didn't find anything talking to Apple (but it wasn't making any new connections to intercept).

It seemed to go away after a little while.

EDIT: After sleeping and waking it up with Charles running, xpcproxy showed it was downloading pictures from iCloud ([redacted].icloud-content.com).

(xpc services need some better monitoring tools and/or they're not well-known.)

Here is how I found out which app was causing all this bandwidth:

(I was downloading roughly 300k)

I started Wireshark for a couple of seconds. Then sorted the resulting list by source ip. Now I looked which ip was listed most often (therefore sending the most traffic to me).

That got me an IP address which I looked up who owns it: https://db-ip.com/all/162.222.43 Turns out the address was owned by CrashPlan. So I fired up CrashPlan and saw that is was doing some synchronisation.

I've also observed it running on Yosemite. As for what xpcproxy actually is, it's part of the OS X anti-malware software, according to this Apple forum post, which also warns not to mess with system processes such as this.