Its worth mentioning that I'm a complete newbie to network security, and have only recently started playing around with Wireshark.
I used Wireshark to trace some network activity to a process called mDNSResponder. My google searches have resulted in old comments describing mDNSResponder's use in earlier versions of OS X. However, I'm running the newest version of macOS Sierra. As such, I'm concerned that it may be malware.
I have examined a second MacBook Pro, which is also running macOS Sierra. MDNSResponder is not running, nor is it installed. The MacBook Pro that has mDNSResponder installed has it located in /usr/sbin.
MDNSResponder is run by the user _mdnsrespond. It is actively sending and receiving packets.
A second process called MDNSResponderHelper is also running. It is being run by the root user. However, it is not sending or receiving packets.
I would appreciate it if anyone could clarify whether this is malware. If there is anything I can do to help with this, feel free to specify.
Thank you.
EDIT
After conducting further research and considering all of the responses, I have decided to reformat my machine. Both MacBook Pros were recently reformatted within days of each other, and have been connected to the same devices. I see no reason why mDNSResponder is necessarily installed and running on one machine and not the other. It is possible that it is not malware, but the network activity of mDNSResponder would make it an excellent target for malicious attacks. As such, I think it wise to reformat the machine.
After reformatting and updating my machine, mDNSResponder and MDNSResponderHelper are no longer installed. Despite this, the machine is still functioning normally.
I am not knowledgeable enough to claim whether mDNSResponder and MDNSResponderHelper were cleverly concealed malware, legitimate software, or otherwise, but I do think it was wise to reformat the machine. Hopefully this post will help others in the future.
Best Answer
The mDNSResponder service is associated with Bonjour, a network browsing service that auto-browses the network for resources. For example, it knows at all times about network printers and its list is up to date. That is what Bonjour does : It polls the local network segment and discovers devices that you can connect to.
The mDNSResponder service is the engine of Bonjour. Sometimes it can go a little crazy and there are enough articles on the web complaining about it.
There are two launch daemons that manage the Bonjour service. If they are unloaded, Bonjour will shut down and the mDNSResponder activity will stop.
The following commands might still do the job in OS X Sierra :
Unfortunately, per your report, shutting down mDNSResponder also left you without Internet access. Well, at least this turned out to be the confirmation you asked for that this is a legitimate OS X process.
Since Bonjour is a network-browsing process, its presence on the one Mac but not on the other may be explained by some difference in the network. For example, it might be checking that a network printer is still available.