Typically I’d use netstat’s -o flag to identify the process ID when listing networking activity from a Linux/Unix machine. Unfortunately this option is not available with netstat on Mac OS X.
I recently has a rogue process (I suspected a virus) on my Mac that was creating thousands of connections out to hosting providers. Luckily I found this fix, which uses lsof to list the network files that are being held open instead. It works a treat:
~$ lsof -i -P
The -i flag restricts output to the networking files, the -P flag prevents well known port numbers from being converted from numbers to text (e.g. 80 -> http). Try it without the -P flag to see the protocol short names.
Using this command, I identified which process was creating the unwanted connections and to dealt with it.