Identifying which processes are using network ports on a Mac

Steve Neal Linux Leave a Comment

Typically I’d use netstat’s -o flag to identify the process ID when listing networking activity from a Linux/Unix machine. Unfortunately this option is not available with netstat on ┬áMac OS X.

I recently has a rogue process (I suspected a virus) on my Mac that was creating thousands of connections out to hosting providers. Luckily I found this fix, which uses lsof to list the network files that are being held open instead. It works a treat:

~$ lsof -i -P

The -i flag restricts output to the networking files, the -P flag prevents well known port numbers from being converted from numbers to text (e.g. 80 -> http). Try it without the -P flag to see the protocol short names.

Using this command, I identified which process was creating the unwanted connections and to dealt with it.

Leave a Reply

Your email address will not be published. Required fields are marked *