Mac OS X: List listening ports and programs using netstat

When checking the listening ports on my Linux machine I put netstat some pants on:

# netstat -pant | grep LISTEN
tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      20797/sasdwl
tcp        0      0 192.168.230.236:3873    0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:4999            0.0.0.0:*               LISTEN      28475/pcp
tcp        0      0 192.168.230.236:2055    0.0.0.0:*               LISTEN      20037/dataserver
tcp        0      0 127.0.0.1:8009          0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:1098            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:9002            0.0.0.0:*               LISTEN      20731/sasfrompacs
tcp        0      0 192.168.230.236:2058    0.0.0.0:*               LISTEN      20475/backupserver
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      28306/smbd
tcp        0      0 0.0.0.0:1099            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:33518           0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:4847            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:33519           0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:4848            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      19532/httpd
tcp        0      0 0.0.0.0:4849            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:33521           0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      5342/master
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      19532/httpd
tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      28306/smbd
tcp        0      0 0.0.0.0:8093            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:4445            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 0.0.0.0:4446            0.0.0.0:*               LISTEN      21201/java
tcp        0      0 127.0.0.1:2054          :::*                    LISTEN      20542/java
tcp        0      0 :::22                   :::*                    LISTEN      5025/sshd
tcp        0      0 ::1:25                  :::*                    LISTEN      5342/master

I want to see the ports and the programs listening on these ports. The netstat options used mean:

  • -p: show the program name / PID owning the socket
  • -a: show all connections
  • -n: show numerical addresses
  • -t: show only TCP connections

Somehow I’ve only noticed now that netstat on Mac OS X cannot show the program name. Actually on Mac OS X, the -p parameter of netstat doesn’t mean program or process but protocol. Also there is no -t parameter but it can be done using -ptcp.

$ netstat -an -ptcp | grep LISTEN
tcp4       0      0  127.0.0.1.10000        *.*                    LISTEN
tcp6       0      0  *.43611                *.*                    LISTEN
tcp4       0      0  *.43611                *.*                    LISTEN
tcp46      0      0  *.80                   *.*                    LISTEN
tcp4       0      0  127.0.0.1.3306         *.*                    LISTEN
tcp4       0      0  127.0.0.1.631          *.*                    LISTEN
tcp6       0      0  ::1.631                *.*                    LISTEN

There seems to be no way to get the same kind of info using netstat on Mac OS X. But everything is not lost. A tcp socket is just another type of file descriptor in Unix derivatives so we can use lsof to get the same info on Mac OS X:

$ lsof -i -P | grep -i "listen"
mysqld    31797 henribenoit   10u  IPv4 0xe1e3f49df503def7      0t0  TCP localhost:3306 (LISTEN)

This shows you the listening ports for programs running under your user name. If you want to see it for all users, you’ll have to use sudo.

$ sudo lsof -i -P | grep -i "listen"
launchd       1           root   28u  IPv6 0xe1e3f49dedc794b7      0t0    TCP localhost:631 (LISTEN)
launchd       1           root   29u  IPv4 0xe1e3f49dedc7f49f      0t0    TCP localhost:631 (LISTEN)
mysqld    31797    henribenoit   10u  IPv4 0xe1e3f49df503def7      0t0    TCP localhost:3306 (LISTEN)

Leave a Reply

Your email address will not be published. Required fields are marked *