Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Who is listening on a given TCP port on Mac OS X?

On Linux, I can use netstat -pntl | grep $PORT or fuser -n tcp $PORT to find out which process (PID) is listening on the specified TCP port. How do I get the same information on Mac OS X?

like image 639
pts Avatar asked Dec 12 '10 12:12

pts


3 Answers

Up to macOS 12 Monterey, every version of macOS supports this:

sudo lsof -iTCP -sTCP:LISTEN -n -P

Personally I've end up with this simple function in my ~/.bash_profile:

listening() {
    if [ $# -eq 0 ]; then
        sudo lsof -iTCP -sTCP:LISTEN -n -P
    elif [ $# -eq 1 ]; then
        sudo lsof -iTCP -sTCP:LISTEN -n -P | grep -i --color $1
    else
        echo "Usage: listening [pattern]"
    fi
}

Then listening command gives you a listing of processes listening on some port and listening smth greps this for some pattern.

Having this, it's quite easy to ask about particular process, e.g. listening dropbox, or port, e.g. listening 22.

lsof command has some specialized options for asking about port, protocol, process etc. but personally I've found above function much more handy, since I don't need to remember all these low-level options. lsof is quite powerful tool, but unfortunately not so comfy to use.

like image 22
Michał Kalinowski Avatar answered Nov 12 '22 19:11

Michał Kalinowski


On macOS Big Sur and later, use this command:

sudo lsof -i -P | grep LISTEN | grep :$PORT

or to just see just IPv4:

sudo lsof -nP -i4TCP:$PORT | grep LISTEN

On older versions, use one of the following forms:

sudo lsof -nP -iTCP:$PORT | grep LISTEN
sudo lsof -nP -i:$PORT | grep LISTEN

Substitute $PORT with the port number or a comma-separated list of port numbers.

Prepend sudo (followed by a space) if you need information on ports below #1024.

The -n flag is for displaying IP addresses instead of host names. This makes the command execute much faster, because DNS lookups to get the host names can be slow (several seconds or a minute for many hosts).

The -P flag is for displaying raw port numbers instead of resolved names like http, ftp or more esoteric service names like dpserve, socalia.

See the comments for more options.

For completeness, because frequently used together:

To kill the PID:

sudo kill -9 <PID>
# kill -9 60401
like image 78
pts Avatar answered Nov 12 '22 18:11

pts


You can also use:

sudo lsof -i -n -P | grep TCP

This works in Mavericks.

like image 461
Rog182 Avatar answered Nov 12 '22 20:11

Rog182