netstat macos Show Listening Ports TCP Sockets with Grep

Show only servers - that is ports that are listening waiting for an inbound connection:

netstat -Waltn | grep LISTEN

Show Server Port and Process ID in Netstat Mac

Instead of netstat you need to use LSOF (lists open files and sockets), piped into grep which will only shows lines with LISTEN in them:

sudo lsof -Pnl +M -i | grep LISTEN

Use -i4 for ip4 and -i6 for ip6. -i seems to work for all internet traffic. Handy for tracking down what program is running a server on your machine.

About Netstat

If you're looking to list open network ports the Mac equivalent to the linux command netstat -Walntpc might be what you're after. You are not alone, I get about 6,000 unique visitors per year here! Realtime list of all open connections and listening sockets: watch netstat -Walnt (No DNS much faster) watch netstat -Walt (with DNS lookups) The beauty of this command is that it gets you past that over long list of (non-internet surely?) unix sockets and kexts, why Apple put this into netstat I have no idea, perhaps the blame is with Darwin BSD kernel. But it should be more like Linux netstat in my opinion! That's because I can even see the process names and get continuous updates my adding pc with

Pipe netstat Into Grep To Remove Junk From The End

Listening socket / server processes ports macOS quickly: netstat -Waltn | grep tcp Every internet port fast with no DNS lookups: netstat -Waltn | grep -E "(tcp|udp)(4|6)" Like above but with DNS lookups but takes literally forever up to minutes: netstat -Walt | grep -E "(tcp|udp)(4|6)" 

The Little Snitch Command - Who's phoning home?

How to use LSOF to discover which app or process is listening to which ports: lsof -Pnl +M -i -cmd | grep -E "LISTEN|TCP|UDP" I prefer to use -n to speed up the listing of netstat results by turning off DNS lookups ip to name resolution. The l is used to also show ipv6. To show all internet connections, whether ipv4 or ipv6, tcp or udp, listening, connected or closing - the lot: netstat -Waltn | grep p[46] Show only TCP connections: netstat -anp tcp To see which apps have listening sockets open: sudo lsof  -n -P | grep LISTEN Some other good linux ones here:


Linux Equivalent

This one is good for checking ssh tunnels: sudo netstat -tulpn

Posted by tomachi on January 12th, 2016 filed in Mac, Unix