netstat macos Show Listening Ports TCP Sockets with Grep

If you're looking to list open network ports the Mac equivalent to the linux command netstat -Walntpc might be what you're after. You are not alone, I get about 6,000 unique visitors per year here!

Realtime list of all open connections and listening sockets:

watch netstat -Walnt
(No DNS much faster)
watch netstat -Walt
(with DNS lookups)

The beauty of this command is that it gets you past that over long list of (non-internet surely?) unix sockets and kexts, why Apple put this into netstat I have no idea, perhaps the blame is with Darwin BSD kernel. But it should be more like Linux netstat in my opinion! That's because I can even see the process names and get continuous updates my adding pc with

Pipe netstat Into Grep To Remove Junk From The End

Listening socket / server processes ports macOS quickly:

netstat -Waltn | grep tcp

Every internet port fast with no DNS lookups:

netstat -Waltn | grep -E "(tcp|udp)(4|6)"

Like above but with DNS lookups but takes literally forever up to minutes:

netstat -Walt | grep -E "(tcp|udp)(4|6)"

Show only servers - that is ports that are listening waiting for an inbound connection:

netstat -Waltn | grep LISTEN

The Little Snitch Command - Who's phoning home?

How to use LSOF to discover which app or process is listening to which ports:

lsof -Pnl +M -i -cmd | grep -E "LISTEN|TCP|UDP"

I prefer to use -n to speed up the listing of netstat results by turning off DNS lookups ip to name resolution. The l is used to also show ipv6. To show all internet connections, whether ipv4 or ipv6, tcp or udp, listening, connected or closing - the lot:

netstat -Waltn | grep p[46]

Show only TCP connections:

netstat -anp tcp

To see which apps have listening sockets open:

sudo lsof  -n -P | grep LISTEN

Some other good linux ones here:

Show Process ID in Netstat Mac

Actually, you can't but you can use LSOF which lists open files and sockets:

lsof -Pnl +M -i

Use -i4 for ip4 and -i6 for ip6. -i seems to work for all internet traffic. Handy for tracking down what program is running a server on your machine.


This one is good for checking ssh tunnels:

sudo netstat -tulpn

Posted by tomachi on January 12th, 2016 filed in Mac, Unix