Mac os lsof open ports

Как узнать, какие процессы имеют открытые порты TCP / IP в Mac OS X?

Как узнать, какие процессы имеют открытые порты TCP / IP в Mac OS X ?

Одной из альтернатив является использование lsof утилиты; в частности, lsof -i 4tcp будут перечислены все процессы с открытыми сетевыми сокетами TCP IPv4. Страница man lsof предоставит вам подробную информацию о том, как использовать утилиту и как интерпретировать вывод.

Если вас интересует конкретный порт, вы можете использовать этот пример:

Если вы хотите получить только идентификатор процесса, вы можете запустить это:

Я использую приведенную ниже команду, когда хочу увидеть все, что находится на определенном порте для TCP или UDP. Этот -n параметр отключает попытки преобразования IP-адресов в доменные имена, а также -P отключает попытки выяснить имя определенного порта. Кроме того, выполнение as root покажет вам больше процессов, чем обычного пользователя.

sudo lsof -iTCP:53 -iUDP:53 -n -P

В следующем примере кода перечислены все запущенные TCP-серверы на вашем локальном компьютере с OSX:

LISTEN показывает только сокеты, прослушивающие соединения. То есть серверы.

Первая строка показывает сервер , привязанные к localhost , он же 127.0.0.1 , порт 2022 . Он будет отвечать на локальные запросы, но не на интернет-запросы.

Вторая строка — это сервер, связанный со всеми адресами, т. Е. * Порт 3141 . Он будет отвечать на запросы Интернет.

Чтобы вывести список портов, используемых клиентами и серверами, используйте следующее:

Это должно быть возможно в окне терминала с помощью команды Netstat .

И если вам больше нравится GUI:

В Mac OS X 10.5 папка / Applications / Utilities содержит сетевую утилиту под названием: Network Utility, см. На вкладке Netstat эти статистические данные, представленные в приложении графического интерфейса, а также Ping, Lookup, Traceroute, Whois, Finger и Port Scan.

Источник

Question: Q: Checking TCP/UDP ports!

What’s up everybody,

Does anyobody know how to check if a port is open? (tcp/udp)

Posted on Jan 20, 2011 6:09 PM

Helpful answers

Even this post is rather old, but it still comes up with the search results so I would like to reply a solution to the question.

You can open the Terminal in Mac (type terminal on Spotlight) and then use NetCat command by typing like a sample below to test your specific port like this replacing 1xx with your target IP address, then the port to check.

>nc -vnzu 1xx.xxx.xxx.xxx 53

or if you want to check a range of ports for example from port 1 to 53, just type

>nc -vnzu 1xx.xxx.xxx.xxx 1-53

NetCat is already a built-in command in Mac so no need to install anything.

Hope this helps.

Jul 7, 2015 11:49 PM

There’s more to the conversation

Loading page content

Page content loaded

Use the Network Utility in the /Applications/Utilities/ folder to scan 127.0.0.1 for open ports.

Jan 20, 2011 6:11 PM

isn’t there another way?

would be better if there was a program..

Jan 20, 2011 6:48 PM

Network Utility is a program, no?

Other options include downloading and building nmap, which can be quite useful.

Or +sudo lsof -i+ might possibly be of use?

Jan 20, 2011 7:23 PM

Jan 21, 2011 10:29 PM

Welcome to the forums.

Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.

(With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft’s SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)

Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)

telnet works nicely for brute-force port tests on the LAN.

And FWIW, if those public web site tools do work and if you’re on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that’s a low-end NAT device, a server-grade firewall, or otherwise.

Jan 22, 2011 7:31 AM

If you’re trying to figure out whether your client machine is being blocked in the outbound direction (client to Internet) by something like your home firewall, or your ISP, then try http://www.firebind.com.

Firebind is the only tool on the Internet that can test any of the 65535 TCP or UDP ports in the outbound direction. If you want, you can test the entire TCP and UDP range.

Источник

Ports Open (Networking)

What ports are open for hacking on my Mac and Linux machine?

Here is how to see what ports are open listening on a server.

This is perhaps the most important potential vulnerability.

Having ports listenting to outside traffic also takes CPU effort, which consumes electricity and thus reduce battery life.

Ports

PAT (Port Address Translation) maps ports.:

• 0 — 1023 = well-know ports
• 1024 — 49141 = Registered ports (1433 for MS SQL, 1431 for Oracle SQL, etc.)
• 49152 — 54535 65535 = dynamic ports

Port 3389 is used for communicating with Microsoft’s RDP (Remote Desktop Protocol) on Windows machines. See My notes on Windows RDP.

Common TCP Ports in layer 4: REMEMBER

80/443 = HTTPS (Secure, encrypted)

21/990 = FTP and FTPS which adds SSL & TLS to encrypt

3389 = RDP (Remote Desktop Protocol) from Microsoft

143/993 = IMAP (Internet Message Access Protocol) files remain on server / TLS

No port for ICMP RFC 792 Pings RFC 1122 as it’s in IP transport layer

389/646 = LDAP / Secure LDAP

88 = Kerberos (Windows)

445 = SMB (Server Message Block) from Azure Files

548 = AFP (Apple Filing Protocol) https://www.wikiwand.com/en/Apple_Filing_Protocol elim. for AppleTalk

• 8080, 8081 = Limits Microservice
• 8888 = Spring Cloud Config server
• 8000,8001,8002,… = Currency Exhange Microservice
• 8100,8101,8102,… = Currency Conversion Microservice
• 8761 = Netflix Eureka Naming Server
• 8765 = API Gateway
• 9411 = Zipkin Distributed Tracing Server

IP header protocol field REMEMBER

• 1 = ICMP (Internet Control Message Protocol)
• 2 = IGMP (Internet Group Management Protocol) to estab. multicaset group transmitted to at once
• 6 = TCP (Transmission Control Protocol)
• 17 = UDP (User Datagram Protocol) used by VOIP
• 115 = L2TP (Layer 2)

Spotlight on Network Utility to List Ports

Apple’s macOS Spotlight is like Window’s Search omni-box. *

Press Command+Spacebar.

Type the name of utilities that are buried, such as Network Utility.

Click the keyboard return/enter key to launch the Network Utility app.

Select the «Port Scan» tab.

Enter the IP (such as 127.0.0.1), localhost, or domain name you wish to scan for open ports.

Choose scan to see what ports the server responds to.

List open files = lsof

In a Terminal command line:

PROTIP: If you’ll be using this often, create an alias such as of .

“lsof” is a contraction for “list open files”. Without any options specifications, lsof lists all open files belonging to all active processes.

“-nP” is a combination of “n” for no resolution of IPs to hostnames using DNS and “P” for no resolution of Port names from numbers.

This is because the command already takes several seconds to run.

“+c 15” specifies command width of 15.

Piping to grep filters out only lines containing “LISTEN”.

NOTE: All options are shown by this command:

Drag your Terminal window wider to remove word-wrap.

“FD” column lists File Descriptors. “u” is for read and write mode. “r” for read only, “w” for write-only.

Linux requires root on operations for well-known ports below 1024.

Protocols

TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP on ort 53.

UDP (Datagram Protocol) is connectionless and does not guarantee reliable communication; it’s up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming, where dropping some packets is preferable to waiting for delayed data.

Processes Tour

NOTE: Drag the scroll bar to see what is beyond what is displayed.

mongod is MongoDB listening on port 27017.

I should keep that closed unless I need it.

In Node, close all connections when the app closes completely:

2BUA8C4S2C

When I search for “2BUA8C4S2C” I see “2BUA8C4S2C.com.agilebits” in folder /Users/mac/Library/Group Containers

This says This port is used only on the loopback interface (127.0.0.1) for the 1Password extension to talk to the 1Password Agent. It should be safe to firewall it from any sources other than 127.0.0.1. If you do a packet capture on lo0 and then filter by tcp.port == 6258 you can see what traffic is being passed. Nothing is transmitted in the clear.

Skype I don’t mind keeping open. I use it a lot.

Dropbox — why does it need to be kept open?

I’ll use just their web page when I need it.

Resilio\x20Sync I used once to get a file.

In Resilio Preferences, uncheck “Start Resilio Sync on startup”.

SketchMirrorHel

XMPP ports 56989 and 56990

For a list of processes on Mac:

Don’t visit http://www.westwind.com/reference/OS-X/background-processes.html

ftp (tftp) should not appear.

Scan other machines

brew install nmap

(Zenmap is the GUI)

There are a lot of options

nmap -h

nmap [scan type] [options]

There are a lot of options

nmap -h

Scan for vulnerabilities using nmap scripts.

Scan for vulnerabilities using vulnerability scanners:

Scans for versions of applications and operating systems. Compare those against known vulnerabilities and exploits.

Devices on the Internet with open ports are indexed by Shodan.io.

SNR (software defined radios)

Resources

Learn basic hardware hacking with UbertoothOne and HackRF One.

Network Intrusion detection systems (NIDS)

AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange (OTX) Security Information and Event Management (SIEM) software.

Honeypots

Commercial Honeypot software:

• Fortinet – FortiDeceptor
• Attivio — BOTsink
• Fidelis – Fidelis Deception
• TrapX– DeceptionGrid
• Illusive – Illusive Platform

Источник

List all Open Internet Connections on a Mac from Terminal to Track Down Bandwidth Issues

Recently the LAN at my office had been running slower than usual, and I couldn’t pinpoint what was using up all the extra bandwidth. I had a suspicion that P2P traffic was to blame but I just couldn’t see anything obvious on the offending machine. So the question of course, is how do you see what processes are connecting to the internet or the outside world from Mac OS X?

Using the lsof command line tool, we can pass the -i argument to list only the active and open internet connections on our Macs, and we can find out if there’s anything peculiar (or in my case, something hidden) going on and connecting to an outside address, and, this command will also show you what the process ID is of the offending application or task, so that we can kill it and stop the activity if desired.

Display a List of All Open Internet Connections in OS X from the Command Line

This must be entered from the Terminal of OS X, but it can be used remotely with SSH or locally on a Mac.

I logged into the offending Mac and typed the following command:

You shouldn’t need to use sudo but you can if desired or required for your specific use case.

Output of lsof is a little busy but if you’re familiar with the command line it shouldn’t be anything too crazy looking.

Here’s an example of the output displayed by this lsof -i command string:

macuser$ lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
SystemUIS 93 macuser 6u IPv4 0x04db27bc 0t0 UDP *:*
SystemUIS 93 macuser 10u IPv4 0x04db26e0 0t0 UDP *:*
iChatAgen 111 macuser 6u IPv4 0x07084734 0t0 UDP localhost:49490->localhost:49490
iChatAgen 111 macuser 10u IPv4 0x05666f28 0t0 TCP 192.168.0.101:53762->bos-m012c-sdr6.blue.aol.com:aol (ESTABLISHED)
synergys 129 macuser 5u IPv4 0x05f2f6b0 0t0 TCP *:24800 (LISTEN)
Safari 148 macuser 10u IPv4 0x06db46e0 0t0 TCP 192.168.0.101:57557->host29.prod.google.com:http (CLOSE_WAIT)
iTunes 644 macuser 21u IPv4 0x05f2f2a4 0t0 TCP *:daap (LISTEN)

In the above lsof output display there’s nothing unusual, but in my aforementioned network troubleshooting, I discovered a BitTorrent client running hidden in the background of one of my networks Macs, and it was seeding several large files! Naturally I killed the BitTorrent client, removed the application, deleted the files, and the Mac LAN is running at full speed again.

Listing Only Established Internet Connections

If you happen to want to only display the established connections (meaning they are actively communicating and a link has been established between the local machine and an outside IP), you can use this command variation of the aforementioned lsof string:

lsof -i | grep -E «(LISTEN|ESTABLISHED)»

You can combine this with ‘watch’ to get an automatically updated list of established connections too.

And if you happen to know the process name, you can always use grep for that specific or vague name too.

This is a bit advanced, but it works quite well for Mac users who are comfortable with the terminal and command line in general. More novice Mac users can use Private Eye to monitor internet and network connections in OS X, which is a free but excellent third party application that runs in the graphical user interface and is a bit easier to parse, particularly if you’re not experienced with the terminal.

Источник

Читайте также:  Страшные живые обои для windows