Netstat For Mac

Show all connections. To start with netstat, let’s see the command that displays all connections. PRTG Network Monitor. An advanced network monitoring solution to monitor network up/downtime. If you enter the netstat command in partner mode, you might see a plus sign (+) appended to some network interface names in the output. The plus sign indicates that the network interfaces are used as shared interfaces. Statistics displayed by the netstat command are cumulative. That is, a giveback operation does not zero out the statistics.

The accepted answer actually is the right way. Netstat on mac os x doesn't show the pid to port mapping. – tr4nc3 Jan 9 '19 at 15:09. Add a comment 0. For macOS I use two commands together to show information about the processes listening on the machine and process connecting to remote servers. In other words, to check the listening. After writing up the presentation for MacSysAdmin in Sweden, I decided to go ahead and throw these into a quick cheat sheet for anyone who’d like to have them all in one place. Good luck out there, and stay salty. Get an ip address for en0: ipconfig getifaddr en0 Same thing, but setting and echoing Continue reading Mac Network Commands Cheat Sheet.

Show only servers - that is ports that are listening waiting for an inbound connection:

netstat -Waltn grep LISTEN

Show Server Port and Process ID in Netstat Mac

Instead of netstat you need to use LSOF (lists open files and sockets), piped into grep which will only shows lines with LISTEN in them:

sudo lsof -Pnl +M -i grep LISTEN

Netstat For Mac

Use -i4 for ip4 and -i6 for ip6. -i seems to work for all internet traffic. Handy for tracking down what program is running a server on your machine.

Grep For Mac

About Netstat

If you're looking to list open network ports the Mac equivalent to the linux command netstat -Walntpc might be what you're after. You are not alone, I get about 6,000 unique visitors per year here! Realtime list of all open connections and listening sockets: watch netstat -Walnt (No DNS much faster) watch netstat -Walt (with DNS lookups) The beauty of this command is that it gets you past that over long list of (non-internet surely?) unix sockets and kexts, why Apple put this into netstat I have no idea, perhaps the blame is with Darwin BSD kernel. But it should be more like Linux netstat in my opinion! That's because I can even see the process names and get continuous updates my adding pc with

Pipe netstat Into Grep To Remove Junk From The End

Listening socket / server processes ports macOS quickly: netstat -Waltn grep tcp Every internet port fast with no DNS lookups: netstat -Waltn grep -E '(tcp udp)(4 6)' Like above but with DNS lookups but takes literally forever up to minutes: netstat -Walt grep -E '(tcp udp)(4 6)'

Netstat For Mac

The Little Snitch Command - Who's phoning home?

How to use LSOF to discover which app or process is listening to which ports:lsof -Pnl +M -i -cmd grep -E 'LISTEN TCP UDP' I prefer to use -n to speed up the listing of netstat results by turning off DNS lookups ip to name resolution. The l is used to also show ipv6. To show all internet connections, whether ipv4 or ipv6, tcp or udp, listening, connected or closing - the lot: netstat -Waltn grep p[46] Show only TCP connections: netstat -anp tcp To see which apps have listening sockets open: sudo lsof -n -P grep LISTEN Some other good linux ones here:

Linux Equivalent

This one is good for checking ssh tunnels: sudo netstat -tulpn

Netstat for mac addressPosted by tomachi on January 12th, 2016 filed in Mac, Unix

Netstat — derived from the words network and statistics — is a program that’s controlled via commands issued in the command line. It delivers basic statistics on all network activities and informs users on which portsand addresses the corresponding connections (TCP, UDP) are running and which ports are open for tasks. In 1983, netstat was first implemented into the Unix derivative BSD (Berkley Software Distribution), whose version 4.2 supported the first internet protocol family, TCP/IP. netstat has been integrated into Linux since its debut in 1991 and has been present in Windows since the appearance of version 3.11 (1993), which could also communicate via TCP/IP with the help of extensions. While the parameters of netstat’s commands (as well as their outputs) differ from system to system, when it comes to their functions, the various implementations are very similar.

Essentially, netstat is a command line program and for this reason doesn’t feature a graphical user interface. Programs like TCPView, which was developed by the Microsoft division Windows Sysinternals, makes it possible for statistics to be displayed graphically.

How do you use netstat?

In Windows operating systems, you can use the netstat services via the command line (cmd.exe). You can find them in the start menu under 'All Programs' -> 'Accessories' -> 'Command Prompt'. Alternatively, you can search directly for 'Command Prompt' in the start menu’s search field or start the command line via 'Run' (Windows key + press 'R' and enter 'cmd'). The syntax of the netstat commands follows the following pattern:


The combination of the individual options works by stringing the individual parameters together, each separated by a space:

The parameters are typically preceded by a hyphen (-), but if you want to combine several options, you only have to place this hyphen in front of the first element. Instead of the variant shown above, you can also link different parameters as follows:

In this case, it is important that you do not leave any spaces between the individual netstat options.

netstat commands for Windows





Standard listing of all active connections


netstat -a

Displays all active ports


netstat -b

Displays the executable file of a connection or listening port (requires administrator rights)


netstat -e

Shows statistics about your network connection (received and sent data packets, etc.)


netstat -f

Displays the fully qualified domain name (FQDN) of remote addresses


netstat -i

Brings up the netstat overview menu


netstat -n

Numerical display of addresses and port numbers


netstat -o

Displays the process identifier (PID) associated with each displayed connection

-p Protokoll

netstat -p TCP

Displays the connections for the specified protocol, in this case TCP (also possible: UDP, TCPv6, or UDPv6)


netstat -q

Lists all connections, all listening TCP ports, and all open TCP ports that are not listening


netstat -r

Displays the IP routing table


netstat -s

Retrieves statistics about the important network protocols such as TCP, IP, or UDP


netstat -t

Shows the download status (TCP download to relieve the main processor) of active connections


netstat -x

Informs about all connections, listeners, and shared endpoints for NetworkDirect


netstat -y

Displays which connection templates were used for the active TCP connections


netstat -p 10

Displays the respective statistics again after a selected number of seconds (here 10); can be combined as required (here with –p), [CTRL] + [C] ends the interval display

Netstat examples

In order to make the use of the listed netstat commands for Windows easier to understand, we will show you some example commands:

List of all connections for the IPv4 protocol

If you don't want to retrieve all active connections, but only all active IPv4 connections, you can do this using the netstat command:

Accessing statistics using the ICMPv6 protocol

Netstat Command Mac

If you only want to obtain statistics on the ICMPv6 protocol, enter the following command in the command line:

Repetitive query of interface statistics (every 20 seconds)


Use the following netstat command for a repeated query of the interface statistics, which returns new values every 20 seconds on received and sent data packets:

Display of all open ports and active connections (numeric and process ID included)

Mac Netstat Listening Ports

One of the most popular netstat commands is undoubtedly to query all open ports and active connections (including process ID) in numeric form:

Why using netstat makes sense

When dealing with excessive traffic and malicious software it’s advantageous to be informed about the inbound and outbound connections to your computer. These are created via their respective network addresses that indicate which ports were preemptively opened for exchanging data. Once a port is opened, it receives the status “LISTEN” and waits for connection attempts. One problem of having these ports remain open is that your system is then left vulnerable to malware. What’s more, there’s also a chance that Trojan viruses already found in your system may install a backdoor, opening up a corresponding port in the process. For this reason, you should always regularly check the ports opened by your system, a task for which netstat is particularly well suited. Thanks to the fact that you’ll be able to find the diagnosis tool on virtually every system, whether it be Unix, Linux, Windows, or Mac, this program offers a unified solution for all computers and servers.

Possible infections can be caught based on unknown opened ports or unknown IP addresses. In order to obtain an informative result, all other programs, such as your internet browser, should be turned off. This is due to the fact that these are often connected with computers that possess unknown IP addresses. Thanks to the detailed statistics, users also receive information on the packets that have been transferred since the last system start as well as notices of any errors that have occurred. The routing table, which delivers information on the paths data packets takes through the net, can be displayed with the help of the system-specific netstat command.

Related articles