Netstat is not easy to use on Mac. Try lsof


Here I mainly talk about the use of netstat and lsof, as well as the lack of many functions of netstat in the MAC system. In this scenario, lsof is a good supplement. I prefer lsof, and for netstat, even under Linux, I recommend SS instead


Netstat command lists the detailed information about your computer network communication, including all the ways your computer talks with the outside world through all the ports and applications. So conquering netstat can help you understand how your computer is connected and how it is connected.

Netstat will report all the active network connections of your computer. You can estimate the length of this list considering the number of functions performed by modern network devices. It can be more than 1000 lines. Filtering the output of netstat is essential to understand what happened to the activated port of your computer. Its built-in flag allows you to set options, which can limit the output range of commands

netstat flags and options

To see all the options available for netstat, typeman netstatTo open the netstat user manual

Tips: man is short for manual


To add flags and options to netstat, you can use the following syntax

netstat [-AabdgiLlmnqrRsSvWx] [-c queue] [-f address_family] [-I interface] [-p protocol] [-w wait]

Warning: netstat works differently in Mac OS and Linux, so using flags and syntax in Mac OS will lead to unexpected results

Common flags

Here are some common flags
-A includes server ports in the output of netstat
-G lists information about multicast connections
-All valid interfaces can be viewed through – I flag, but en0 is usually the default outgoing network interface
-The advantage of hiding remote address tags with names is that it greatly speeds up the output of netstat and only sacrifices limited information
-The complete list of protocols is in / etc / protocols, but the most important protocols are UDP and TCP
-R shows the routing table, showing how packets are routed in the network
-S displays network statistics for all protocols, whether they are active or not
-V increase the level of detail, especially by adding a column to display the process ID (PID) associated with each open port

Examples of using netstat

  • $ netstat -apv TCP

This command returns only TCP connections on the Mac, including open ports and active ports. It also uses detailed output to list the PID associated with each connection

  • $ netstat -a | grep -i “listen”

Output the data with the keyword “listen” and find the result

The Mac OS version of netstat lacks many of the features expected by users. So it’s not as useful on Mac OS as it is on windows. At this time, lsof command replaces netstat and provides many functions that netstat lacks. Supplement netstat with lsof


Lsof shows any files currently open in any application. You can also use it to check the application related open ports and run thelsof -i, you will see a list of all applications that communicate with the Internet
Netstat is not easy to use on Mac. Try lsof

lsof flags and options

Displaying each open file or Internet connection is usually lengthy. That’s why lsof comes with flags to limit specific results. The following is the most important

Common flags

Here are some common flags

-I shows the names of all open network connections and the processes that use this connection. If you add a 4, such as – I4, the IPv4 connection will be shown; For example – I6 will show IPv6 connection
-I flag can continue to expand to specify more details, – itcp or – iudp will return only TCP or UDP links. – itcp: 25 will return TCP connections with port 25. You can also specify a port range, such as – itcp: 25-50
use [email protected] The IPv4 address with IP will be returned. The same is true for IPv6. The @ symbol can also be used to specify the host name in the same way,
-S forces the file size to be displayed, but when paired with – I, it has a different meaning: it allows the user to specify the protocol and state of the command to be returned
-P limits lsof to a specific process ID (PID). You can use – P 123456789 to set multiple PID. Process ID can also be excluded by ^ such as 123, ^ 456, which specifically excludes PID 456
-P disable port number to port name conversion, thus speeding up the output speed
-N it is forbidden to convert network numbers to host names. When used with – P above, it can significantly speed up the output of lsof
-U user returns only the commands owned by the specified user

Examples of lsof

This seemingly complex command lists all the TCP connections with the host name lsof. ITap and port 513. Using – P at the same time does not need to connect names to IP addresses and ports, so that the running speed of the command is significantly faster

  • $ lsof -iTCP -sTCP:LISTEN

This command returns each TCP connection with the status of listen and displays all open TCP ports on the Mac. It also lists the processes associated with those open ports. This is a major upgrade to netstat, which lists PID at most

  • $ sudo lsof -i -u^$(whoami)

This command returns all connections that the current logged in user does not own. Using sudo to run, you can view tasks that do not belong to you. Running this command without sudo returns an empty list

Other network commands

There are also ARP, Ping and ipconfig commands to check the network

Original address:Netstat is not easy to use on Mac. Try lsof and fly

Recommended Today

Looking for frustration 1.0

I believe you have a basic understanding of trust in yesterday’s article. Today we will give a complete introduction to trust. Why choose rust It’s a language that gives everyone the ability to build reliable and efficient software. You can’t write unsafe code here (unsafe block is not in the scope of discussion). Most of […]