The author here mainly describes the use of Netstat and LSOF, as well as the lack of many functions of Netstat in the MAC system, in this scenario, LSof is a good supplement. Personally, I prefer to use LSof, but for Netstat, even on Linux, SS is recommended instead
netstat
The netstat command lists detailed information about your computer’s network communications, including all the ways your computer can talk to the outside world through all its ports and applications. So, conquering Netstat can help you understand how and how your computer connects.
Netstat reports all active network connections to your computer, and you can expect the length of this list given the number of functions performed by modern network devices. It can exceed 1000 lines. Filtering the output of netstat is essential to understanding what is happening to the active port on your computer. Its built-in flag allows you to set options so that you can limit the output range of commands
netstat flags and options
To see all available options for Netstat, you can type man netstat to open the Netstat manual
Tips: Man is short for manual
grammar
To add flags and options to Netstat, you can use the following syntax
netstat [-AabdgiLlmnqrRsSvWx] [-c queue] [-f address_family] [-I interface] [-p protocol] [-w wait]
Copy the code
Warning: Netstat works differently on macOS than on Linux, so using flags and syntax on macOS can cause undesirable results
The commonly used flags
-a Includes the server ports in the netstat output.
-g lists multicast connections information
-i interface Displays data packets on a specified interface. All valid interfaces can be viewed through -i Flag, but en0 is usually the default outgoing interface.
-n Hides the remote address label with the name, which greatly speeds up netstat output while sacrificing only limited information
-p protocol Lists the traffic associated with a specific network protocol. The complete list of protocols is located in /etc/protocols, but the most important protocols are UDP and TCP
-r displays the routing table, showing how packets are routed through the network
-s Displays network statistics for all protocols, whether they are active or not
-v Increases the level of detail, in particular by adding a column to show the process ID(PID) associated with each open port
Netstat Example
- $ netstat -apv TCP
This command returns only TCP connections on the Mac, including open and active ports. It also uses verbose output to list the Pids associated with each connection
- $ netstat -a | grep -i “listen”
Output data with the keyword “listen” and find the results
netstat
themacOS
The version lacks many of the features that users have come to expect. So, it’s inmacOS
Is not as useful as on Windows. At this time,lsof
Replace thenetstat
Provides a lot ofnetstat
Missing features. withlsof
supplementnetstat
lsof
lsof
Displays any files that are currently open in any application, and you can also use it to check open ports associated with the application, runlsof -i
, you’ll see a list of all the applications that communicate with the Internet
lsof flags and options
Displaying every open file or Internet connection is often tedious. This is why LSOF comes with flags to restrict certain results. The following is the most important
The commonly used flags
Here is a list of common flags:
-I displays the names of all open network connections and the processes that use the connection. If a 4 is added, such as -i4, the IPv4 connection is displayed. For example, -i6 displays IPv6 connections. -i flag can be extended to specify more details, -itcp or -iudp will return only TCP or UDP links. -itcp :25 will return TCP connections with port 25. You can also specify a port range, such as -itcp :25-50. Using [email protected] will return an IPv4 address with IP 1.2.3.4. The @ symbol can be used in the same way to specify hostname
-s enforces the display of file size. But when paired with -i, it has a different meaning: it allows the user to specify the protocol and status of the command to be returned
-p limits lsOF to a specific process ID (PID). Multiple pids can be set using -p 123,456,789, etc. The process ID can also be excluded with ^, such as 123, ^456, which specifically excludes PID 456
-p Disables the conversion from the port number to the port name to speed up output
-n Disables the conversion of network numbers to host names. When used with the -p above, it can significantly speed up lsOF output
-u user Returns only the commands owned by the specified user
Lsof: example
- $ lsof -nP [email protected]:513
This seemingly complex command lists all TCP connections with the host name lsof. Itap and port 513. When -p is used at the same time, you do not need to connect names to IP addresses or ports, which speeds up the running of the command
- $ lsof -iTCP -sTCP:LISTEN
This command returns each TCP connection in LISTEN and displays all open TCP ports on the Mac. It also lists the processes associated with those ports that are open. This is a major upgrade over Netstat, which lists pids at most
- sudo lsof -i -u^(whoami)
This command returns all connections that the current logged-on user does not own. Run with Sudo to view tasks that don’t belong to you. Running this command without using sudo returns an empty list
Other Network Commands
Other commands to check the network are arp, ping, and ipconfig
Netstat doesn’t work on MAC, try lsof