FixPedia
macOS

Checking Open Ports on macOS: A Complete Guide

In this guide, you'll learn how to check open network ports on macOS using built-in utilities (lsof, netstat) and third-party tools. This will help diagnose network issues, verify service operation, and enhance system security.

Updated at February 16, 2026
10-15 min
Medium
FixPedia Team
Применимо к:macOS 12 MontereymacOS 13 VenturamacOS 14 Sonoma

Introduction / Why This Is Needed

Understanding which network ports are open on your Mac is critically important for:

  • Diagnosing network issues: Why can't an application connect? Perhaps the port is in use.
  • Security: Detecting unauthorized services that might be listening on the network.
  • Development: Verifying that your web server (e.g., on port 3000 or 8000) is actually running and accessible.
  • Administration: Managing the firewall and configuring access rules.

After completing this guide, you will be able to quickly obtain an accurate list of active network connections, the processes using them, and their status.

Requirements / Preparation

  1. macOS (current version; instructions verified on Monterey, Ventura, Sonoma).
  2. Access to Terminal (in the Applications/Utilities folder or via Spotlight (Cmd+Space, type Terminal)).
  3. Basic command-line skills (entering commands, understanding output).
  4. Some commands require administrator privileges (user password when prompted for sudo).
  5. (Optional) Installed Homebrew to install nmap.

Step-by-Step Guide

lsof (list open files) is a powerful utility that shows all open files, including network sockets. This is the most informative method.

Open Terminal and run:

sudo lsof -i -P | grep LISTEN

What the command does:

  • sudo — requests superuser privileges to see system processes.
  • lsof -i — filters output to show only network connections.
  • -P — displays port numbers numerically (e.g., :80 instead of :http), which is more precise.
  • | grep LISTEN — keeps only lines where the socket state is LISTEN (port is open and waiting for connections).

Example output:

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
Python  1234 user   3u  IPv4 0xabc 0t0  TCP *:8080 (LISTEN)
nginx   5678 root   6u  IPv6 0xdef 0t0  TCP *:80 (LISTEN)

Here you can see that a Python process (PID 1234) is listening on port 8080, and nginx (PID 5678) is listening on port 80.

Step 2: Filtering by Protocol and Specific Port

Often you need to search not for all ports, but only TCP or UDP, or a specific service.

Show all TCP ports (LISTEN and established connections):

sudo lsof -i tcp

Show all UDP ports:

sudo lsof -i udp

Check if a specific port is open (e.g., 3306 for MySQL):

sudo lsof -i :3306

If the port is in use, you will see the process. If the output is empty — the port is free for listening on the local interface. This does not mean a remote host isn't listening on that port.

Show connections established from your machine (e.g., your Mac connected to a remote server):

lsof -i -a -p <PID_of_your_application>

Replace <PID_of_your_application> with the process ID.

Step 3: Alternative Method — The netstat Command

netstat shows statistics for network interfaces, routing tables, and, of interest to us, a list of sockets.

Show all listening TCP ports (without process names):

netstat -an | grep LISTEN

-a — all sockets, -n — numeric output (don't resolve port names to service names).

To see the process along with the port, netstat on macOS does not show this by default. It's better to use lsof from Step 1.

Step 4: Advanced Analysis with nmap

nmap is a network scanner that can perform deeper analysis of open ports, detect service versions, and the OS.

  1. Install nmap (if not already installed): 
    brew install nmap
  2. Scan the local host (localhost):
    nmap -sT -O localhost
    • -sT — TCP connect scan (full connection), slower but doesn't require special privileges.
    • -O — attempts to detect the operating system.
    • localhost — scans your own computer. To scan another host, specify its IP.

The result will include a list of open ports, their state (open, closed, filtered), and, if possible, the service name.

Step 5: Graphical Method — Activity Monitor

If you prefer a GUI:

  1. Open Activity Monitor (via Applications/Utilities or Spotlight).
  2. Go to the Network tab.
  3. At the bottom of the window, click the Open Ports button.
  4. A table will appear showing ports, protocol (TCP/UDP), and the process name.

Limitation: This method doesn't show all details (e.g., the specific IP address the port is bound to), and the list may not update in real-time.

Verifying the Result

After completing the steps, you should have:

  1. A list of processes (names, PIDs) that are listening on network ports.
  2. Port numbers and protocols (TCP/UDP).
  3. Address type (*: — all interfaces, 127.0.0.1: — localhost only).

Example of a correct result for a web developer: You see in the lsof output a line with your process (e.g., node, python3, ruby) and port 3000 (or 8000, 8080). This means your server is running and accessible at http://localhost:3000.

Potential Issues

⚠️ Issue 1: The sudo lsof command doesn't show some processes.Solution: Ensure you entered the password correctly. Some system processes (especially in SIP-protected areas) may not appear even with sudo. In this case, use sudo lsof -i -P -n to disable name resolution (-n).

⚠️ Issue 2: I see many lines with *:ipp or *:mdns. Is this normal?Solution: Yes, these are standard system services (Bonjour, IPP for printers). Not all of them are vulnerabilities. Investigate only processes you don't recognize or those using non-standard ports (e.g., above 1024, if it's not your software).

⚠️ Issue 3: The port is clearly open, but the application cannot connect to it.Solution: Check which interface the port is bound to. If the lsof output shows 127.0.0.1:3000, it can only be connected to from the Mac itself. For network access, the port must be open on 0.0.0.0:3000 or on a specific local IP (e.g., 192.168.1.10:3000). Also check your firewall settings (System Preferences -> Network -> Firewall).

💡 Tip: Save the output to a file for analysis. Append > ports.txt to any command, for example: sudo lsof -i -P | grep LISTEN > ~/Desktop/ports_$(date +%Y-%m-%d).txt. This creates a timestamped file on your Desktop.

⚠️ Issue 4: nmap shows the port as filtered.Solution: This means there is a firewall between you and the target that is blocking packets. On a local host (localhost) this shouldn't happen. If scanning a remote host, this is expected. Ensure your local macOS firewall allows connections for the application (System Preferences -> Network -> Firewall -> Firewall Options...).

F.A.Q.

Do I need administrator privileges to check ports?
What's the difference between `lsof` and `netstat`?
How to check if a specific port, like 8080, is open?
Can I automate the check and receive notifications?

Hints

Using the lsof command (recommended method)
Filtering by specific port or protocol
Alternative: netstat command
Installing and using nmap for advanced scanning
Graphical method via Activity Monitor

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community