Software recommendation: Command line network analyser that shows owning process

macos command-line network

I'm looking for something that is a mix of tcpdump, lsof, and netstat.

I want to be able to filter like tcpdump, but have an additional column showing the process ID. At the end I'd like to be able to stats like wireshark, but by application.

Why, you ask?

Good question. I want to be able to answer things like this:

  • What process is connecting on port 80 to *le100.com (owned by google)
  • Why am I seeing packets to amazonaws when I have no browsers running?
  • Why is there traffic to stackoverflow.com when I have no web pages open to it?

GUI or commandline doesn't matter.

This got started when I was trying to figure what was taking up all the bandwidth on my rather limited connection. (We have 4 computers in the house for an asymetric 2M/500k connection. That's bits, not bytes.)


Solution 1:

lsof will do this with the correct flags and arguments. The following flags will show you the program and PID using the open connections.

-P to show you port numbers instead of names.
-i[tcp|udp][@hostname|IP][:port]

Here are examples for the 3 situations you listed.

lsof [email protected]:80

Note, I do not believe that lsof allows globbing with *

lsof [email protected]

or

lsof [email protected]

Related

Encrypted external drive usually prompts for password, despite being in keychain
How to disable the rubber banding/elastic scroll effect in OS X Mavericks?
OSX loud siren that starts every 1-5 minutes?
How can I stop sound switching to internal if I close the lid on my MacBook while playing video on HDMI-connected TV
Constant flickering on my external display
Calendar show more all-day events
How to "chroot" a terminal inside a DMG?
When to use the double not (!!) operator in JavaScript
How to crop an image in android? [duplicate]
JavaScript || or operator with an undefined variable
How can I fix the Kerberos double-hop issue?
Landscape Mode ONLY for iPhone or iPad