← Back to Blog

How to List All Open Ports on Mac

Three ways to list every open port on your Mac: lsof, netstat, and a GUI. Includes commands for TCP, UDP, and filtering by process or port number.

You start a dev server and something’s already there. Or you want a complete picture of what your Mac is listening on before deploying an app. Either way, macOS has the tools — they just aren’t obvious.

Here are the three ways to list open ports on a Mac, from fastest one-liner to most thorough.

Method 1: lsof (the best all-around command)

lsof — list open files — treats network sockets as files. It shows you every listening port, the process name, the PID, and the protocol.

List all listening TCP ports:

sudo lsof -iTCP -sTCP:LISTEN -n -P

Sample output:

COMMAND     PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
node       1421  aaron   23u  IPv6 0xa1b...         0t0  TCP *:3000 (LISTEN)
postgres   1803  aaron    5u  IPv6 0xb2c...         0t0  TCP *:5432 (LISTEN)
ruby       2044  aaron   11u  IPv4 0xc3d...         0t0  TCP *:8080 (LISTEN)

Flag breakdown:

  • -iTCP — filter to TCP sockets only
  • -sTCP:LISTEN — show only sockets in the LISTEN state (not established connections)
  • -n — skip reverse DNS lookup (much faster)
  • -P — show port numbers, not service names (shows 3000 instead of hbci)

Include UDP ports too:

sudo lsof -i -n -P | grep LISTEN

List all ports (TCP + UDP, including established connections):

sudo lsof -i -n -P

This is more verbose — you’ll see every open socket, including active connections to remote servers. Pipe through grep to filter:

# Just your Node process
sudo lsof -i -n -P | grep node

# Everything on a specific port
sudo lsof -i :5432 -n -P

Why sudo? Without it, lsof only shows sockets owned by your user account. System processes like mDNSResponder, ControlCenter, and kernel extensions run as root. You’ll get an incomplete list without sudo.

Method 2: netstat

netstat is older and its macOS output differs from Linux. The key limitation: on macOS, netstat does not show process names or PIDs. You’ll see addresses and ports but can’t tell which app owns them.

netstat -an | grep LISTEN

Sample output:

tcp4       0      0  *.3000                 *.*                    LISTEN
tcp4       0      0  *.5432                 *.*                    LISTEN
tcp6       0      0  *.8080                 *.*                    LISTEN

Useful if you want a fast scan and don’t care which process is behind each port. If you need process names, use lsof instead.

See listening ports with port numbers (not service names):

netstat -anp tcp | grep LISTEN

Method 3: nmap (for scanning a local IP range)

nmap is a network scanner — it probes ports from the outside rather than reading the kernel’s own socket table. Useful when you want to see what a remote machine or your Mac exposes to the local network.

It requires installation:

brew install nmap

Scan all ports on localhost:

sudo nmap -sT -p- 127.0.0.1

Quick scan of the most common 1000 ports:

nmap localhost

nmap is overkill for simply listing what your own Mac is listening on — lsof is faster and more accurate for that. Use nmap when you want to verify what a host exposes on the network, not just what its own kernel tracks.

Quick Reference

What the Output Actually Means

When lsof shows *:3000 (LISTEN), it means:

  • The process is listening on all network interfaces on port 3000. Any machine on your local network that can reach your IP can attempt a connection.
  • 127.0.0.1:3000 means the process is bound to localhost only — no external access.
  • 192.168.1.5:3000 means it’s bound to a specific interface.

If you see a system process you don’t recognize, a few are normal:

  • ControlCenter on ports 5000 and 7000 — AirPlay Receiver. Enabled by default in System Settings > General > AirDrop & Handoff.
  • mDNSResponder on port 5353 — Bonjour, used for local network device discovery.
  • rapportd — a Continuity feature for iPhone–Mac interaction.
  • Ports in the 49152–65535 rangeephemeral ports, used temporarily for outbound connections. Normal to see many of these.

Listing Only Ports Owned by Your User

If you’re only interested in your own processes — not system daemons — drop sudo:

lsof -iTCP -sTCP:LISTEN -n -P

This limits output to processes running under your user account. Faster, no password prompt, sufficient for most dev workflows.

Kill a Port That’s in Use

Found the offending process? If port 3000 is stuck, kill the process directly:

kill -9 $(lsof -ti :3000)

The -t flag makes lsof output just the PID — no headers, no columns — so you can feed it straight into kill. See how to kill a process by port on Mac for the full walkthrough, including when to use SIGTERM instead of SIGKILL.

See All Open Ports Without the Terminal

Running lsof every time you start or stop a service gets old fast. Portie gives you a live list of every open port on your Mac, updated automatically every 3 seconds — no commands to remember.

You can see the process name, PID, protocol, and socket state in a sortable table. Toggle between a flat port list and a view grouped by application. Click any row to see the full connection details.

Local port monitoring is free. The $8.99 one-time unlock adds one-click process termination (with a choice of SIGTERM or SIGKILL) and remote port scanning for other hosts on your network.

Download Portie and replace your lsof habit with a live dashboard.

Try Portie Free

See every open port on your Mac, which app owns it, and kill processes from the list.

Download Free