How can I see incoming connections on my Mac?
April 5, 2005 3:35 AM   Subscribe

Is there an application (for OS X) that shows me who's trying to connect to my mac? Kinda like Little Snitch, but for incoming connections? Netstat just gives me a huge list of everything happening on all ports, which is kinda useless to me.
posted by slater to Computers & Internet (7 answers total)
At first i thought you meant who is connected to your Mac, but then I reread the question. First off, netstat only shows actual, honest-to-God connections (or ports that are open and waiting for connections) so it will never show attempts to connect that do not succeed.

Is your Mac directly connected to your DSL/cable modem, or are you behind a router of some sort?

If the former, then it depends on whether you can set up the built-in firewall in OSX to log packets that it drops--I haven't done this on my Mac, but on my own homegrown firewall PC running OpenBSD, the firewall package can be configured to log packets that it's dropping (in my case, I have it log when it rejects packets that are probably from Microsoft worms trying to scan me for vulnerabilities...just for kicks).

If you look around you should either find an existing log that the firewall service currently creates (unlikely), or possibly the ability to modify a configuration file to activate such logging. Not exactly Little Snitch-like GUI happiness, though, and I don't know how console-savvy you are.

If you are behind a router, then unless it's a homegrown solution like my aforementioned firewall, it's much less likely that you can get the info you seek, although it does depend on the brand and type of router/firewall you have. Like before, you'd need to do some research on your own.
posted by cyrusdogstar at 5:12 AM on April 5, 2005

My router's software allows me to log dropped packets as well. The problem is that there are SO MANY attempts that you'll quickly decide that the information is pretty useless and you'll just trust your firewall to protect you.

I don't think there is much you can do about it anyway....
posted by HuronBob at 6:52 AM on April 5, 2005

Good point, HuronBob. slater, is there a motive for this? If so, we might be able to provide more targeted advice :) Otherwise, HuronBob is right, there will be a TON of junk going by.

Even just looking at rejected Windows-worm-port traffic (TCP 445 and 135 if I remember correctly) is a lot, and while that's probably the bulk of what you'll see, it's not the entirety by a long shot.
posted by cyrusdogstar at 7:41 AM on April 5, 2005

tcpdump. not sure if it's part of the bsd tools package or if I installed it thru fink, but in any case it works. also, you can be very selective about what sort of traffic you want to monitor, reducing noise.
posted by dorian at 8:10 AM on April 5, 2005

Hi guys, thanks for the answers. What I'm looking for is basically an app that behaves like..hmm... Zonealarm on Windows. With that, you can set it to alert you every time someone tries to connect to your PC ("IP xxx.xx.xx.xx has tried to connect, allow or tell him to eff off?").

The real reason (there's always one) I want/need this is cos I'm trying to get SSH login working to my mac mini, and I'm not sure where the hang-up is. I've set DynDNS to the correct IP, but I'm not sure where the problem is. Yes, I'm behind a router. So my thinking was "Hey, if there's an app out there that tells me whether the Mac has received an incoming connection request, I'll at least know where the problem is!"
posted by slater at 6:56 AM on April 6, 2005

There's HenWen which is a Mac GUI for Snort. Also, I think IPNetSentryX can do this. I'm sure there are some Unix tools I'm not aware of as well. Can you ping your machine from outside?
posted by hyperizer at 3:42 PM on April 6, 2005

hyperizer: well, i'm behind a router, but i can ping that from the outside, yes. Thanks for the links, I'll check them out.
posted by slater at 12:39 AM on April 7, 2005

« Older Recovering Word 6.0 (Mac) documents   |   Help me find more examples of Code as Poetry Newer »
This thread is closed to new comments.