How-To Determine Programs Using Open Port? -- taken from http://blog.jdpfu.com/2014/01/03/how-to-determine-programs-using-open-port

copy_disks.md

First, you'll need to list your disks. Just use the following to see which /dev/diskN node we're going to:

diskutil list

We'll need to unmount the disk to be cloned. We'll use the following command for that:

diskutil unmountDisk /dev/diskN

After unmounting all volumes, we're all set to start copying the contents of the disk:

sudo dd if=/dev/rdisk2 of=/dev/rdisk3.img bs=128m conv=noerror,sync

Where if stands for input file and of lists the desired output stream. Also, notice the r leading each diskX name. This is supposedly done in order to improve speed up the whole process.

NOTE This process varies slightly if using any Linux distro or anything other than OS X:

1. It's not necessary to unmount the drive before using dd
2. Devices can be listed via fdisk -l instead of diskutil list
3. Your device node should be located under /dev/sda, instead of /dev/disk
4. Use umount instead of diskutil unmountDisk to unmount any drives

Source

programs_using_open_port.md

lsof

sudo lsof -l -P|grep LISTEN

lsof – list open files. Requires admin-level access. Running it without sudo will show this. grep – look for specific things in the output.

On most desktop systems, I’d expect to see only ntpd, sshd and cupsd in the list. Might see smbd and rpc.statd (NFS) too if those were setup.

netstat

netstat --all --program|egrep -v unix|more

Shows much of the same information, just in a different format, but it also shows live connections outbound. Since this shows outbound connections, email, browser, IM and any socket connection within the same machine will show up too. Might need to use sudo on the netstat to see some programs, but at least most of the output does not need root.