Which port is app using on Mac?

How can I tell which ports an application is trying to use on Mac OS X 10.6.3?  For example, I have my Mac Mail configured to connect to an SSL port on 993.  However, I get errors that it cannot connect.  Port 993 is open on the firewall.  I shut off my modem/router firewall and it is able to connect.  

With the firewall up and running a Netstat through the Network Utility, I see entries such as this:

tcp4       0     79  192.168.0.4.55886      mx251o.mysite4no.imaps FIN_WAIT_1

I have the entire 54000-56999 block open for TCP/UDP.  What does FIN_WAIT_1 mean and could that be why Mac Mail can't connect?
brettrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

quizwedgeCommented:
For seeing what ports are active, check out Little Snitch: http://www.obdev.at/products/littlesnitch/index.html  At the very least, it will tell you if Mac Mail is trying to connect.

FIN_WAIT_1 means "The socket connection has been closed by the local application, the remote peer has not yet acknowledged the close, and the system is waiting for it to close its half of the connection."  See http://developer.apple.com/mac/library/DOCUMENTATION/Darwin/Reference/ManPages/man1/netstat.1.html

In short, it looks like the FIN_WAIT_1 status is showing that your application (Mac Mail) has closed the connection, but not gotten a response from the server.

One test I thought of is using Telnet while your firewall is on.  Follow the directions at http://www.wikihow.com/Use-Telnet-on-Mac-OS-X.  Try it with both host name (e.g. www.google.com) and IP address (e.g. 72.125.19.106)  User port 993 for both test.  If it works for the IP address, but not the host name, then it is probably a DNS connection issue (check UDP ports allowed) rather than a Port 993 issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brettrAuthor Commented:
I rebooted the modem/router and now Mac Mail seems to work fine.  However, Teamviewer is still having issues.  Even after the reboot and with the firewall off, Little Snitch shows that it keeps prompting to connect to port 80 on a never ending steam of different IP addresses.  I keep granting but it doesn't connect.

It was working fine today with the firewall off.  Not sure why it doesn't connect now.  Do you have any suggestions?
0
brettrAuthor Commented:
Ok, restarted Teamviewer and opened a port it continually prompted on through Little Snitch.  Then restarted Teamviewer again.  Works fine now.

Thanks on Little Snitch.  Excellent app.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

brettrAuthor Commented:
Do you know if there is anything like Little Snitch for Windows?
0
quizwedgeCommented:
I can't recommend an equivalent for Windows, though it's a question that comes up.  I found a few suggestions, but I can't endorse any of them as I haven't tried most of them.  I don't know that I'll ever install another Comodo software product though.  The two that I have installed before caused me more problems than they solved.  Check out http://forums.appleinsider.com/showthread.php?t=60569 and http://www.insanelymac.com/forum/lofiversion/index.php/%22http:/t62323.html

Glad I could help.
0
marookCommented:
One question that hits me: Why do you block Outgoing traffic on your firewall?
0
quizwedgeCommented:
marook - One reason would be to try to block spyware from sending information back.
0
marookCommented:
Well, yeah, but they all normally act as a normal app, and it's a stupid spymare developer if they don't use port 80 and pretend to be HTTP traffic.
But still, You can't tell what port a local app will use, as it's the end port that is the target. The local 'socket' will always be between 1024 & 65550 - right?  ;-)
So blocking the source port from internal app's is just meant to give you trouble. Blocking what Destination port is trying to get accessed, is what you want to do.
0
brettrAuthor Commented:
@marook:

I have a Motorola SBG900.  How do you not block outgoing traffic?  From what I understand, the firewall will block everything and you have to punch out the specific holes for in/out traffic.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.