Macos – No idea what is listening on port 80 in OS X

iptablesmacosnetworkingportport-forwarding

I'm on OSX Mountain Lion 10.8.3, and I've freshly rebooted my Mac.

I want to start a service (like Apache on port 80), but there is already something going on with port 80:

telnet localhost 80

Trying ::1...
Connected to localhost.
Escape character is '^]'.

Wait, I hear you say, you can find that with lsof or netstat. Except there is nothing there

netstat -an | grep LISTEN | grep '\.80'

*comes back blank*

lsof -i :80 | grep LISTEN

*comes back blank

So from what I know about unix systems, I figure this must be a packet forwarding rule then? I.e. packets are being forwarded from inbound port 80 to something else, which is listening on that service.

ipfw show

65535 0 0 allow ip from any to any

Hmm, nothing unusual there

pfctl -s nat

No ALTQ support in kernel
ALTQ related functions disabled

Nothing unusual there

My question is, how can I display any packet forwarding rules… On Linux I might just do iptables -L -t NAT, or iptables -L. Or alternatively, can any OSX experts help me diagnose this problem?

Best Answer

You need to run these commands as root to show other users' processes, for example:

sudo lsof -i ':80'

Mac OS X includes an Apache web server that can be controlled using apachectl as root. It's usually started via launchd, the corresponding configuration file is /System/Library/LaunchAgents/org.apache.httpd.plist. If it's not this Apache running on port 80, it is probably launchd, Apple's implementation of a daemon manager. According to Wikipedia:

When launchd scans through the job plists at boot time it reserves and listens on all of the ports requested by those jobs. If so indicated in the plist by the "OnDemand" key, the daemon is not actually loaded at the time. Rather, launchd will listen on the port, start the daemon when needed, and shut it down when it is not. After a daemon is loaded, launchd will keep track of it and make sure it is running if needed.