Listening Ports

Overview

Evidence: Listening Ports Description: Collect Listening Ports Category: Network Platform: macos Short Name: lport Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Listening ports reveal network services exposed by the macOS host. This data is essential for identifying unauthorized services, backdoors, and network‑facing attack surface.

Data Collected

This collector gathers structured data about listening ports.

Listening Ports Data

Field

Description

Example

PID

PID

123

Port

Port

123

Protocol

Protocol

123

Family

Family

123

Address

Address

Example value

FileDescriptor

File Descriptor

123

Socket

Socket

123

Path

Path

Example value

Collection Method

This collector queries the listening_ports table via osquery and records results into listening_ports.

Forensic Value

This evidence is crucial for forensic investigations as it correlates processes with ports, enabling detection of rogue services and covert listeners.

PreviousLaunchd Overrides NextLogged Users

Last updated 2 days ago

Was this helpful?