How to find which process used a port? Possible Trojan.

% lsof -nP -i4TCP:$63681 | grep LISTEN

lsof: unacceptable port specification in: -i 4TCP:

lsof 4.89

latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/

latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ

latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man

usage: [-?abhlnNoOPRtUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cgG]]

[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+|-M] [-o [o]] [-p s]

[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]

Use the ``-h'' option to get more help information.

% sudo lsof -iTCP -sTCP:LISTEN -n -P

shows about 25 lines of things on various ports, but 1) my port of interest isn't there - is there an option to have it wait and keep testing until it shows up, or I need to write a script for that, and 2) I would assume there are more than 25 processes making connections right now - what are the criteria for being shown on this list? Thanks!!

That's it, I wasn't in bash. Now it works. I'll run it and see if it catches it again. I haven't seen IP 54.36.160.184 reported anywhere as a Mac trojan target.