Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Goody7
Goody7 Author
User level: Level 1
15 points

Want to know if my mac has been hacked or if someone is signed on?

Hello,


I've done a shell command "n" and "netstat" and here are the results. Can anyone tell me if someone is singed on or hacking my mac? Thanks so much! This is actually just half of it.


Last login: Fri Aug 23 18:22:40 on ttys000

curt-studio-a:~ appleuser$ w

18:36 up 6:04, 2 users, load averages: 0.95 1.17 1.22

USER TTY FROM LOGIN@ IDLE WHAT

appleuser console - 12:39 5:56 -

appleuser s000 - 18:36 - w

curt-studio-a:~ appleuser$ netstat

Active Internet connections

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 curt-studio-a.lo.53299 lga15s35-in-f0.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53297 lga15s35-in-f7.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53296 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53294 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53293 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53292 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53291 lga15s35-in-f0.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53290 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53289 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53287 lga15s35-in-f14..http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53283 lga15s35-in-f2.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53282 lga15s35-in-f2.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53277 lga15s35-in-f2.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53276 lga15s35-in-f2.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53275 lga15s35-in-f2.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53274 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53273 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53271 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53270 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53268 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53266 lga15s35-in-f4.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53138 lga15s35-in-f15..https CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53136 lga15s29-in-f16..https CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53077 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53076 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53075 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53074 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53073 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53072 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53071 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53070 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53069 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53068 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53067 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53066 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53065 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53064 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53062 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53061 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53060 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53059 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53058 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53057 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53056 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53055 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53054 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53053 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53052 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53051 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53050 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53048 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53047 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53046 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53045 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53043 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53042 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53038 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53036 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53035 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53034 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53032 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53031 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53030 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53029 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53028 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53027 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53026 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53025 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53024 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53023 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53022 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53021 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53020 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53019 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53018 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53017 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53016 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53015 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53013 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.53008 lga15s35-in-f8.1.http CLOSE_WAIT

tcp4 0 0 curt-studio-a.lo.49159 17.172.232.200.5223 ESTABLISHED

udp46 0 0 *.* *.*

udp6 0 0 *.61601 *.*

udp4 0 0 *.61601 *.*

udp6 0 0 *.49159 *.*

udp4 0 0 *.49159 *.*

udp6 0 0 *.62578 *.*

udp4 0 0 *.62578 *.*

udp6 0 0 *.64663 *.*

udp4 0 0 *.64663 *.*

udp6 0 0 *.61279 *.*

udp4 0 0 *.61279 *.*

udp6 0 0 *.58867 *.*

udp4 0 0 *.58867 *.*

udp6 0 0 *.61877 *.*

udp4 0 0 *.61877 *.*

udp6 0 0 *.63683 *.*

udp4 0 0 *.63683 *.*

udp6 0 0 *.54505 *.*

udp4 0 0 *.54505 *.*

udp6 0 0 *.62486 *.*

udp4 0 0 *.62486 *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 curt-studio-a.lo.ntp *.*

udp6 0 0 curt-studio-a.lo.ntp *.*

udp6 0 0 localhost.ntp *.*

udp4 0 0 localhost.ntp *.*

udp6 0 0 localhost.ntp *.*

udp6 0 0 *.ntp *.*

udp4 0 0 *.ntp *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp6 0 0 *.mdns *.*

udp4 0 0 *.mdns *.*

udp4 0 0 *.netbios-dgm *.*

udp4 0 0 *.netbios-ns *.*

icm6 0 0 *.* *.*

Active LOCAL (UNIX) domain sockets

Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr

87fd564 stream 0 0 0 5dc7094 0 0 /var/run/mDNSResponder

5dc7094 stream 0 0 0 87fd564 0 0

87fd1ec stream 0 0 0 58c4de0 0 0

58c4de0 stream 0 0 0 87fd1ec 0 0

5dc7250 stream 0 0 0 8214030 0 0 /var/run/usbmuxd

8214030 stream 0 0 0 5dc7250 0 0

87fda98 stream 0 0 0 8213d4c 0 0 /var/run/usbmuxd

8213d4c stream 0 0 0 87fda98 0 0

58c4378 stream 0 0 0 0 0 0

58c4128 stream 0 0 0 58c5b2c 0 0

58c5b2c stream 0 0 0 58c4128 0 0

821468c stream 0 0 0 8213de0 0 0 /var/run/usbmuxd

8213de0 stream 0 0 0 821468c 0 0

8214280 stream 0 0 0 8214d7c 0 0 /var/tmp/launchd/sock

8214d7c stream 0 0 0 8214280 0 0

821443c stream 0 0 0 821

0

8214158 stream 0 0 0 821443c 0 0

58c45c8 stream 0 0 0 6fcdc54 0 0 /var/tmp/launchd/sock

6fcdc54 stream 0 0 0 58c45c8 0 0

6fccf9c stream 0 0 0 58c46f0 0 0 /var/run/usbmuxd

58c46f0 stream 0 0 0 6fccf9c 0 0

8213f9c stream 0 0 0 8214a04 0 0 /var/run/mDNSResponder

8214a04 stream 0 0 0 8213f9c 0 0

87fd720 stream 0 0 0 5e1a1bc 0 0

5e1a1bc stream 0 0 0 87fd720 0 0

8214b2c stream 0 0 0 5e1bbc0 0 0

5e1bbc0 stream 0 0 0 8214b2c 0 0

58c543c stream 0 0 86c7030 0 0 0 /tmp/launchd-663.OflUwN/sock

58c4534 stream 0 0 0 82143a8 0 0 /var/run/usbmuxd

82143a8 stream 0 0 0 58c4534 0 0

58c5030 stream 0 0 0 87fd3a8 0 0 /var/run/usbmuxd

87fd3a8 stream 0 0 0 58c5030 0 0

5dc8314 stream 0 0 0 6fccc24 0 0

6fccc24 stream 0 0 0 5dc8314 0 0

5e1a65c stream 0 0 0 5dc765c 0 0 /var/run/usbmuxd

5dc765c stream 0 0 0 5e1a65c 0 0

58c4c24 stream 0 0 0 58c4afc 0 0 /var/run/usbmuxd

58c4afc stream 0 0 0 58c4c24 0 0

58b1a68 stream 0 0 0 87fd8dc 0 0 /var/run/usbmuxd

87fd8dc stream 0 0 0 58b1a68 0 0

6fcd3a8 stream 0 0 0 6fcc784 0 0 /var/run/usbmuxd

6fcc784 stream 0 0 0 6fcd3a8 0 0

5e1b720 stream 0 0 0 87fdce8 0 0 /var/run/usbmuxd

87fdce8 stream 0 0 0 5e1b720 0 0

58c5ea4 stream 0 0 0 58c5bc0 0 0 /var/run/usbmuxd

58c5bc0 stream 0 0 0 58c5ea4 0 0

58c4cb8 stream 0 0 0 58b1940 0 0 /var/run/usbmuxd

58b1940 stream 0 0 0 58c4cb8 0 0

6fcc6f0 stream 0 0 0 5e1a784 0 0 /var/run/usbmuxd

5e1a784 stream 0 0 0 6fcc6f0 0 0

6fccafc stream 0 0 0 58c4f9c 0 0 /var/run/usbmuxd

58c4f9c stream 0 0 0 6fccafc 0 0

58c4d4c stream 0 0 0 0 0 0

58b1818 stream 0 0 0 5e1a6f0 0 0 /var/run/usbmuxd

5e1a6f0 stream 0 0 0 58b1818 0 0

5e1b970 stream 0 0 0 58c4f08 0 0

58c4f08 stream 0 0 0 5e1b970 0 0

58c55f8 stream 0 0 0 0 0 0

87fd5f8 stream 0 0 0 58c5c54 0 0 /var/run/usbmuxd

58c5c54 stream 16266 0 0 87fd5f8 0 0

58c568c stream 0 0 0 58c57b4 0 0 /var/run/usbmuxd

58c57b4 stream 0 0 0 58c568c 0 0

58c58dc stream 0 0 0 87fdc54 0 0 /var/run/mDNSResponder

87fdc54 stream 0 0 0 58c58dc 0 0

58c5970 stream 0 0 0 58c5720 0 0 /var/run/mDNSResponder

58c5720 stream 0 0 0 58c5970 0 0

5dc7e74 stream 0 0 0 87fd0c4 0 0 /var/run/mDNSResponder

87fd0c4 stream 0 0 0 5dc7e74 0 0

5dc7f9c stream 0 0 0 58c5e10 0 0 /var/run/mDNSResponder

58c5e10 stream 0 0 0 5dc7f9c 0 0

58c54d0 stream 0 0 0 6fcc9d4 0 0 /var/run/mDNSResponder

6fcc9d4 stream 0 0 0 58c54d0 0 0

87fdd7c stream 0 0 0 5dc8a98 0 0 /var/run/mDNSResponder

5dc8a98 stream 0 0 0 87fdd7c 0 0

6fcd564 stream 0 0 0 87fd280 0 0 /var/run/mDNSResponder

0

58c5848 stream 0 0 0 58c5f38 0 0 /var/run/mDNSResponder

58c5f38 stream 0 0 0 58c5848 0 0

6fcd5f8 stream 0 0 0 87fda04 0 0 /var/run/mDNSResponder

87fda04 stream 0 0 0 6fcd5f8 0 0

87fdea4 stream 0 0 0 87fde10 0 0

87fde10 stream 0 0 0 87fdea4 0 0

5e1aafc stream 0 0 0 6fcc2e4 0 0 /tmp/com.adobe.csi.ctrl-CS7-appleuser

6fcc2e4 stream 0 0 0 5e1aafc 0 0

5e1ba04 stream 0 0 0 5e1b564 0 0 /tmp/com.adobe.csi.ctrl-CS7-appleuser

5e1b564 stream 0 0 0 5e1ba04 0 0

6fcc40c stream 0 0 0 6fcc8ac 0 0 /tmp/com.adobe.csi.ctrl-CS7-appleuser

6fcc8ac stream 0 0 0 6fcc40c 0 0

6fcc65c stream 0 0 0 6fcc1bc 0 0 /tmp/com.adobe.csi.ctrl-CS7-appleuser

6fcc1bc stream 0 0 0 6fcc65c 0 0

6fcd0c4 stream 0 0 8752a98 0 0 0 /tmp/com.adobe.csi.ctrl-CS7-appleuser

5e1b280 stream 0 0 0 6fcc094 0 0 /var/run/mDNSResponder

6fcc094 stream 0 0 0 5e1b280 0 0

6fcc5c8 stream 0 0 0 6fcc250 0 0 /var/run/mDNSResponder

6fcc250 stream 0 0 0 6fcc5c8 0 0

6fccb90 stream 0 0 0 6fcc378 0 0 /var/run/mDNSResponder

6fcc378 stream 0 0 0 6fccb90 0 0

6fcc534 stream 0 0 0 6fcc4a0 0 0 /var/run/usbmuxd

6fcc4a0 stream 0 0 0 6fcc534 0 0

6fcccb8 stream 0 0 0 6fccd4c 0 0

6fccd4c stream 0 0 0 6fcccb8 0 0

6fcd280 stream 0 0 0 6fcd314 0 0

6fcd314 stream 0 0 0 6fcd280 0 0

6fcd7b4 stream 0 0 80ef818 0 0 0 /var/folders/c6/rrlw1h1j7_58n9r4fmvvs_7m0000gn/T/icssuis501

6fcd43c stream 0 0 0 6fcd848 0 0 /var/run/mDNSResponder

6fcd848 stream 0 0 0 6fcd43c 0

0

6fcd68c stream 0 0 0 6fcd720 0 0 /var/run/mDNSResponder

6fcd720 stream 0 0 0 6fcd68c 0 0

6fcd8dc stream 0 0 0 5e1af08 0 0 /var/run/mDNSResponder

5e1af08 stream 0 0 0 6fcd8dc 0 0

5e1b8dc stream 0 0 0 5dc74a0 0 0 /var/run/mDNSResponder

5dc74a0 stream 0 0 0 5e1b8dc 0 0

5e1ba98 stream 0 0 0 5dc71bc 0 0 /var/run/mDNSResponder

5dc71bc stream 0 0 0 5e1ba98 0 0

58b28dc stream 0 0 0 5e1b4d0 0 0 /tmp/launchd-171.th3aAA/sock

5e1b4d0 stream 0 0 0 58b28dc 0 0

58b1250 stream 0 0 0 5dc8158 0 0

5dc8158 stream 0 0 0 58b1250 0 0

5e1ad4c stream 0 0 0 5dc740c 0 0

5dc740c stream 0 0 0 5e1ad4c 0 0

58b1378 stream 0 0 0 58b2970 0 0

58b2970 stream 0 0 0 58b1378 0 0

5e1bd7c stream 0 0 0 5dc7f08 0 0

5dc7f08 stream 0 0 0 5e1bd7c 0 0

5e1b314 stream 0 0 0 5e1b848 0 0

5e1b848 stream 0 0 0 5e1b314 0 0

5dc7128 stream 0 0 0 5dc8b2c 0 0

5dc8b2c stream 0 0 0 5dc7128 0 0

5e1a000 stream 0 0 7d149d4 0 0 0 /tmp/launch-x5JSTN/org.x:0

58b1000 stream 0 0 7d14afc 0 0 0 /tmp/launch-2aJNXO/Listeners

5dc8ce8 stream 0 0 7d14c24 0 0 0 /tmp/launch-12m7CQ/Apple_Ubiquity_Message

5e1a818 stream 0 0 7d14d4c 0 0 0 /tmp/launch-9hHPIt/Render

5e1a940 stream 0 0 0 5dc7940 0 0

5dc7940 stream 0 0 0 5e1a940 0 0

5dc8d7c stream 0 0 70a28dc 0 0 0 /tmp/launchd-171.th3aAA/sock

Posted on Aug 23, 2013 3:46 PM

Reply
11 replies
User profile for user: g_wolfman
g_wolfman
User level: Level 4
1,137 points

Aug 25, 2013 1:41 PM in response to Goody7

No one is "signed on" or hacking your computer. And nothing in that netstat run is unusual.


Is there some particular reason you think you've been "hacked", or did you just run netstat without understanding what it reports and got worried by the volume of data retunred (in which case I have to wonder why you would run a terminal command you don't understand)?

Reply
User profile for user: Goody7
Goody7 Author
User level: Level 1
15 points

Aug 25, 2013 8:18 PM in response to g_wolfman

No I understand the shell commands. It shows what ip connections are being attempted. I'm just not familiar with how to interpret the data. I just get paranoid lol. Plus my computers is slowing and my activity monitor always shows bursts of activity so I guess I was just being cautious or paranoid. I also don't have a VPN and I really want to get one.

Reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
1,137 points

Aug 26, 2013 5:30 PM in response to Goody7

There are two main classes of connections reported by netstat, Internet and Unix sockets. Internet connections are exactly that; Unix sockets are used by processes to communicate with each other and do not leave the computer.


All of the Internet connections marked CLOSE WAIT are in the process of being torn down. They are all connections to Google...I'd guess you had just closed a web page connected to Gmail or Google Docs, perhaps? The ESTABLISHED connection is to Apple.


The Internet connections whose Foreign Address is *.* are not connections, they are server processes listening for connections from the network. Primarily a Time Server (NTP), Windows file services (NETBIOS) and Bonjour (MDNS).


All normal, even if sharing services are not turned on.


And, without intending to be rude here...if you don't know how to interpret the results of running the command, then you don't really understand the command. At a minimum you should read the man page; if there are still things that are unclear, google it, or ask in the forums. But it's better to ask the right question (how do you interpret the results of running netstat) rather than a more sensational question (am I being hacked). You'll get a better answer with less "noise" in the responses.


In the meantime, you may find this helpful to begin understanding netstat: http://www.unix.com/ip-networking/131165-netstat-output.html

Reply

Want to know if my mac has been hacked or if someone is signed on?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up