Fortunately the Mac world doesn't see as much of this as the poor Windows users do, but any application can open up a connection back to its home base. That may be for legitimate reasons, but "phoning home" can have its darker side.
You can see what's happening with your internet connections by using "lsof":
$ lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME firefox-b 935 apl 9u IPv4 0x02cff7d4 0t0 TCP 10.1.3.203:60047->188.8.131.52:http (ESTABLISHED) firefox-b 935 apl 43u IPv4 0x0288d50c 0t0 TCP 10.1.3.203:57001->94.70-84-79.reverse.theplanet.com:http (CLOSED) firefox-b 935 apl 50u IPv4 0x0288ef58 0t0 TCP localhost:51780->localhost:51779 (TIME_WAIT) firefox-b 935 apl 52u IPv4 0x02d00098 0t0 TCP 10.1.3.203:60119->184.108.40.206:http (ESTABLISHED) firefox-b 935 apl 54u IPv4 0x02cb4c48 0t0 TCP 10.1.3.203:60121->220.127.116.11:http (ESTABLISHED) firefox-b 935 apl 57u IPv4 0x02d0150c 0t0 TCP 10.1.3.203:60129->18.104.22.168:http (ESTABLISHED) pipedaemo 1026 apl 4u IPv4 0x019f77f8 0t0 TCP *:9502 (LISTEN) ssh 4490 apl 3u IPv4 0x02cb9ac0 0t0 TCP 10.1.3.203:59733->10.1.3.205:ssh (ESTABLISHED) ssh 11900 apl 3u IPv4 0x02cb4f34 0t0 TCP 10.1.3.203:60114->unixish.com:ssh (ESTABLISHED)
Firefox has a few pages open and I have an ssh to another machine. Nothing to be concerned about here. But I'm not watching "lsof" all day long, so that's where a really good firewall good help. The built in Mac firewall could do this (though not from the GUI interface), as could a number of commercial external firewalls, but neither of those are convenient. Little Snitch from Objective Development ($ 24.95) is a GUI port blocker that can prevent undesired chats with other servers.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2011-03-18 Tony Lawrence
Technology is both a tool for helping humans and for destroying them. This is the paradox of our times which we're compelled to face. (Frank Herbert)