I had the recent unforunate occurence of having my machine hacked into. And no, it wasn't a security hole, but simply a really weak password that was compromised through a brute-force ssh attack. During my audit/clean-up, I was trying to figure out what all the attacker may have installed, since I initially found a shellbot perl script running under the compromised account.
When a machine is compromised, you want to see what servers it may have installed, listening on your system. To do this, you need to "identify" all of the processes running servers. Normally you do this with fuser or netstat -nlp. Unfortunately, neither work on OS X.
I finally figured out how to do this, and just wanted to post it online so others searching could find it. In Terminal, just run this command:
lsof -i | grep LISTEN
This will list all processes that are listening on your machine. That's it!
Mac OS X Hints
http://hints.macworld.com/article.php?story=20070425165628961