On Mac OS X how can I monitor what is using my internet connection?

"Little Snitch lets you grant Internet access to programs selectively, so you can decide what port numbers and hostnames an app is allowed to talk to.

It is a very handy personal firewall, and one of the first thing I'd install on a new Mac. Preventing apps from phoning home or doing whatever on the Internet can be crucial for the privacy-minded."

"You can get part of the way there with the following command run from inside a terminal:

sudo lsof |grep TCP | grep ESTAB

This will list all the open TCP connections. The first column will list the applications that are making the connection, so you might be able to figure out which is the likely culprit. An example couple lines of output might look like:

ssh 10099 tim 21u IPv4 0x1164766c 0t0 TCP 10.0.52.158:61830->home:ssh (ESTABLISHED)
Mail 13216 tim 23u IPv4 0x11660270 0t0 TCP 10.0.52.158:57696->##.##.##.##:imaps (ESTABLISHED)

So I can see that both Mail and ssh are using connections. If the solution isn't obvious from this, you can use dtrace to get some more details. Specifically, check out DTrace Tools, some of which are already installed on your Mac under /usr/bin:

bitesize.d cpuwalk.d creatbyproc.d dappprof dapptrace diskhits dispqlen.d dtruss errinfo execsnoop fddist filebyproc.d hotspot.d httpdstat.d iodbctest iodbctestw iofile.d iofileb.d iopattern iopending iosnoop iotop kill.d lastwords loads.d newproc.d opensnoop otool pathopens.d pidpersec.d plockstat priclass.d pridist.d procsystime runocc.d rwbypid.d rwbytype.d rwsnoop sampleproc seeksize.d setuids.d sigdist.d syscallbypid.d syscallbyproc.d syscallbysysc.d topsyscall topsysproc weblatency.d

I think the one you want for your situation is probably either tcpsnoop or tcptop, which do not seem to be available on the Mac by default, which makes me wonder if there were some porting issues."