Hunting iTunes Shares

The scenario: a new iTunes share has just turned up on your network. It's full of good tunes, and you want to know whose it is, so you can hit them up for MP3s/a beer/a date/other. But! Rather than sticking with the default 'Foo's Music' name, they've called it something clever. What now?


  1. Connect to the share with iTunes
  2. ps -x | grep iTunes gets you the PID of your iTunes
  3. lsof -a -i -p $itunes_pid gets you all the sockets that iTunes has open
  4. Look for a server socket - it'll say something like *:3689 (LISTEN) in the name column; the number after the colon is your iTunes server port number
  5. Look again for outbound client sockets - these look like> (ESTABLISHED), where the number after the colon after your name (the port number for your endpoint of the socket) is NOT your iTunes server port number; there may be a number of such sockets, but there will be only one remote host address to which you have two connections - that's the machine you're listening to
  6. Is the address enough to figure out whose machine it is?
  7. If not, you need to map the IP address to an AppleTalk machine name, which usually pretty revealing
  8. arp -a | grep $remote_host_addr will get you the ethernet address (if you're on the same ethernet is it)
  9. ???
  10. Profit!

There's probably a much easier way to do all this, but i haven't yet figured it out.