Apple - Unkown process listening at port 8080

I noticed this very problem on my Macbook. I was trying to use port 8080 for some testing and I received the error that another process was already listening on it. My invocation of nmap returned different results depending on whether I was using sudo or not. This did not make sense to me.

I was really concerned when I could not figure out what was processes were listening on these ports using sudo lsof -P -n -iTCP | grep LIST. This led me to believe that there was malicious software intentionally hiding itself.

I ended up removing files from /Library/LaunchDaemons/ until I narrowed it down to the culprit. The application responsible for all these opened ports was the Cisco AnyConnect Secure Mobile Client. Unfortunately, in order for this Cisco VPN client to work, it must have all these ports opened. Apparently, it is also responsible for the firewall rule addition that you reported with ipfw show.

It still boggles my mind why it does not show which process is responsible for the open ports when using lsof. No application should be able to avoid being listed using this method. Perhaps the reason for the process not being listed will be answered in another stackexchange question.

I ran into this problem this morning, complained on Twitter, and was told that the problem has been fixed in recent versions of Any Connect. I upgraded to the new version, and I no longer have a mystery process binding to port 8080. So good so far.