Knowledgebase
Knowledgebase
Track outgoing connections using netstat
Posted by Ilya Vasilenko on 08 May 2018 12:20 PM

How to track ONLY outgoing connection to certain ports on Linux machines using Netstat

Sometimes it's required to filter incoming connections and listening ports in netstat output and monitor it continuously.

Below is the example of that:

watch -n5 "netstat -antwe | grep -Ev 'LISTEN|127.0.0.1' | gawk '{ print \$5, \$6, \$7 }' | grep -E ':80|:443'"

Where:

-n5 is refreshing interval, you can increase it if connections disapper too quickly

grep -Ev is excluding pattern from output

gawk's fields $5, $6 and $7 represent netstat fields: Foreign address + port, Connections state, UID of process owner

grep -E includes only ports you are interested in

 

If gawk is not installed, then install using proper command:

yum install gawk # for CentOS

apt-get install gawk # for Ubuntu

pacman -S gwak # on Archlinux

 

(0 vote(s))
Helpful
Not helpful