netstat. For example
$ netstat -nputw Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name [...] tcp 0 0 192.168.25.222:22 192.168.0.134:42903 ESTABLISHED 32663/sshd: gert [p
lists all UDP (
u), TCP (
t) and RAW (
w) outgoing connections (not using
a) in a numeric form (
n, prevents possible long-running DNS queries) and includes the program (
p) associated with that.
Consider adding the
c option to get output being updated continuously.
I’ve tried a bunch of tools, including
iptraf, and of course the very useful built-in
netstat -tupln (supported options are OS-dependent), but the most practical for my use case turned out to be
nethogs – it aggregates connections by the originating app, and is the least noisy of all.
sudo apt-get install nethogs
Run as root:
If your goal is to just see all TCP connections initiated by any app then you could use:
sudo tcpdump -i lo -A | grep Host:
If you just want to just log every connection attempt, the easiest is probably
LOG target on Linux (or the equivalent firewall logging feature on your system).
If you need more information like duration of the connection and amount of data exchanged in both directions, then
conntrackd (on Linux) is probably the best option.
However note that those two above only log the traffic that goes through netfilter, which is generally all the traffic but doesn’t account traffic generated with IP stacks in user space (like virtual machines or anything using raw sockets) or bridged traffic.
For more general solutions, you can have a look at things like
ntop that log all sorts of information based on traffic they sniff on an interface.