How Do I See Outbound Connections From My Server?

Netstat to the rescue! First off, I’m going to assume you are using a Linux-based operating system on your server. While Windows servers also have a netstat tool, the arguments/options are all different (look for the link below for documentation).

netstat

The netstat tool will print network connection information and the output is highly customizable. For this specific example, we only want to see outbound connections from the server:

$ netstat -nputw
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[…]
tcp 0 0 192.168.0.17:22 192.168.0.134:41903 ESTABLISHED 17760/sshd: host [p

Let’s explore what we did here. The n will cause numeric IP addresses to list to prevent long DNS queries, p will add the program being executed, u will show UDP connections, t for TCP connections, and lastly w for RAW connections.

An important caveat to remember here is that netstat polls the server when its run to show you connections at that specific time. It doesn’t update in real-time, constantly updating so you may not see every connection if it started after you ran the command or terminated before you hit enter.

If you want netstat to run continuously (every few seconds) you can add a c to the list of options. You will still only see point-in-time connections as this still won’t be a constant real-time list.

Learn more about what you can do with netstat by reading it’s man page. If you’re looking for how to do this on a Windows server check out the doc from Microsoft.