Monitoring outbound connections
I wanted to verify that certain code is in fact opening outbound connections. Netstat was the first thing to come to mind, and certainly if you know how to use it, it’s up to almost any task. I did face some hurdles though:
Having an active OpenVPN tunnel
The connection I was searching for just didn’t exist. I logged everything to a file using
$ netstat -c >> netlog
while opening the connection and verifying through other means (described below) that it was open, but nothing. A mystery to be solved another day..
Netstat host resolving
After closing the VPN connection, I could spot what I was looking for, though searching either by full IP or hostname wouldn’t have worked:
$ netstat -tc | grep '194'
tcp 0 0 vambo-ZBook.lan:50708 host-194-242-109-:https TIME_WAIT
I am sure displaying only the first 3 bytes of the IP prefixed by ‘host-‘ and separated by dashes makes sense for someone, but as of now that someone ain’t me.
What works
Luckily, to disable the reverse DNS lookup, there is a -n
flag available.
$ netstat -ntc | grep '194.242.109.182'
tcp 0 0 192.168.1.110:49844 194.242.109.182:443 TIME_WAIT
Voila!
Just for the record, the other flags are -t
for TCP traffic, and -c
for continuous polling.
An easier path
I did discover a great tool called nethogs though, which worked perfectly right out of the box. On Ubuntu it’s as easy as
sudo apt-get nethogs
sudo nethogs
and even with VPN connected I saw the IP I was looking for.
The output looks like this:
NetHogs version 0.8.1
PID USER PROGRAM DEV SENT RECEIVED
3480 vambo /usr/lib/slack/slack --disable-gpu eth0 0.071 1.345 KB/sec
2249 www-data /usr/sbin/apache2 eth0 0.000 0.000 KB/sec
? root 192.168.1.110:52438-194.242.109.182:443 0.000 0.000 KB/sec
3079 vambo skype eth0 0.000 0.000 KB/sec
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 0.174 1.473 KB/sec
PS As my colleague pointed out during lunchbreak, another way to accomplish this would be to set up a server, point the calls to it, and check the access log. A bit more fool-proof perhaps, but at the same time more work I think. I like to ideally have a tool in my arsenal which I can turn to quickly, and I think nethogs is a nice addition to it.