My ubuntu server is infected and there is a process making a bunch of HTTP requests to a bunch of websites (sucks!). I have added the following to my firewall (UFW):
sudo ufw deny out proto tcp to any port 1:65535
To Action From
-- ------ ----
1:65535/tcp DENY OUT Anywhere
Now I would like to use netstat to list only OUTBOUND tcp connections, not inbound. How can I do that?
Best Answer
If you only want outbound tcp connections, I think you can use
netstat -atn | tr -s ' '| cut -f5 -d ' ' | grep -v '127.0.0.1'
That will show all connections whose destination is not your localhost. You can add your internal ip, say
netstat -atn | tr -s ' '| cut -f5 -d ' ' | grep -v '127.0.0.1\|192.168.0.15'