I'm monitoring suspicious incoming connections using
sudo watch -n 30 "netstat -antp"
which provides more information than I need, so based on the answer I found here, I've tried to simplify the output by displaying only the PID/program name columns but when I type the following command
sudo watch -n 30 "netstat -antp | awk '{print $7}' | cut -d: -f1 | sort | uniq -c | sort -n"
I get the following output:
1 <------ *1
1 1067/containerd
1 1662/dnsmasq
1 5131/whatsdesk
1 911/systemd-resolve
1 Remoto <------ *2
2 1059/cupsd
2 1/init
2 2203/core
6 4806/chrome
Some of the outputs are not displayed, like *1 while others don't show the PID/program name but "Remote (remote)" instead like *2. As I'm doing this for security purposes, I'm highly interested in processes started remotely, so, why does this happen when the full output provides all the required information? And more importantly, how do I change my command to get the complete simplified output?
Thanks in advance.