0

I'm monitoring suspicious incoming connections using

sudo watch -n 30 "netstat -antp"

which provides more information than I need, so based on the answer I found here, I've tried to simplify the output by displaying only the PID/program name columns but when I type the following command

sudo watch -n 30 "netstat -antp | awk '{print $7}' | cut -d: -f1 | sort | uniq -c | sort -n"

I get the following output:

1                 <------ *1
1 1067/containerd
1 1662/dnsmasq
1 5131/whatsdesk
1 911/systemd-resolve
1 Remoto          <------ *2
2 1059/cupsd
2 1/init
2 2203/core
6 4806/chrome

Some of the outputs are not displayed, like *1 while others don't show the PID/program name but "Remote (remote)" instead like *2. As I'm doing this for security purposes, I'm highly interested in processes started remotely, so, why does this happen when the full output provides all the required information? And more importantly, how do I change my command to get the complete simplified output?

Thanks in advance.

Improve this question
3
  • Perhaps use Wireshark instead for what you wish to do.
    – anon
    Commented Oct 8, 2022 at 16:46
  • What do these funny connections look like in the unprocessed original output?
    – harrymc
    Commented Oct 8, 2022 at 19:21
  • Probably I would be able to solve it using wireshark, but the idea is to have a small window console in my working space all the time, that's why I'm using netstat. The regular output looks like this: ibb.co/kX9Lwpw
    – marcusdavanco
    Commented Oct 8, 2022 at 19:46

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .