Log All Outgoing Connections

I need to know what external connections (WAN) a server is using over a period of a day. I thought of using Wireshark or netstat >textfile or even windows firewall but am not sure how the best way would be. Once I have a days worth I can then create static routes for these connections and remove the default gateway to restrict the servers outbound connections.
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
You can certainly use
netstat -abnt 10 |findstr /rv | findstr ESTABLISHED >somefile.txt
 to query netstat every 10 seconds breaking down ip:port. Creating static routes and removing the gateway are not how you would allow/restrict access to these sites. Wireshark may better suited for the task as you can use better expressions to filter what you want to capture.

You can use a wireshark capture filter of:
tcp or udp and not dst net
if your network is using 10.x.x.x, or if your using that rfc1918 subnet.
QlemoConnect With a Mentor Batchelor and DeveloperCommented:
To deny/allow traffic you usually configure the integrated firewall. And even that will not help you much when you allow only based on IP address, as IP addresses might change (eg. automated update services use akamai servers, which are *a lot*). You will need to allow all traffic from particular services and executables for that reason.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.