An easy way? Pehaps, but it depends on your own experience with Android penetration testing or relatable systems; Linux. And what level of perinoa you're willing to advance to.
If you're command line savvy then install no-root BusyBox and run netstat -plant with auto sync off on the target device to list the ports and addresses and process IDs that it is listening and connected to. The process IDs can be further investigated by listing their symbolic links with ls -hal /proc/<PID_number>/exe ... However this will not detect all forms of malware, some are better hidden with rootkits or reverse SSH sessions that only activate if the device is in a certain state; nastier still are the ones that fork or take the ID of a legit process. For general security the app Tustable by Bluebox is fairly easy to use for scanning for known exploits on a target device but this and other scanners can really only tell you about known exploits and Bluebox will not even tell you if you're currently being exploited.
For Rooted Android (attacking/sniffing) I like InterceterNG and DSploit for intercepting traffic between another device and it's WiFi access point. However for this to work on cell phones and force all traffic through the WiFi the target should first be put into 'Airplane Mode' and then have it's WiFi turned on. Then fire up interceptor on the attacking Android device and sniff away. WireSkark helps with pcap files but if you just need IPs and packets with time stamp IntercepterNG is great on the go; it'll even try to help strip https.
For on the target device sniffing you could try RRCpacketsniffer and Android IMSI Catcher or Logging Test App all of which have their own nice user interfaces and features to explore. These are good for root but there is also NoRoot Data Firewall which may help with logging dropped packets when nothing should be hitting the network. Also if you have access to the device it is possible to setup a reverse modum USB tether via the Android USB debugging Bridge ADB and have all traffic routed to your PC that the device is plugged into; no root required but nearly the same amount of work to setup.
For Rooted mitigation of security risks on Android targets I like Xprivacy Installer because instead of blocking access to data it can feed junk to advertizing/spyware apps; causes less errors than blocking access on legit apps too. The Xposed framework also has other fun plugins for security on device that can be setup before you think you'll be a target. But is inadvisable if you think the device is already compromised because Xposed gives a lot of control of the system to the system.
If you want full insight into what data is being sent over your target device's radio then RIL the Radio Interface Layer is what you'll want to become more fimilure with here's part one of an artical that'll get you up to speed on the technical. And if you need to capture packets sent over non-WiFi networks (be first aware of legalities of frequency ranges in your area) then SDR a Software Defined Radio maybe what you need as SDR devices can act as a full base station (cell phone tower) and preform full man in the middle attacks on these frequency ranges. It is even possible to use a second Android with a USB attached SDR and some chroot magic to act as a mobile BTS. Put both (target device and SDR antina) into a box that doesn't allow other cell phones to accidentally connect (Faraday Cage) and you'll avoid breaking laws while trying to capture packets of the target. Testing if it's sending packets while on Airplane Mode is also a good sign you've a rouge process
I've tried to list these in the order of easy to harder and only link to information that is a bit harder to find when diving into Android's networking capabilities. Unfortunately the very base of Android's networking has propiotery drivers so for now there will always be a bit of mystery as to what goes on and what vulnerabilities are available. Additionally if the device has been compromised a sufficiently advanced attacker could clone the device's ID (ESN/IMEI/SIM numbers) such that even when the target has switched off or doesn't have network access the cloned device receives the calls and text instead; when the target device is on it's more of a coin-flip's chance on which'll get rung first...
Edit/Updates bellow
On the defencive train of thought:
After doing a bit more testing on my Android devices of apps to restrict network access (fancy GUI'es for iptables) the best one so far is
afwall the source is on github and the interface is easy enough to use with little to no knowlage of iptables. Better still is that the backed up rules can be used as a good study guide for how to effectively use iptables chains and logging features. Though this does not help if the device has already been compermized (nothing can be trusted if it has) from the more devious forms of mobile rootkits.
On the breaking things for your self train of thought;
I've also been preforming some tests using one Android device as a target and another as exploiter a sonopsis of installation and re-configuration can be found at the linked stackoverflow topic. Sufice it to say that where you to have a sufficently edcated attacker infect your device nearly anything within it's network range and anything it becomes pluged into (ie a PC for charging) could then become the next target. While the network bit is old news you may have cause to worry about USB based attacks being used to infect the PC running ADB while preforming your investigations... no knowlage of this link's trustabilaty, but, they do have a BadAndroid .zip for download as well as some documentation on how BadUSB is not a product but a feature that many devices can use to tell the system what you've just plugged in.
I've not seen it in the wield just yet but the potential to have your phone infect your PC is there and the potential to have your phone infect another's phone is also present. Tests so far shows that Metasploit is sluggish but very useable for scripted actions and having logs pushed back to the exploiting device. Some apps even work fine when ports are forwarded correctly for remote file browsing of the target's file system on the Android doing the explotation; got'a love them custom mount points option in fstab. Android devices do well at attacking printers, routers and modums but not so well without backup at attacking resonably secure Linux servers or home PCs, MS-boxes though are very much at the mursy of exploits left un-patched.
When preforming your tests be carefull and consider the PC preforming the tests to be suspect. Consider setting up KVM or firejail ie something to sandbox the USB and ADB and tripwire to monitor both the jailed system and host OS on the PC. Even then you may want to have the host PC on a seperate network and monitored remotly via another device preforming packet capture and or man in the midle attacks. If you plug in your phone and the PC starts trying to make an outgoing SSH connection then you've just won a really advanced set of Malware to study; really any kind of network activity from a PC when a phone is connected should be a very bad sign unless you've setup modum tethering over USB.
News updates
The story as I heard it was that an odd pop-up told it's user to plugin their phone to their computer and (surprise surprise) their computer isn't working so well for them anymore and their phone is still acting funny and not keeping a charge. Seeking a new phone from the store this mobile user was completely baffled and their attending service agent was at a loss for words... hopefully they where told to not plug in their new phone too their old computer when it asks to sync to it.
What was once a known but underutilized attack vector is now in the wild and being used by markers of cross platform malware. Not FUD'ing y'all just keeping readers updated to the possible threats to security when performing evidence gathering over USB.
