If a process makes a short connection and then terminates it (like, for instance, a program "phoning home")

Most of these programs creates a TCP connection to guarantee the information will arrive to 'home'. If this is the case, then the netstat command will be your best friend, because all closed TCP connection keep for a small or a bit longer time at TIME_WAIT state, and netstat --inet -n lists these connections (and currently opened ones, too).

If you are not lucky and that sneaky process uses UDP connection or you want to monitor the traffic for a longer period, then you have to monitor the complete network traffic of the machine with tools like TCPDump or IPTraf. IPTraf is more simple, because it records only IP addresses and ports, TCPDump is a more advanced tool (despite its name, it can monitor UDP and ICMP traffic too) and it records all network traffic.

I haven't tried it, but have you considered using iptables with a LOG target on the output chain?

Something like the following (untested, but gets the gist across).

iptables -I OUTPUT ! -i lo -p tcp --syn -j LOG --log-prefix 'New TCP'
iptables -I OUTPUT ! -i lo -p udp -m state --state NEW -j LOG --log-prefix 'New UDP'

This will log once for each TCP connection, and once for each new UDP session, excluding the loopback interface, which seems to be roughly what you are asking for. You can then grep your system logs to find out after the fact which outgoing connections have been made.

However, it won't (and I don't think plain iptables can) tell you which application initiated the connection, and you will get tons of logs from this which will likely mostly be of no use (because the number of legitimate connections made will certainly dwarf any phoning-home done).

You need to listen more then 65000 ports. Only network sniffer of firewall can do it. Just configure correct filter (for new connection requests) for sniffer or firewall log rules.