I'm looking for a tool that will enumerate the IP addresses that a system is connecting to. This is mainly for forensic purposes, to gather IOCs. I know we can run a netstat on windows, but would like something that is comprehensive and reports all processes (hidden, system, etc.)
Asked
Active
Viewed 465 times
0
-
2Netstat is not processed-based, it does not matter if a process is hidden. It can list all connections. – Overmind Apr 24 '19 at 06:19
-
What about connections going through a proxy or a NAT, will it list the destination IP or my internal proxy server IP? – Anup Michael Salve Apr 24 '19 at 07:23
-
1It does not matter where they do through as longs as they exist. – Overmind Apr 24 '19 at 07:48
-
2To answer this question, we need more information. What exactly is the situation? Are you working on a RAM-dump? A live system? If so, what operating system? As it stands now, your question is too broad. Please [edit] your question to add all the relevant information. – Apr 24 '19 at 08:05
-
It will list the addresses that your machine has a connection to, e.g. a proxy. The forwarding of traffic happens in the proxy, not your PC (that would make a proxy pointless). Ultimately if you're in doubt it's comparably cheap to format your machine and start over. – Birb Apr 24 '19 at 08:06
-
I will be working with a memory dump or an image of the OS – Anup Michael Salve Apr 25 '19 at 08:28
2 Answers
1
In Linux you can use netstat -ptan and if you don't have netstat you can use ss -neopa
and if you are connected to a server trough a proxy you will not see the ip address of that server is connected to which process.
Rasool Ziafaty
- 126
- 4
