Network
- 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Network
- Updated on 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
NETSTAT_REP
Response from a netstat command to list active network sockets.
Platforms:
Sample Event:
{
"FRIENDLY": 0,
"NETWORK_ACTIVITY": [
{
"DESTINATION": {
"IP_ADDRESS": "0.0.0.0",
"PORT": 0
},
"PROCESS_ID": 856,
"PROTOCOL": "tcp4",
"SOURCE": {
"IP_ADDRESS": "0.0.0.0",
"PORT": 135
},
"STATE": 2
},
{
"DESTINATION": {
"IP_ADDRESS": "0.0.0.0",
"PORT": 0
},
"PROCESS_ID": 4,
"PROTOCOL": "tcp4",
"SOURCE": {
"IP_ADDRESS": "10.128.15.197",
"PORT": 139
},
"STATE": 2
}
{ ... } , { ... }
]
}
PCAP_LIST_INTERFACES_REP
Response from a pcap_ifaces request.
Platforms:
Sample Event:
{
"INTERFACE": [
{
"IPV4": [
"10.128.15.198"
],
"IPV6": [
"fe80::4001:aff:fe80:fc6"
],
"NAME": "ens4"
},
{
"IPV4": [
"127.0.0.1"
],
"IPV6": [
"::1"
],
"NAME": "lo"
},
{
"IPV4": [],
"IPV6": [],
"NAME": "any"
},
{
"IPV4": [],
"IPV6": [],
"NAME": "nflog"
},
{
"IPV4": [],
"IPV6": [],
"NAME": "nfqueue"
}
]
}
Was this article helpful?