MENU
      Contents x
      Network
      • 14 Feb 2024
      • 1 Minute to read
      • Print
      • Dark
      Contents
        This documentation version is deprecated, please click here for the latest version.

      Network

      • Updated on 14 Feb 2024
      • 1 Minute to read
      • Print
      • Dark
      Article summary

      dns_resolve

      Cause the sensor to do a network resolution. Mainly used for internal purposes. An error code of 0 indicates a successful command.

      Platforms:

      Usage:

      dns_resolve [-h] domain

positional arguments:
  domain      domain name to resolve
      Plain text

      Sample Output:

      {
   "ERROR" : 0
}
      JSON

      You wll also see a corresponding DNS_REQUEST event in the Sensor timeline.

      Sample DNS_REQUEST Event:

      {
  "DNS_TYPE": 1,
  "DOMAIN_NAME": "www.google.com",
  "IP_ADDRESS": "142.251.116.105",
  "MESSAGE_ID": 30183
}
      JSON

      netstat

      List network connections and sockets listening.

      Platforms:

      Usage:

      netstat [-h]
      Plain text

      Sample Output:

      {
  "FRIENDLY": 0,
  "NETWORK_ACTIVITY": [
    {
      "DESTINATION": {
        "IP_ADDRESS": "0.0.0.0",
        "PORT": 0
      },
      "PROCESS_ID": 716,
      "PROTOCOL": "tcp4",
      "SOURCE": {
        "IP_ADDRESS": "0.0.0.0",
        "PORT": 135
      },
      "STATE": 2
    },
    {
      ...
    }
  ]
}
      JSON

      Netstat STATE fields can be mapped via the Windows MIB_TCP_STATE table, found here.

      StateValue
      1CLOSED
      2LISTEN
      3SYN-SENT
      4SYN-RECEIVED
      5ESTABLISHED
      6FIN-WAIT-1
      7FIN-WAIT-2
      8CLOSE-WAIT
      9CLOSING
      10LAST-ACK
      11TIME-WAIT
      12DELETE TCB

      pcap_ifaces

      List the network interfaces available for capture on a host.

      Platforms:

      Usage:

      pcap_ifaces [-h]
      Plain text

      Sample Output:

      {
  "INTERFACE": [
    {
      "IPV4": [
        "10.128.15.198"
      ],
      "IPV6": [
        "fe80::4001:aff:fe80:fc6"
      ],
      "NAME": "ens4"
    },
    {
      "IPV4": [
        "127.0.0.1"
      ],
      "IPV6": [
        "::1"
      ],
      "NAME": "lo"
    },
    {
      "IPV4": [],
      "IPV6": [],
      "NAME": "any"
    },
    {
      "IPV4": [],
      "IPV6": [],
      "NAME": "nflog"
    },
    {
      "IPV4": [],
      "IPV6": [],
      "NAME": "nfqueue"
    }
  ]
}
      JSON
      Was this article helpful?
      What's Next