Contents x
    Network
    • 06 Jul 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Network

    • Updated on 06 Jul 2023
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article Summary

    dns_resolve

    Cause the sensor to do a network resolution.
    Mainly used for internal purposes.

    Platforms: Windows, Linux, MacOS, Chrome

    usage: dns_resolve [-h] domain

positional arguments:
  domain      domain name to resolve

    netstat

    List network connections and sockets listening.

    Platforms:

    usage: netstat [-h]

    Output:

    {
  "FRIENDLY": 0,
  "NETWORK_ACTIVITY": [
    {
      "DESTINATION": {
        "IP_ADDRESS": "0.0.0.0",
        "PORT": 0
      },
      "PROCESS_ID": 716,
      "PROTOCOL": "tcp4",
      "SOURCE": {
        "IP_ADDRESS": "0.0.0.0",
        "PORT": 135
      },
      "STATE": 2
    },
    {
      ...
    }
  ]
}

    Netstat STATE fields can be mapped via the Windows MIB_TCP_STATE table, found here.

    StateValue
    1CLOSED
    2LISTEN
    3SYN-SENT
    4SYN-RECEIVED
    5ESTABLISHED
    6FIN-WAIT-1
    7FIN-WAIT-2
    8CLOSE-WAIT
    9CLOSING
    10LAST-ACK
    11TIME-WAIT
    12DELETE TCB

    pcap_ifaces

    List the network interfaces available for capture on a host.

    Was this article helpful?
    What's Next