Score:0

How to find a malicious TCP program using netstat

fr flag

I am trying to do a homework for a lab but have a quick question.

How do I find a malicious TCP service that is still running and the adversary has achieved persistence by creating a systemd service?

I think I have to use netstat to find the name of the malicious TCP service, but what command should I use to find that service?

Thank You

Score:1
ng flag

netstat -tlape

running this will show all (-a) processes (-p) currently listening (-l) on a TCP port (-t) with extended information (-e)

note(s):

  • you need to run this via sudo to see everything on the system.

  • use linux man pages when you're not sure how a program operates. in this instance you would type man netstat to learn more about the netstat command. to search within the man pages, press / and enter a <search term> then press enter to find the results. n will cycle forward while N cycles backwards.

joeqwerty avatar
cv flag
+1. This is a good answer on the use of nestat, but as I stated in my answer, netstat can't tell you which process is malicious.
walder avatar
ng flag
> "I think I have to use netstat to find the name of the malicious TCP service, but what command should I use to find that service?" -- i believe i answered OP's question as stated above with my answer.
Score:0
cv flag

Netstat can show you the owning process, but it can't tell you if that process is malicious. Netstat on it's own cannot give you what you're looking for.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.