How to find a malicious TCP program using netstat

beveragerocks

10/4/23, 4:22 AM

I am trying to do a homework for a lab but have a quick question.

How do I find a malicious TCP service that is still running and the adversary has achieved persistence by creating a systemd service?

I think I have to use netstat to find the name of the malicious TCP service, but what command should I use to find that service?

Thank You

0 + 0

linux

netstat

Score:1

Server

walder

10/4/23, 5:19 AM

netstat -tlape

running this will show all (-a) processes (-p) currently listening (-l) on a TCP port (-t) with extended information (-e)

note(s):

you need to run this via sudo to see everything on the system.
use linux man pages when you're not sure how a program operates. in this instance you would type man netstat to learn more about the netstat command. to search within the man pages, press / and enter a <search term> then press enter to find the results. n will cycle forward while N cycles backwards.

0 + 0

joeqwerty

10/4/23, 4:38 PM

+1. This is a good answer on the use of nestat, but as I stated in my answer, netstat can't tell you which process is malicious.

walder

10/4/23, 10:42 PM

> "I think I have to use netstat to find the name of the malicious TCP service, but what command should I use to find that service?" -- i believe i answered OP's question as stated above with my answer.

Score:0

Server

joeqwerty

10/4/23, 4:43 AM

Netstat can show you the owning process, but it can't tell you if that process is malicious. Netstat on it's own cannot give you what you're looking for.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to find a malicious TCP program using netstat

TH: วิธีค้นหาโปรแกรม TCP ที่เป็นอันตรายโดยใช้ netstat

RO: Cum să găsiți un program TCP rău intenționat folosind netstat

RU: Как найти вредоносную программу TCP с помощью netstat

VI: Cách tìm chương trình TCP độc hại bằng netstat

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.