* CREATED BY DISRUPTION *
--------------------------
In this tutorial I will be discussing Netstat Commands.
You are probably wondering what Netstat commands are right?
Well Netstat Commands are types of commands that allow the user to see certain things like:
* TCP and UDP Connections
* Connections To The Internet
* Ability to Identify a RAT
To locate a list of all these netstat commands you can visit the following site:
http://commandwindows.com/netstat.htm
Now in this next step, I will show you how to identify a RAT with Netstat.
This will be my canned speech to a user:
Hi (User),
I noticed some suspicious activity in your Running Processes. I would like to gather more information so I am going to need to do a few steps.
Pre-Step:
Please open the following items:
Command Prompts (Start/Run/cmd or Start/Accessories/Command Prompts)
Task Manager ( Right click taskbar;Start Task Manager)
Step1:
In this step we are going to be using a Netstat Command.
Steps of Usage:
* Type "netstat -a" into command prompts
* Leave this open until prompt to close
Step 2: While having Command Prompts Open, Please open Task Manager. Also once open, please click the tab "View" and click "select columns".
Mark the first thing "PID" aka Process Identifier.
Step 3: Now compare each by looking at the PID in Taskmanager and look at the information or Numbers after the local IP Address in Command Prompts and compare them.
In your next post please provide a picture with the TaskManager and Command prompt.
Now as you can see I am comparing to identify the processes match the CMD.
Now if there were certain infections that were connecting to the internet, we could assume it's a rat.
Now next time I will explain some more about Netstat.
-Disruption
-----------------------------------------------------------------------------------
--------------------------
In this tutorial I will be discussing Netstat Commands.
You are probably wondering what Netstat commands are right?
Well Netstat Commands are types of commands that allow the user to see certain things like:
* TCP and UDP Connections
* Connections To The Internet
* Ability to Identify a RAT
To locate a list of all these netstat commands you can visit the following site:
http://commandwindows.com/netstat.htm
Now in this next step, I will show you how to identify a RAT with Netstat.
This will be my canned speech to a user:
Hi (User),
I noticed some suspicious activity in your Running Processes. I would like to gather more information so I am going to need to do a few steps.
Pre-Step:
Please open the following items:
Command Prompts (Start/Run/cmd or Start/Accessories/Command Prompts)
Task Manager ( Right click taskbar;Start Task Manager)
Step1:
In this step we are going to be using a Netstat Command.
Steps of Usage:
* Type "netstat -a" into command prompts
* Leave this open until prompt to close
Step 2: While having Command Prompts Open, Please open Task Manager. Also once open, please click the tab "View" and click "select columns".
Mark the first thing "PID" aka Process Identifier.
Step 3: Now compare each by looking at the PID in Taskmanager and look at the information or Numbers after the local IP Address in Command Prompts and compare them.
In your next post please provide a picture with the TaskManager and Command prompt.
Now as you can see I am comparing to identify the processes match the CMD.
Now if there were certain infections that were connecting to the internet, we could assume it's a rat.
Now next time I will explain some more about Netstat.
-Disruption
-----------------------------------------------------------------------------------