-
-
Notifications
You must be signed in to change notification settings - Fork 412
FS_SysInfo_Network
The directory sysinfo/net exists as a sub-directory to the file system root.
The directory contains networking related information.
The files in the sysinfo/net directory are listed in the table below:
File | Description |
---|---|
net/netstat.txt | Netstat list of TCP connections. |
net/netstat-v.txt | Netstat verbose version - also list time, kernel object address and process image path. |
Files in the sysinfo/net directory are read-only.
The file net/netstat.txt contains a listing of active TCP connections similar to netstat -ano.
TCPv4 10.8.0.101:53176 10.8.0.5:445 ESTABLISHED 4 System
TCPv4 127.0.0.1:58326 127.0.0.1:58325 ESTABLISHED 2936 firefox.exe
TCPv4 10.8.0.101:57372 40.67.251.132:443 ESTABLISHED 3796 svchost.exe
TCPv4 10.8.0.101:58523 169.254.164.112:7680 SYN_SENT 4192 svchost.exe
TCPv6 [::1]:58228 [::1]:28473 ESTABLISHED 10416 MemProcFS.exe
TCPv6 [::1]:58231 [::1]:28473 ESTABLISHED 10416 MemProcFS.exe
TCPv4 10.8.0.101:57644 13.93.117.220:443 ESTABLISHED 11824 vsls-agent.exe
TCPv4 127.0.0.1:57949 127.0.0.1:57950 ESTABLISHED 13192 firefox.exe
TCPv6 [::1]:28473 [::1]:58231 ESTABLISHED 17180 leechagent.exe
TCPv6 [::1]:28473 [::1]:58228 ESTABLISHED 17180 leechagent.exe
...
The example shows the sysinfo/net directory and the ordinary non-verbose networking information.
The sysinfo/net sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file m_sysinfo_net.c in the vmm project.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖