[Vol-dev] list open sockets?
Jun Koi
junkoi2004 at gmail.com
Thu Feb 19 01:50:47 CST 2009
On Mon, Feb 16, 2009 at 6:38 PM, Michael Cohen <scudette at gmail.com> wrote:
> Jun,
> What kind of image is this?
My image is created with mdd and win32dd. I run XP-SP2 and XP-SP3.
There is no such a problem on the sample images xp-laptop-*, but only
with the images i created from my Windows machines.
Do you have any idea?
Thanks,
Jun
>
>
> On Mon, Feb 16, 2009 at 8:29 PM, Jun Koi <junkoi2004 at gmail.com> wrote:
>> Hi,
>>
>> I am using Volatility to list the open sockets on my WinXP file image,
>> with command "sockets". It should display all the open sockets, like
>> "netstat -a" does, but it didnt display anything. Is that a bug, or
>> that is the way it supposes to work?
>>
>> I tried with "sockscan" on the same image, and yes, this time it shows
>> a lot of open sockets. The problem is that this command is really
>> slow: it took a minute or so on a 400MB image.
>>
>> Meanwhile, "sockscan2" is a lot faster: it returns information almost
>> immediately.
>>
>> "connections", "connscan" and "connscan2" shows nothing. is that expected??
>>
>> I suppose that "connections" and "sockets" are about the same thing.
>> is that correct?
>>
>> Thanks,
>> Jun
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev at volatilesystems.com
>> http://lists.volatilesystems.com/mailman/listinfo/vol-dev
>>
>
More information about the Vol-dev
mailing list