search

volatilityfoundation / volatility3

Volatility 3.0 development
http://volatilityfoundation.org/
Other
2.61k stars 447 forks source link

Linux Network Connection Analysis #1163

Closed Dimefront-5 closed 4 months ago

Dimefront-5 commented 4 months ago

Is your feature request related to a problem? Please describe. Being able to examine network connections in a linux memory file

Describe the solution you'd like A plugin like netstat and netscan developed to work for linux memory files

Describe alternatives you've considered N/A

Maybe I am missing it somewhere but I don't see a way to examine network connections for linux memory files, I think this is very needed.

gcmoreira commented 4 months ago

https://volatility3.readthedocs.io/en/stable/volatility3.plugins.linux.sockstat.html

sockstat

:)

ikelos commented 4 months ago

I'm going to mark this as closed, but please feel free to reopen if the linux.sockstat plugin doesn't do what you're after...

gcmoreira commented 4 months ago

Hey @Dimefront-5 , forgot to mention, re: netstat there's also an amazing contribution from @eve-mem which is called sockscan and is built on top of sockstat ... it's awaiting review but I guess it will be available soon.

Feel free to use the sockscan plugin from the pull request and provide @eve-mem with some feedback. It would be much appreciated . In doing so, you'll be supporting both the author and this project.