[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vol-dev
Subject:    [Vol-dev] list open sockets?
From:       junkoi2004 () gmail ! com (Jun Koi)
Date:       2009-02-18 23:47:17
Message-ID: fdaac4d50902182350v79bfd78fv83b69bd9a6a0069e () mail ! gmail ! com
[Download RAW message or body]

On Mon, Feb 16, 2009 at 6:38 PM, Michael Cohen <scudette@gmail.com> wrote:
> Jun,
>  What kind of image is this?

My image is created with mdd and win32dd. I run XP-SP2 and XP-SP3.

There is no such a problem on the sample images xp-laptop-*, but only
with the images i created from my Windows machines.

Do you have any idea?

Thanks,
Jun


>
>
> On Mon, Feb 16, 2009 at 8:29 PM, Jun Koi <junkoi2004@gmail.com> wrote:
>> Hi,
>>
>> I am using Volatility to list the open sockets on my WinXP file image,
>> with command "sockets". It should display all the open sockets, like
>> "netstat -a" does, but it didnt display anything. Is that a bug, or
>> that is the way it supposes to work?
>>
>> I tried with "sockscan" on the same image, and yes, this time it shows
>> a lot of open sockets. The problem is that this command is really
>> slow: it took a minute or so on a 400MB image.
>>
>> Meanwhile, "sockscan2" is a lot faster: it returns information almost
>> immediately.
>>
>> "connections", "connscan" and "connscan2" shows nothing. is that expected??
>>
>> I suppose that "connections" and "sockets" are about the same thing.
>> is that correct?
>>
>> Thanks,
>> Jun
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev@volatilesystems.com
>> http://lists.volatilesystems.com/mailman/listinfo/vol-dev
>>
>

[prev in list] [next in list] [prev in thread] [next in thread]