1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Incident Response, netstat & tcpdump

Discussion in 'Networking' started by lunarlander, May 24, 2015.

Thread Status:
Not open for further replies.
  1. lunarlander

    lunarlander Thread Starter

    Sep 21, 2007

    One of things I was told to do during incident response is to match up netstat vs tcpdump; internal vs external observations. Is there a program to do continuous netstats showing the time ?

    Also, I know I can do a tcpdump capture. But isn't capturing Netflow better? Netflow would consume less disk space, isnt that true?
    Last edited: May 24, 2015
  2. kanaitpro

    kanaitpro Account Closed

    Feb 13, 2013
    i wrote a batch file to do continuous netstats, you should be able to modify it and show the time. thing is, i did that suspecting there was malware communicating on a box, not sure if it would help at all after the fact. i actually recorded the video of this talk at bsides knoxville, you should watch it and imitate his setup. i can't wait to get some time to try some of this on my own. here is the batch file if you want, probably not going to help much.

    @echo off

    netstat -a -n 60 >> netstat.txt

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148721

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice