Every networked system has active processes. Using netstat will help identify active processes along with their process ID, and the description in the task manager can help uncover a potential Trojan.
- [Narrator] Every system that's connected to a network…has active processes.…The operating system keeps track of these active processes…in order to serve the applications.…Netstat is a tool that helps us determine…what is happening on our network…and it gives a lot of statistics,…such as displaying TCP/IP statistics…and details about the connections on a host.…It tells us the port and where the process is running…and what network connections are currently established…for a client.…
There are a lot of options with Netstat.…For example -n lists current connections including…IP addresses and port numbers…- a lists current TCP connections,…all listening TCP and UDP ports…and -o lists the processor identifier for each process…using a connection and information about the connection.…I'm at the command prompt…and I'm going to type netstat…and then a slash with a question mark.…
This tells us all of the switches that Netstat has…so we can see all of the various options.…We can run them individually.…I'll run netstat -ano.…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits