unhide — forensic tool to find hidden processes
http://www.unhide-forensics.info/
用法 : unhide proc | sys | brute
The proc technique consists of comparing /proc with the output of /bin/ps.
The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
The brute technique consists of bruteforcing the all process IDs.
centos 5.x 可以yum 安裝
unhide 另一工具是 unhide-tcp ,找 tcp/udp port 的
找出來的port,可以再用
netstat -tulpn | grep 1111 及 ss -l | grep 1111 查詢
ss是iproute套件裡的東西,用來找 tcp / udp network 及 socket 資訊
ss -s 顯示summary
ss -l 列出listen的socket
ss -lp 列出 process使用的socket (排板怎麼感覺亂亂的)
ss -t -a 顯示tcp socket
ss -u -a 顯示udp socket
ref: http://www.cyberciti.biz/tips/linux-unix-windows-find-hidden-processes-tcp-udp-ports.html
ref: http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html
留言