Skip to content

Instantly share code, notes, and snippets.

@koraysaritas

koraysaritas/osquery.txt

Last active May 16, 2017 07:18
Show Gist options
  • Save koraysaritas/45f7778f754839faed99757bf5d9bf7a to your computer and use it in GitHub Desktop.
Save koraysaritas/45f7778f754839faed99757bf5d9bf7a to your computer and use it in GitHub Desktop.
Download ZIP
Processes which have open network sockets
Raw
osquery.txt
-- C:\WINDOWS\system32>echo select p.name, p.pid, s.local_address, s.local_port, s.remote_address, s.remote_port from process_open_sockets s join processes p on p.pid = s.pid; | osqueryi
osquery> select p.name, p.pid, s.local_address, s.local_port, s.remote_address, s.remote_port from process_open_sockets s join processes p on p.pid = s.pid;
-- https://osquery.io/docs/tables/#process_open_sockets
-- https://osquery.io/docs/tables/#processes
+------------------------------+-------+---------------------------+------------+---------------------------+-------------+
| name | pid | local_address | local_port | remote_address | remote_port |
+------------------------------+-------+---------------------------+------------+---------------------------+-------------+
| System | 4 | 0.0.0.0 | 80 | 0.0.0.0 | 0 |
| svchost.exe | 952 | 0.0.0.0 | 135 | 0.0.0.0 | 0 |
| System | 4 | 0.0.0.0 | 445 | 0.0.0.0 | 0 |
.
..
...
....
.....
......
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment