[Áú¹®]
netstat ¸¦ Çغ¸¸é 3134¶ó´Â óÀ½º¸´Â TCP Æ÷Æ®°¡ ¿·Á ÀÖ½À´Ï´Ù.
À©µµ¿ì¿¡¼ OPENµÈ Æ÷Æ®°¡ ¾î´À ÇÁ·Î±×·¥À» ÂüÁ¶ÇÏ´ÂÁö ¾Ë¼ö ÀÖ´Â ¹æ¹ýÀÌ ÀÖÀ»±î¿ä??
¾îµð¼ ¼û¾î¼ µ¹°í ÀÖ´ÂÁö ã±â°¡ Âü ³°¨ÇÕ´Ï´Ù..
±×·³ ´äº¯ ºÎŹµå¸³´Ï´Ù..
[¸Û¸Û´ÔÀÇ ´äº¯]
netstatÀÇ -o ¿É¼ÇÀ» ÀÌ¿ëÇϸé ÇØ´ç Æ÷Æ®¸¦ ¿¬ ÇÁ·Î±×·¥ÀÇ PID(ÇÁ·Î¼¼½º ³Ñ¹ö)¸¦
¾Ë ¼ö ÀÖ½À´Ï´Ù.
ex) netstat -ano
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1004
´ÙÀ½, tasklist ¸í·ÉÀ» ÀÌ¿ëÇÏ¸é °¢ PIDº° ½ÇÇà ÆÄÀÏ À̸§À» º¼ ¼ö ÀÖ½À´Ï´Ù.
À̹ÌÁö À̸§ PID ¼¼¼Ç À̸§ ¼¼¼Ç# ¸Þ¸ð¸® »ç¿ë
========================= ====== ================ ======== ============
svchost.exe 1004 Console 0 4,196 K
¿©±â¼ ´ÜÁ¡Àº ÇØ´ç ½ÇÇà ÆÄÀÏÀÇ Àý´ë °æ·Î Á¤º¸´Â Ãâ·ÂµÇÁö ¾Ê´Â´Ù´Â °ÍÀε¥,
ÀÌ´Â ´Ù¸¥ À¯¿ëÇÑ ÅøµéÀ» ÀÌ¿ëÇÏ¸é µË´Ï´Ù.
´ÙÀ½Àº ÇÁ·Î¼¼½º ºÐ¼®¿¡ À¯¿ëÇÑ ÅøµéÀÔ´Ï´Ù.
1. Process Explorer
http://hackerschool.org/~research/bbs/data/pds_prog/ProcessExplorerAmd64.zip
2. TopToBottom
http://hackerschool.org/~research/bbs/data/pds_prog/TopToBottomNTInstall.EXE
3. Security Task Manager
http://hackerschool.org/~research/bbs/data/pds_prog/taskmanager16f.exe
À§ ¼¼ ÅøÀÇ ±â´ÉÀº ºñ½Áºñ½ÁÇÕ´Ï´Ù. °³ÀÎÀûÀ¸·Ð °¡Àå °¡º¿î 1¹øÀ» ÃßõÇÕ´Ï´Ù.