This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Collection - Netstat Details

Question: 

When the RN150 is collecting netstat data, does it use \\127.0.0.1\admin$ or does it use the connection IP, \\10.0.0.1\admin$?

 

Answer: 

A DCE/RPC connection is then opened to deliver the command to the cmd.exe utility. The command issued redirects its output to a temporary plain text file in the ADMIN$ share, where the name is the timestamp of the current time prefixed by two underscores and suffixed with a random number, eg, ‘__1497992728.46’. The final form of the command executed on the remote Windows system is:

cmd.exe /Q /c netstat -anop TCP 1> \\127.0.0.1\ADMIN$\filename 2>&1

 

 

‎Jan 17, 2020 09:28 AM

Labels:
Was this article helpful? Yes No
No ratings
0 Kudos
Version history
Last update:
‎Jan 17, 2020 09:28 AM
Updated by:
Level 9 Flexeran