Netcat Traffic Capture
The netcat traffic capture (nc_capture.acp) illustrates a short “conversation” between a netcat listener and a netcat client. The answers to the questions posed in Chapter 9 are listed in order below.
The netcat listener is bound to and listening on port 1080.
The operating system running on the system with the netcat listener is reported as “Microsoft Windows 2000 [Version 5.00.2195].” This information can be seen in packets 9 and 10 in the traffic capture, as it is displayed in Ethereal. This information is available because the netcat listener was told to launch the command interpreter whenever someone connected to the port it was listening on.
Five commands were sent to the netcat listener: dir (packets 13 and 14), cd.. ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
