[Vol-users] netscan plugin question

Lou LaRocca louislarocca at gmail.com
Thu May 16 11:57:43 CDT 2013


I am looking at Win 7 x86 SP1 memory and I dont understand why I am seeing
"established connections" but no PID or Process with it.

0x2d07480  TCPv4      -------- --------------
0x1367da70 TCPv4      -------- --------------

In addition I am seeing stuff "listening" and it contains the PID and

0xdb838178 TCPv4        
LISTENING        996      svchost.exe
0xdb850ab0 TCPv4        
LISTENING        1440     spoolsv.exe
0xdb855e78 TCPv4        
LISTENING        1440     spoolsv.exe

So my question is why can I see the listening processes but im not getting
the Process that are established?

Thanks for the help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20130516/8551c9fc/attachment.html

More information about the Vol-users mailing list