jess LAND
       www.jessland.net
        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Forensics > Areas > Network > Covert Channel > Host Level Forensics Section Map

Covert Channel Identification at the Host Level

Content Leader: Jess Garcia - Last Updated: January 26, 2007


Windows

ICMP

TCP/UDP

  • Discovery Tools:
    • netstat
    • TDImon
    • TCPview

UNIX

system/kernel API akin to the socket/bind/connect/send/rcvmsg calls in the Unix-y networking API.

ICMP

  • Possibilities:
    • The process is using the Unix Sockets Networking API
    • The process is using the libdnet library (a set of wrappers for the UNIX Sockets Networking API).
    • The process is using a Raw Socket

TCP/UDP

  • Discovery Tools:
    • lsof

Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.