meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
soc:irt:linux:start [2026/06/11 15:13] – created titannetsoc:irt:linux:start [2026/06/11 15:53] (current) titannet
Line 1: Line 1:
 ====== Linux ====== ====== Linux ======
  
 +
 +===== Live and Disk System =====
 +
 +
 +==== Process Information ====
  
 <code bash> <code bash>
Line 12: Line 17:
 /proc/{pid}/net /proc/{pid}/net
 /proc/{pid}/status /proc/{pid}/status
 +
 +# open ports, assume folder /proc/{pid}/
 +cat ./net/tcp | awk 'NR>1 {split($2, a, ":"); printf "%d\n", "0x" a[2]}'
 +
 +# local ip's and ports
 +awk 'NR>1 {
 +    split($2, a, ":")
 +    hex = a[1]
 +    # Extract bytes (IP is little-endian in the file)
 +    b1 = substr(hex,7,2); b2 = substr(hex,5,2)
 +    b3 = substr(hex,3,2); b4 = substr(hex,1,2)
 +    printf "%d.%d.%d.%d:%d\n",
 +        "0x"b1, "0x"b2, "0x"b3, "0x"b4,
 +        "0x"a[2]
 +}' ./net/tcp
 +
 +
 +
 +# connected local ip's
 +cat /net/arp
 +cat /net/route
 +
 +</code>
 +
 +==== Logs ====
 +
 +<code bash>
 +/var/log/...         # most system logs
 +/var/log/journal     # binary system logs, readable with journalctl
 +
 +
 +</code>
 +
 +==== Triage ====
 +
 +  * [[soc:irt:linux:tools:uac]]
 +
 +
 +
 +
 +
 +
 +===== Live =====
 +
 +
 +==== Basic System Info ====
 +
 +
 +<code bash>
 +timedatectl status
 +lsmod
 +iptables-save
 +mount
  
 </code> </code>