5.5 Malware TCP View EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
Hi. Welcome back to the course. In the last video, we went over a tool called Kerr Reports to help us get some visibility on what ports are open and running on our particular machine.
Now, in this video, we're gonna use a tool called TCP View to do a similar thing again. It's just given us that visibility of reports are currently running,
so let's go ahead and get started. So you should still be connected to the Windows 10 machine. If you're not, just click on P Lab, win 10 right here and get connected
Now Step number two here. We're gonna go ahead and click on the file Explorer icon from the taskbar. So we're gonna scroll down here. I just click on this file Explorer icon here. It's gonna open up the Explorer for us,
and now we're gonna look for the DVD drive F C E h tools. So let's go ahead and look for that. So it's gonna be this one right here.
DVD drive, F c H E tools. Click on that.
Our next step here is we see that we want to find that CH Tools folder and then we want to double click on that. So let's go ahead and do that. We're gonna double click on this folder Here.
We seven see several options here. Let's go back to our lab documents. So we want to look for the TCP View folder,
and then once we find that, we're gonna double click inside of that on the TCP View application.
So let's scroll down to TCP view to find that folder.
All right, so we see it right there. So go ahead and double click on that to open it up.
Now, inside of there, we're gonna look for the TCP view application. So this one right here, So if we go back to our lab document, there's a couple applications of there, so make sure you choose the right one. So TCP view is the application that we want, not TCP ve con.
All right, So go and double click on that.
All right, so it's gonna give us that user account Control Papa box. We're just going to say yes to that.
Okay, So say yes to that. Now it's gonna open up. The TCP view says internals, etcetera, etcetera for us. And then you're gonna see all our protocols, airports running et cetera.
All right, so now we're gonna select the protocol column header. So basically, that's gonna allow us to sort by protocol.
So let's go ahead and do that. We're gonna click right here on the protocol one. You'll see you've got TCP. We've got utopias. Well, if we scroll down,
All right,
so let's move on to the next step of our lab. Now we're gonna click the local poor column header, and that's gonna help us sort by ports.
So we're just gonna click local port right here.
Now, that's gonna sort by the particular ports. You'll see it. A group. If we got more than one item running on a particular port, you'll see it. A group, all those for us, so we can easily find it.
So again, this is beneficial if we're trying to look for commonly known ports for malware
and we can see where it might be running on.
All right. So question number one here, what's your reason? We want to sort these columns. Um, we didn't think about that for a second. I'll stay quiet for just a moment, so it's a pretty easy question.
All right. So in my opinion, the main reason we want to start the columns is so it's a lot easier to give visibility on the particular item. So, for example, we we sorted by local port that I can quickly see like Okay, that bios is running here. You know what? You know what's running here. Is this a Web server? What's what's occurring on these particular things?
I can also see by South of protocol of, you know, it's a running TCP isn't running you tp.
That kind of tells me if I do see where my think it's Mel, where something I might be able to tell the type of malware or at least the class of Mauer based off of is running TCP or you to pee.
So that's kind of where the healthfulness comes in out of sorting Those makes your life a little easier just for visibility standpoint.
So in this lab, we went ahead and covered the TCP view tool, and again that just gave us some visibility on the ports running on this particular machine.
Now, in the next video, we're gonna talk about a tool called What's Running Utility? And so what's running allows us to give visibility on the different processes that are gonna be running on the machine
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By