Description
Retrieves basic information about the active TCP connections.
Overview
Pull basic TCP connection information. IP addresses with be augmented with geolocation information via the data augmentation pipeline. This data may only be visible in json.
This script retieves the following information for each TCP connection:
- State
- Source IP
- Source Port
- Destination IP
- Destination Port
Dependencies
- recon
Operating Systems
- Windows
- Linux
- Mac
Example Output 1
local_ip : 10.0.0.15
state : Established
remote_ip : 10.0.0.3
remote_port : 49532
local_port : 3389
local_ip : 10.0.0.15
state : Established
remote_ip : 34.117.65.55
remote_port : 443
local_port : 53621
Example Output 2
Network connection with geolocation information added via the data augmentation pipeline.
[
{
"local_ip": "192.168.1.101",
"state": "Established",
"remote_ip": "162.125.40.2",
"remote_port": 443,
"local_port": 59112,
"remote_ip_geo": {
"city_name": "",
"country_name": "United States",
"location": {
"lat": 37.751,
"lon": -97.822
},
"timezone": "America/Chicago"
}
}
]