UDP Table

Overview

Evidence: Udp Table Description: Collect Udp Table Category: Network Platform: Linux Short Name: udptable Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Linux UDP table provides information about active UDP connections and network sockets. This data is essential for understanding network connectivity and detecting unauthorized network connections.

Data Collected

This collector gathers structured data about udp table.

Udp Table Data

Field

Description

Example

ID

Primary key (auto-increment)

Inode

Socket inode number

12345

ProcessId

Process ID using the socket

1234

UserId

User ID of the process

1000

LocalIP

Local IP address

0.0.0.0

LocalPort

Local port number

RemoteIP

Remote IP address

0.0.0.0

RemotePort

Remote port number

State

Connection state

UNCONN

Collection Method

This collector parses the necessary data from the udp_table table.

This collector collects files from the following locations:

/proc/net/udp
/proc/net/udp6

Usage

This evidence is crucial for forensic investigations as it provides UDP connection information. It helps investigators understand network connectivity, detect unauthorized connections, and investigate network-based attacks. The data can reveal active connections, network sockets, and potential network vulnerabilities. Analysts can use this information to identify network compromises, trace network activities, and assess network security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousUDPLite Table NextUnix Sockets

Last updated 16 minutes ago

Was this helpful?