UDP Table

Overview

Evidence: UDP Table Description: Collect UDP table Category: Network Platform: Linux Short Name: udptab Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers UDP connection table information from the Linux system. This data is essential for understanding network activity, detecting suspicious connections, and investigating network-based security incidents.

Data Collected

This collector gathers structured data about udp table.

UDP Table Data

Field

Description

Example

ID

Inode

Inode

Example value

ProcessId

Process Id

Example value

UserId

User Id

Example value

LocalIP

Local IP

Example value

LocalPort

Local Port

Example value

RemoteIP

Remote IP

Example value

RemotePort

Remote Port

Example value

State

State

Example value

Collection Method

This collector parses the necessary data from the udp_table table.

Usage

This evidence is crucial for forensic investigations as it provides UDP connection information. It helps investigators understand active and historical connections, detect suspicious endpoints, and investigate potential data exfiltration. Analysts can use this information to identify compromised services, trace remote connections, and assess network security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousUDPLite Table NextUnix Sockets

Last updated 5 hours ago

Was this helpful?