Re: [Vol-users] Volatility 2.1/2.2 connscan/sockets/sockscan not supported for profile Win7SP1x86

I see, thanks Jamie. I was relying too much on vol.py -h listing for what commands/plugins were available. connections is labeled XP only but connscan and sockets did not say the same. 2.1 and 2.2 -h do not list netscan (2.0 does) Have a good day! Mike > > Connections/conscan/sockets/sockscan are for Windows XP/2003 only. > Use the netscan plugin for anything Vista/2008/Win7: > > http://code.google.com/p/volatility/wiki/CommandReference20#Networking > > > > On Fri, Jan 4, 2013 at 4:58 PM, Mike Lambert <dragonforen(a)hotmail.com> > wrote: > > I have found that in Volatility 2.1 and 2.2 connscan is not supported > > for > > profile Win7SP1x86. Volatility 2.0 does not produce any results. (??) > > I see that sockets and sockscan are also not supported in Volatility > > 2.2. > > See below. > > > > pslist does work, so some commands are supported. > > > > Is this a known issue? > > > > > > ----------------cut-here------------------- > > C:\Python27\volatility-2.2>vol.py imageinfo -f g:\victim1.w32 > > Volatile Systems Volatility Framework 2.2 > > Determining profile based on KDBG search... > > Suggested Profile(s) : Win7SP0x86, Win7SP1x86 > > AS Layer1 : JKIA32PagedMemoryPae (Kernel AS) > > AS Layer2 : FileAddressSpace (G:\victim1.w32) > > PAE type : PAE > > DTB : 0x185000L > > KDBG : 0x82761be8L > > Number of Processors : 2 > > Image Type (Service Pack) : 0 > > KPCR for CPU 0 : 0x82762c00L > > KPCR for CPU 1 : 0x807c0000L > > KUSER_SHARED_DATA : 0xffdf0000L > > Image date and time : 2013-01-04 20:41:23 UTC+0000 > > Image local date and time : 2013-01-04 14:41:23 -0600 > > > > > > C:\Python27\volatility-2.0>vol.py connscan -f h:\victim1.img > > --profile=Win7SP1x86 > > Volatile Systems Volatility Framework 2.0 > > Offset Local Address Remote Address Pid > > ---------- ------------------------- ------------------------- ------ > > > > C:\Python27\volatility-2.1>vol.py connscan -f h:\victim1.img > > --profile=Win7SP1x86 > > Volatile Systems Volatility Framework 2.1 > > Offset(P) Local Address Remote Address Pid > > ---------- ------------------------- ------------------------- --- > > ERROR : volatility.plugins.connscan: This command does not support the > > selected profile. > > > > > > C:\Python27\volatility-2.2>vol.py connscan -f g:\victim1.w32 > > --profile=Win7SP1x86 > > Volatile Systems Volatility Framework 2.2 > > Offset(P) Local Address Remote Address Pid > > ---------- ------------------------- ------------------------- --- > > ERROR : volatility.plugins.connscan: This command does not support the > > selected profile. > > > > C:\Python27\volatility-2.2>vol.py sockets -f g:\victim1.w32 > > --profile=Win7SP1x86 > > Volatile Systems Volatility Framework 2.2 > > ERROR : volatility.plugins.sockets: This command does not support the > > selected profile. > > > > C:\Python27\volatility-2.2>vol.py sockscan -f g:\victim1.w32 > > --profile=Win7SP1x86 > > Volatile Systems Volatility Framework 2.2 > > Offset(P) PID Port Proto Protocol Address Create Time > > ---------- ------ ------ ------ --------------- --------------- > > ----------- > > ERROR : volatility.plugins.sockscan: This command does not support the > > selected profile. > > > > _______________________________________________ > > Vol-users mailing list > > Vol-users(a)volatilityfoundation.org > > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users > > > > > > -- > PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92