try the connscan plugin- http://code.google.com/p/volatility/wiki/CommandReference23#connscan you can see both the local and remote address below:$ python vol.py -f zeus.vmem connscanVolatile Systems Volatility Framework 2.3_betaOffset(P) Local Address Remote Address Pid---------- ------------------------- ------------------------- ---0x02214988 172.16.176.143:1054 193.104.41.75:80 8560x06015ab0 0.0.0.0:1056 193.104.41.75:80 856All the best,-gleedaOn Tue, Jul 23, 2013 at 2:40 PM, Don Raikes <don.raikes@oracle.com> wrote:
_______________________________________________Hello,
As part of an assignment for a security and privacy class I am taking I need to determine the ip address of a windowsXP system whose memory dump I have. Actually, it is the zeus.vmem dump from the volatility dump images download page.
I have done a lot of searching in google, but haven’t been able to find much about hwo to get this information.
I tried the technique outlined at:
http://code.google.com/p/volatility/wiki/CommandReference
in the area concerning strings.
When I use the perl script provided the only obvious ip address is 172.16.176.143 which is a private network address. My assignment is to determine the country of origin of the ip address, but so far I see no addresses which are not private addresses.
Does anyone have any suggestions on how to proceed with finding the system’s ip address?
--
Best Regards, Donald
Donald raikes | Accessibility Specialist/ QA Engineer
Phone: +15202717608 | Mobile: +15202717608
Oracle Quality Assurance
| Tucson, Arizona
Oracle is committed to developing practices and products that help protect the environment
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users