Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- I use this for things like detecting callbacks after a potentially malicious download where the cnc server is not necessarily the source of the download.
- I needed this to refine the correlation of events for a particular application on one or more hosts.
- Edited this neat (undocumented?) tool to look into xbits in the ipc directory
- Simply adding all port pairs is quite wasteful because of unimportant ephemeral ports
- By default, set adds the default port for src and destination
- Three other set operations add the relevant source port, destination port, or both