FAKENET-NG

Network-Based Indicators

×
Disclaimer
  1. FakeNet can dynamically deduce the network request protocol by leveraging multiple data points. However, the protocol identification process may not always be accurate, especially when encountering custom protocols. To ensure reliable protocol identification, users are recommended to utilize PCAP files as the definitive source.
  2. During lengthy analysis sessions, there is a possibility of port reuse. Users are encouraged to consider the potential for port reuse when interpreting results. When in doubt, referring to PCAP files is recommended for a comprehensive understanding of network activity.
  3. FakeNet does not capture the process ID (PID) and process name of remote processes when operating in MultiHost mode. Placeholder values are used for PID (Index) and process names (Remote Process) in such cases.
  4. ICMP packets are not logged in the User Interface. To analyze ICMP interactions, refer to the generated PCAP files containing detailed network traffic information.
  5. FakeNet's DNS listener resolves domain names to 192.0.2.123 by default and it is not be confused with a legitimate NBI
Copied!
{% for process, process_info in nbis.items() %}
{% for proto, nbis_list in process_info.items() %} {% if proto != 'process_name' %}
    {% for nbi_info in nbis_list %} {% endfor %}
    Select NBI Additional Information Actions
      {% for key, value in nbi_info['nbi'].items() %} {% if key == 'Data Hexdump' %}
    • {{ key|e }} (showing first 256 bytes): {% for line in value %}

      {{ line|e }}

      {% endfor %}

      • {% else %}
    • {{ key|e }}: {{ value|e }}
      • {% endif %} {% endfor %}
    • Transport Layer Protocol: {{ nbi_info['transport_layer_proto']|e }}
    • Destination IP: {{ nbi_info['dst_ip']|e }}
    • Destination port: {{ nbi_info['dport']|e }}
    • SSL encrypted: {{ nbi_info['is_ssl_encrypted']|e }}
    • Network mode: {{ nbi_info['network_mode']|e }}
{% endif %} {% endfor %}
{% endfor %}