Scribd Logo
Upload

Welcome to Scribd!

  • 2.0.1.2 Class Activity - Identify Running Processes

    Uploaded by

    Aneuris
    13 views4 pages
    This document describes a class activity where students will use TCP/UDP Endpoint Viewer to identify running processes on their computer. The objectives and background are provided. Students are instructed to download the Windows Sysinternals Suite and use TCPView to view running processes. They explore the properties of some default processes like lsass.exe and svchost.exe. Students also observe how processes are added and removed when starting and closing a web browser. The key findings are recorded.

    Original Description:

    laboratorio

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes a class activity where students will use TCP/UDP Endpoint Viewer to identify running processes on their computer. The objectives and background are provided. Students are instructed to download the Windows Sysinternals Suite and use TCPView to view running processes. They explore the properties of some default processes like lsass.exe and svchost.exe. Students also observe how processes are added and removed when starting and closing a web browser. The key findings are recorded.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views4 pages

    2.0.1.2 Class Activity - Identify Running Processes

    Uploaded by

    Aneuris
    This document describes a class activity where students will use TCP/UDP Endpoint Viewer to identify running processes on their computer. The objectives and background are provided. Students are instructed to download the Windows Sysinternals Suite and use TCPView to view running processes. They explore the properties of some default processes like lsass.exe and svchost.exe. Students also observe how processes are added and removed when starting and closing a web browser. The key findings are recorded.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Asignatura

    Fundamento de Seguridad
    I
    Practica
    Laboratorio 2
    I
    Participante
    Aneuris Canot Arias 2021-0551
    I
    Facilitador
    Juan Alexander Ramirez
    I
    Sección
    #07
    I
    Fecha
    28/09/2023

    © Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 4 www.netacad.com
    Class Activity – Identify Running Processes

    Class Activity – Identify Running Processes


    Objectives
    In this lab, you will use TCP/UDP Endpoint Viewer, a tool in Sysinternals Suite, to identify any running
    processes on your computer.

    Background / Scenario
    In this lab, you will explore processes. Processes are programs or applications in execution. You will explore
    the processes using Process Explorer in the Windows Sysinternals Suite. You will also start and observe a
    new process.

    Required Resources
    • 1 Windows PC with Internet access

    Step 1: Download Windows Sysinternals Suite.


    a. Navigate to the following link to download Windows Sysinternals Suite:
    https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
    b. After the download is completed, right+click the zip file, and choose Extract All…, to extract the files from
    the folder. Choose the default name and destination in the Downloads folder and click Extract.
    c. Exit the web browser.

    Step 2: Start TCP/UDP Endpoint Viewer.


    a. Navigate to the SysinternalsSuite folder with all the extracted files.

    © Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 4 www.netacad.com
    Class Activity – Identify Running Processes

    b. Open Tcpview.exe. Accept the Process Explorer License Agreement when prompted. Click Yes to allow
    this app to make changes to your device.

    c. Exit the File Explorer and close all the currently running applications.

    Step 3: Explore the running processes.


    a. TCPView lists the process that are currently on your Windows PC. At this time, only Windows processes
    are running.

    b. Double-click lsass.exe.
    What is lsass.exe? In what folder is it located?
    Local Security Authority Process
    C:\Windows\System32\Isass.exe
    c. Close the properties window for lsass.exe when done.
    d. View the properties for the other running processes.
    Note: Not all processes can be queried for properties information.

    Step 4: Explore a user-started process.


    a. Open a web browser, such as Microsoft Edge.
    What did you observe in the TCPView window?

    © Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 3 of 4 www.netacad.com
    Class Activity – Identify Running Processes

    Los procesos para el navegador web

    b. Close the web browser.


    What did you observe in the TCPView window?
    El proceso del navegador web serán removidos

    c. Reopen the web browser. Research some of the processes listed in TCPView. Record your findings.
    El proceso Isass.exe verifica la valides del inicio de sección del usuario en la PC. Services.exe es
    usado para iniciar y parar servicios y cambiar los ajustes de inicio de los servicios por defecto. El
    proceso svchost.exe service hot ayuda al proceso de compartir recursos del Sistema mucho de
    estos recursos y estados son localizados en la carpeta C:\Windows\System32\ si estos
    ejecutables son encontrados en otro lugar del Sistema podría ser malware, como virus espías,
    troyanos y gusanos

    © Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 4 of 4 www.netacad.com

    You might also like