2.11. Hands-On Labs

The labs in this chapter are as follows:

Lab 2.1: Identify Running Processes on a Windows-Based Machine

Lab 2.2: Identify Running Processes on a Linux-Based Machine

2.11.1. Lab 2.1: Identify Running Processes on a Windows-Based Machine

It is important to know what processes are running on a machine at any given time. In addition to the programs that a user may be using, there are always many others that are required by the operating system, the network, or other applications.

All recent versions of Windows include the Task Manager to allow you to see what is running. To access this information, follow these steps:

  1. Right-click an empty location in the Windows Taskbar.

  2. Choose Task Manager from the pop-up menu that appears.

  3. The Task Manager opens to Applications by default and shows what the user is actually using. Click the Processes tab. Information about the programs that are needed for the running applications is shown, as well as all other processes running. (If the Show Processes From All Users check box appears beneath this tab, be sure to click it.) Many of the names of the processes appear cryptic, but definitions for most (good and bad) can be found at http://www.liutilities.com/products/wintaskspro/processlibrary/.

  4. Examine the list and look for anything out of the ordinary. After doing this a few times, you will become familiar with what is normally there and will be able to spot oddities quickly.

  5. Notice the values in the CPU column. Those values will always total 100, with System Idle Processes typically making up the bulk. High numbers on another process can indicate that there is a problem with it. If the numbers do not add up to 100, it can be a sign that a rootkit is masking some of the display.

  6. Close the Task Manager.

2.11.2. Lab 2.2: Identify Running Processes on a Linux-Based Machine

Most versions of Linux include a graphical utility to allow you to see the running processes. Those utilities differ based on the distribution of Linux you are using and the desktop that you have chosen.

All versions of Linux, however, do offer a command line and the ability to use the ps utility. Because of that, this method is employed in this lab. To access this information, follow these steps:

  1. Open a shell window, or otherwise access a command prompt.

  2. Type ps –ef | more.

  3. The display shows the processes running for all users. The names of the processes appear in the rightmost column, and the processor time will be in the column closest to it. The names are cryptic, but definitions for most can be found by using the man command followed by the name of the process. Those that are application specific can usually be found through a web search.

  4. Examine the list and look for anything out of the ordinary. After doing this a few times, you will become familiar with what is normally there and will be able to spot oddities quickly.

  5. Pay particular attention to those processes associated with the root user (the user appears in the first column). Because the root user has the power to do anything, only necessary daemons and processes should be associated with that user.

  6. Exit the shell.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.132.223