flowtop

Tracing Malicious Network Traffic

Table of Contents Nettop Google Transparency Report: Safe Browsing Tool Netstat Flowtop Nettop Assuming an unknown/suspicious output (i.e., no chat client is being used, but random chat domain appeared: vmp.boldchat.com) is spotted from a DNS monitoring such as in previous post titled - Sniff DNS queries: Under macOS, the nettop util provides list of sockets and routes in details that help to trace down the process that established the connection to the unknown domain: