# T1049: System Network Connections Discovery Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. An adversary who gains access to a system that is part of a cloud-based environment may map out Virtual Private Clouds or Virtual Networks in order to determine what systems and services are connected. The actions performed are likely the same types of discovery techniques depending on the operating system, but the resulting information may include details about the networked cloud environment relevant to the adversary's goals. Cloud providers may have different ways in which their virtual networks operate. Utilities and commands that acquire this information include netstat, "net use", and "net session" with Net. In Mac and Linux, netstat and lsof can be used to list current connections. Who -a and w can be used to show which users are currently logged in, similar to "net session". **Example** Working with the netstat, net use and net session commands to discover connections NetStat ![](/files/-MS07GytrXIZ1ux_m5mZ) Net use ![](/files/-MS07HcC2XqWcF1Zxbp7) Net sessions ![](/files/-MS07IMK_-IDsIPn6nBB) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/discovery/t1049-system-network-connections-discovery.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.