Reverse Engineering Mac Malware 5 - Process and Network AnalysisSuch important vectors of examining arbitrary code’s activity on Mac OS X as process
analysis and network analysis are the subjects Sarah Edwards explicates here. In
the context of the former, the expert dwells on instruments called Dtrace,
including execsnoop and newproc.d; fs_usage; procxp; and the Activity Monitor. As
far as network analysis is concerned, popular tools like CocoaPacketAnalyzer,
Wireshark, Tcpdump and lsock get scrutinized and demonstrated via real-world examples.
Source:
Reverse Engineering Mac Malware 5 - Process and Network Analysis
