Environment
- EDR Console: All Versions
Symptoms
When using api/v1/process, the netconns are returning the local ip instead of the remote IP
Cause
This is expected behavior based on the direction of the network connection
Resolution
api/v1/process will only return one directions network information. Field 5 holds the direction, if this is "true" it's an outbound connection and v1 will return the remote IP and port. If it is "false", v1 will return the local IP and port.
To see both local and remote IP and ports, utilze api/v2/process or higher instead.
Additional Notes
Documentation at the time of this article lists the fields as "Remote". This is incorrect and a bug ticket has been filed to update the documentation
Related Content
