I want to transfer physical memory data captured by FastDump (FD) and ManTech DD (MDD) using netcat from target machine to other machine without storing them in the target machine. Both are windows XP machines.
Target Machine is where I am running memory acquisition tool to acquire its physical memory. Let say its IP is 192.168.0.1
Other Machine is where I want to transfer the memory data using netcat. Let say Its IP is 192.168.0.2
I run the listener in the other machine with the following command
C\>nc -l -p 23 > fd.bin
And then I run the following command on target machine to capture the memory data and send it to the other machine using netcat.
C\fd.exe | nc 192.168.0.2 23
This setup couldn't work. I checked fd.bin file after running the above commands and find out that fd.exe also requires an output file name argument. This is the same case with MDD.exe.
Do you know if i am doing anything wrong. Besides, I tried win32dd. Since it has built-in netcat support, it works fine and can send data through network to other computer where netcat listener is running.
Been a long time since I used netcat but are you maybe missing something in the syntax on the broadcast machine? The port address looks like it is kind of hanging in the wind there. On the listening machine you specified the port by preceding it with a -p switch but no switch on the broadcast machine.
Just checked the man pages for nc and it says that using the -l and -p options together is an error. Try it without the -p on the listener.
the setup works fine if I try sending a file let say abc.txt from target to other machine using the following command.
nc 192.168.0.4 23 < c\abc.txt
The problem arises with the memory acquisition tools (i.e. FD and MDD). They ask for the name of the output file in their arguments.
OK, there are always some differences in the various *nix tools depending on the actual flavor of the tool for the platform you are on so if it works with the -p in there that isn't it obviously. My man page gave examples without the -p.
Don't know if you use *nixs at all but most commands/bins return to the console such as when you run ls, and you pipe them out to a file or another process such as grep. In your case if the utility expects a file output and has no ability to write to the console I fear you may be hooped on the pipe. I am not familar with the tools you are using but will dl them and experiment a bit.
Addendum-
The faq on the HBGary site indicates that passing the output across a network requires SMB. It appears that it will only write to a file and the output can't be piped in the fashion you are trying.
Found an example using an SMB share here similar to what you are trying to do.
http//
About half way down under Process Memory Dumps