Which tool lists all open network sockets, including those hidden by rootkits?

The ability to uncover all open network sockets, even those hidden by rootkits, relies on examining volatile memory to see the system’s true state. Rootkits can conceal sockets from normal OS tools by manipulating in-memory data, so you need memory forensics to reconstruct what’s really active. Memoryze is a memory-forensics tool that images and analyzes RAM to reveal artifacts like network sockets, processes, and kernel objects, including those hidden from standard utilities. That makes it the best fit for listing all open sockets, even when rootkits try to hide them. By contrast, Wireshark captures and analyzes network traffic, not the host’s internal socket state. Nessus is a vulnerability scanner, not a tool for enumerating in-memory artifacts. FTK Imager focuses on disk imaging and file analysis, not volatile memory.