`dissect.target.plugins.os.unix.linux.network`¶

Module Contents¶

Classes¶

`LinuxNetworkPlugin`	Linux network interface plugin.
`LinuxNetworkConfigParser`
`NetworkManagerConfigParser`	NetworkManager configuration parser.
`SystemdNetworkConfigParser`	Systemd network configuration parser.
`DhclientLeaseParser`	Parse network interfaces from dhclient DHCP `.leases` files.
`NetworkManagerLeaseParser`	Parse network interfaces from NetworkManager DHCP `.lease` files.
`ProcConfigParser`	Parser for dynamic network configuration data from /proc/net.
`SyslogConfigParser`
`DhcpLease`

Functions¶

`be_hex_to_int`	Convert big-endian hex string to integer.
`parse_ubuntu_cloud_init_dhcp_lease`	Parse DHCP lease information from Ubuntu cloud-init logs.
`parse_networkd_dhcp_lease`	Parse DHCP lease information from systemd-networkd.
`parse_network_manager_dhcp_lease_old`	Parse DHCP lease information from NetworkManager logs old style.
`parse_network_manager_dhcp_lease_new`	Parse DHCP lease information from NetworkManager logs new style.
`parse_network_manager_centos_dhcp_lease`	Parse DHCP centos information
`parse_debian_centos_dhclient_lease`	Parse DHCP lease information from dhclient bound log lines.

Attributes¶

`NetAddress`
`VlanIdByInterface`
`MANAGERS`
`LEASERS`

dissect.target.plugins.os.unix.linux.network.NetAddress¶

class dissect.target.plugins.os.unix.linux.network.LinuxNetworkPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugins.os.default.network.NetworkPlugin

Linux network interface plugin.

interfaces(syslog: bool = False, max_lines: int | None = None) → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Yield interfaces.

dhcp() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Return interfaces obtained via DHCP.

dissect.target.plugins.os.unix.linux.network.VlanIdByInterface¶

class dissect.target.plugins.os.unix.linux.network.LinuxNetworkConfigParser(target: dissect.target.target.Target)¶

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from configuration files.

class dissect.target.plugins.os.unix.linux.network.NetworkManagerConfigParser(target: dissect.target.target.Target)¶

Bases: LinuxNetworkConfigParser

NetworkManager configuration parser.

NetworkManager configuration files are generally in an INI-like format. Note that Red Hat and Fedora deprecated ifcfg files. Documentation: https://networkmanager.dev/docs/api/latest/nm-settings-keyfile.html

config_paths: tuple[str, Ellipsis] = ('/etc/NetworkManager/system-connections/', '/usr/lib/NetworkManager/system-connections/',...¶

class ParserContext¶

source: str¶

uuid: str | None = None¶

last_connected: datetime.datetime | None = None¶

name: str | None = None¶

mac_address: str | None = None¶

type: str = ''¶

dns: set[NetAddress]¶

ip_interfaces: set[NetInterface]¶

gateways: set[NetAddress]¶

dhcp_ipv4: bool = False¶

dhcp_ipv6: bool = False¶

vlan: set[int]¶

to_record(target: dissect.target.target.Target) → dissect.target.helpers.record.UnixInterfaceRecord¶

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from configuration files.

class dissect.target.plugins.os.unix.linux.network.SystemdNetworkConfigParser(target: dissect.target.target.Target)¶

Bases: LinuxNetworkConfigParser

Systemd network configuration parser.

Systemd network configuration files are generally in an INI-like format with some quirks. Note that drop-in directories are not yet supported.

Documentation: https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html

collapsable_items: tuple[str, Ellipsis] = ('Match', 'Network', 'Link', 'MACAddress', 'Name', 'Type')¶

config_paths: tuple[str, Ellipsis] = ('/etc/systemd/network/', '/run/systemd/network/', '/usr/lib/systemd/network/',...¶

class DhcpConfig¶

Bases: NamedTuple

ipv4: bool¶

ipv6: bool¶

dns_ip_patttern¶

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from configuration files.

class dissect.target.plugins.os.unix.linux.network.DhclientLeaseParser(target: dissect.target.target.Target)¶

Bases: LinuxNetworkConfigParser

Parse network interfaces from dhclient DHCP .leases files.

References

https://linux.die.net/man/5/dhclient.conf

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from dhclient DHCP .leases files.

class dissect.target.plugins.os.unix.linux.network.NetworkManagerLeaseParser(target: dissect.target.target.Target)¶

Bases: LinuxNetworkConfigParser

Parse network interfaces from NetworkManager DHCP .lease files.

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from NetworkManager DHCP .lease files.

class dissect.target.plugins.os.unix.linux.network.ProcConfigParser(target: dissect.target.target.Target)¶

Bases: LinuxNetworkConfigParser

Parser for dynamic network configuration data from /proc/net.

Parse gateways, interface names and network from /proc/net/route. Corroborate with TCP connections from /proc/net/tcp to find local IP addresses. Locally bound Ipv6 addresses are parsed from /proc/net/if_inet6.

trie_ip_line_re¶

class ParserContext¶

name: str | None = None¶

ip_interfaces: set[NetInterface]¶

gateways: set[NetAddress]¶

to_record(target: dissect.target.target.Target) → dissect.target.helpers.record.UnixInterfaceRecord¶

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from configuration files.

class dissect.target.plugins.os.unix.linux.network.SyslogConfigParser(target: dissect.target.target.Target, max_lines: int | None = None)¶

Bases: LinuxNetworkConfigParser

interfaces() → collections.abc.Iterator[dissect.target.helpers.record.UnixInterfaceRecord]¶: Parse network interfaces from configuration files.

dissect.target.plugins.os.unix.linux.network.be_hex_to_int(be_hex: str) → int¶: Convert big-endian hex string to integer.

class dissect.target.plugins.os.unix.linux.network.DhcpLease¶

Bases: NamedTuple

name: str | None¶

interface: NetInterface¶

gateway: NetAddress | None¶

dissect.target.plugins.os.unix.linux.network.parse_ubuntu_cloud_init_dhcp_lease(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP lease information from Ubuntu cloud-init logs.

dissect.target.plugins.os.unix.linux.network.parse_networkd_dhcp_lease(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP lease information from systemd-networkd.

dissect.target.plugins.os.unix.linux.network.parse_network_manager_dhcp_lease_old(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP lease information from NetworkManager logs old style.

dissect.target.plugins.os.unix.linux.network.parse_network_manager_dhcp_lease_new(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP lease information from NetworkManager logs new style.

dissect.target.plugins.os.unix.linux.network.parse_network_manager_centos_dhcp_lease(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP centos information

dissect.target.plugins.os.unix.linux.network.parse_debian_centos_dhclient_lease(log_record: LogRecord) → DhcpLease | None¶: Parse DHCP lease information from dhclient bound log lines.

dissect.target.plugins.os.unix.linux.network.MANAGERS¶

dissect.target.plugins.os.unix.linux.network.LEASERS¶

dissect.target.plugins.os.unix.linux.network¶

Module Contents¶

Classes¶

Functions¶

Attributes¶

`dissect.target.plugins.os.unix.linux.network`¶