dissect.target.plugins.os.unix.linux.sockets

Module Contents

Classes

NetSocketPlugin

Base class for plugins.

Attributes

NetSocketRecord
UnixSocketRecord
PacketSocketRecord

dissect.target.plugins.os.unix.linux.sockets.NetSocketRecord

dissect.target.plugins.os.unix.linux.sockets.UnixSocketRecord

dissect.target.plugins.os.unix.linux.sockets.PacketSocketRecord

class dissect.target.plugins.os.unix.linux.sockets.NetSocketPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

• __namespace__

• __record_descriptors__

With the following three being assigned in register():

• __plugin__

• __functions__

• __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

• __exported__

• __output__: Set with the export() decorator.

• __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:

target – The Target object to load the plugin for.

__namespace__ = 'sockets'

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

packet() → Iterator[PacketSocketRecord]

This plugin yields the packet sockets and available stats associated with them.

Yields PacketSocketRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. protocol (int): The captured protocol i.e. 0003 is ETH_P_ALL protocol_type (str): The canonical name of the captured protocol. sk (string): The socket number. type (int): The integer type of the socket (packet). iface (int): The interface index of the socket. r (int): The number of bytes that have been received by the socket and are waiting to be processed. rmem (int): The size of the receive buffer for the socket. user (int): The user ID of the process that created the socket. inode (int): The inode associated to the socket. pid (int): The pid associated with this socket. name (string): The process name associated to this socket. cmdline (string): The command line used to start the socket with. owner (string): The resolved user ID of the socket.

unix() → Iterator[UnixSocketRecord]

This plugin yields the unix sockets and available stats associated with them.

Yields UnixSocketRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. flags (bytes): The flags associated with the socket. type (string): The stream type of the socket. state (string): The state of the socket. inode (int): The inode associated to the socket. path (string): The path associated to the socket.

raw() → Iterator[NetSocketRecord]

This plugin yields the raw and raw6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.

udp() → Iterator[NetSocketRecord]

This plugin yields the udp and udp6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.

tcp() → Iterator[NetSocketRecord]

This plugin yields the tcp and tcp6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.