`dissect.target.plugins.os.unix.linux.sockets`¶

Module Contents¶

Classes¶

NetSocketPlugin

Linux volatile net sockets plugin.

Attributes¶

`NetSocketRecord`
`UnixSocketRecord`
`PacketSocketRecord`

dissect.target.plugins.os.unix.linux.sockets.NetSocketRecord¶

dissect.target.plugins.os.unix.linux.sockets.UnixSocketRecord¶

dissect.target.plugins.os.unix.linux.sockets.PacketSocketRecord¶

class dissect.target.plugins.os.unix.linux.sockets.NetSocketPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.Plugin

Linux volatile net sockets plugin.

__namespace__ = 'sockets'¶: Defines the plugin namespace.

sockets¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

packet() → collections.abc.Iterator[PacketSocketRecord]¶

This plugin yields the packet sockets and available stats associated with them.

Yields PacketSocketRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
protocol (str): packet.
protocol_type (str): The canonical name of the captured protocol i.e. ETH_P_ALL.
socket_type (int): The integer type of the socket (packet).
sk (int): The socket number.
iface (int): The interface index of the socket.
r (int): The number of bytes that have been received by the socket and are waiting to be processed.
rmem (int): The size of the receive buffer for the socket.
uid (int): The user ID of the process that created the socket.
inode (int): The inode associated to the socket.
pid (int): The pid associated with this socket.
name (string): The process name associated to this socket.
cmdline (string): The command line used to start the socket with.
owner (string): The resolved user ID of the socket.

unix() → collections.abc.Iterator[UnixSocketRecord]¶

This plugin yields the unix sockets and available stats associated with them.

Yields UnixSocketRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
protocol (string): The protocol used by the socket.
socket_flags (bytes): The flags associated with the socket.
type (string): The stream type of the socket.
state (string): The state of the socket.
inode (int): The inode associated to the socket.
path (string): The path associated to the socket.

raw() → collections.abc.Iterator[NetSocketRecord]¶

This plugin yields the raw and raw6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
protocol (string): The protocol used by the socket.
receive_queue (int): The size, in bytes of the receive queue of the socket.
transmit_queue (int): The size, in bytes of the transmit queue of the socket.
local_ip (string): The local ip the socket connects from.
local_port (int): The local port the socket connects from.
remote_ip (string): The remote ip the socket connects to.
remote_port (int): The remote port the socket connects to.
state (string): The state of the socket.
owner (string): The loginuid of the pid associated with this socket.
inode (int): The inode (fd) associated with this socket.
pid (int): The pid associated with this socket.
name (string): The process name associated with this socket.
cmdline (string): The command line used to start the socket with.

udp() → collections.abc.Iterator[NetSocketRecord]¶

This plugin yields the udp and udp6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
protocol (string): The protocol used by the socket.
receive_queue (int): The size, in bytes of the receive queue of the socket.
transmit_queue (int): The size, in bytes of the transmit queue of the socket.
local_ip (string): The local ip the socket connects from.
local_port (int): The local port the socket connects from.
remote_ip (string): The remote ip the socket connects to.
remote_port (int): The remote port the socket connects to.
state (string): The state of the socket.
owner (string): The loginuid of the pid associated with this socket.
inode (int): The inode (fd) associated with this socket.
pid (int): The pid associated with this socket.
name (string): The process name associated with this socket.
cmdline (string): The command line used to start the socket with.

tcp() → collections.abc.Iterator[NetSocketRecord]¶

This plugin yields the tcp and tcp6 sockets and available stats associated with them.

Yields NetSocketRecord with the following fields:

hostname (string): The target hostname.
domain (string): The target domain.
protocol (string): The protocol used by the socket.
receive_queue (int): The size, in bytes of the receive queue of the socket.
transmit_queue (int): The size, in bytes of the transmit queue of the socket.
local_ip (string): The local ip the socket connects from.
local_port (int): The local port the socket connects from.
remote_ip (string): The remote ip the socket connects to.
remote_port (int): The remote port the socket connects to.
state (string): The state of the socket.
owner (string): The loginuid of the pid associated with this socket.
inode (int): The inode (fd) associated with this socket.
pid (int): The pid associated with this socket.
name (string): The process name associated with this socket.
cmdline (string): The command line used to start the socket with.

dissect.target.plugins.os.unix.linux.sockets¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.unix.linux.sockets`¶