dissect.target.plugins.os.unix.linux.sockets
#
Module Contents#
Classes#
Base class for plugins. |
Attributes#
- dissect.target.plugins.os.unix.linux.sockets.NetSocketRecord#
- dissect.target.plugins.os.unix.linux.sockets.UnixSocketRecord#
- dissect.target.plugins.os.unix.linux.sockets.PacketSocketRecord#
- class dissect.target.plugins.os.unix.linux.sockets.NetSocketPlugin(target: dissect.target.target.Target)#
Bases:
dissect.target.plugin.Plugin
Base class for plugins.
Plugins can optionally be namespaced by specifying the
__namespace__
class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specifiedtest
as namespace and a function calledexample
, you must call your plugin withtest.example
:A
Plugin
class has the following private class attributes:__namespace__
__record_descriptors__
With the following three being assigned in
register()
:__plugin__
__functions__
__exports__
Additionally, the methods and attributes of
Plugin
receive more private attributes by using decorators.The
export()
decorator adds the following private attributes__exported__
__output__
: Set with theexport()
decorator.__record__
: Set with theexport()
decorator.
The
internal()
decorator andInternalPlugin
set the__internal__
attribute. Finally.args()
decorator sets the__args__
attribute.- Parameters:
target – The
Target
object to load the plugin for.
- __namespace__ = 'sockets'#
- check_compatible() None #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- packet() Iterator[PacketSocketRecord] #
This plugin yields the packet sockets and available stats associated with them.
- Yields PacketSocketRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. protocol (int): The captured protocol i.e. 0003 is ETH_P_ALL protocol_type (str): The canonical name of the captured protocol. sk (string): The socket number. type (int): The integer type of the socket (packet). iface (int): The interface index of the socket. r (int): The number of bytes that have been received by the socket and are waiting to be processed. rmem (int): The size of the receive buffer for the socket. user (int): The user ID of the process that created the socket. inode (int): The inode associated to the socket. pid (int): The pid associated with this socket. name (string): The process name associated to this socket. cmdline (string): The command line used to start the socket with. owner (string): The resolved user ID of the socket.
- unix() Iterator[UnixSocketRecord] #
This plugin yields the unix sockets and available stats associated with them.
- Yields UnixSocketRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. flags (bytes): The flags associated with the socket. type (string): The stream type of the socket. state (string): The state of the socket. inode (int): The inode associated to the socket. path (string): The path associated to the socket.
- raw() Iterator[NetSocketRecord] #
This plugin yields the raw and raw6 sockets and available stats associated with them.
- Yields NetSocketRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.
- udp() Iterator[NetSocketRecord] #
This plugin yields the udp and udp6 sockets and available stats associated with them.
- Yields NetSocketRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.
- tcp() Iterator[NetSocketRecord] #
This plugin yields the tcp and tcp6 sockets and available stats associated with them.
- Yields NetSocketRecord with the following fields:
hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.