sockets.packet¶
$ target-query <path/to/target> -f sockets.packet
Module |
|
Output |
|
Module documentation
Linux volatile net sockets plugin.
Function documentation
This plugin yields the packet sockets and available stats associated with them.
Yields PacketSocketRecord with the following fields:
hostname (string): The target hostname.
domain (string): The target domain.
protocol (int): The captured protocol i.e. 0003 is ETH_P_ALL
protocol_type (str): The canonical name of the captured protocol.
sk (string): The socket number.
type (int): The integer type of the socket (packet).
iface (int): The interface index of the socket.
r (int): The number of bytes that have been received by the socket and are waiting to be processed.
rmem (int): The size of the receive buffer for the socket.
user (int): The user ID of the process that created the socket.
inode (int): The inode associated to the socket.
pid (int): The pid associated with this socket.
name (string): The process name associated to this socket.
cmdline (string): The command line used to start the socket with.
owner (string): The resolved user ID of the socket.