:py:mod:`dissect.target.plugins.os.unix.linux.sockets` ====================================================== .. py:module:: dissect.target.plugins.os.unix.linux.sockets Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.linux.sockets.NetSocketPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.linux.sockets.NetSocketRecord dissect.target.plugins.os.unix.linux.sockets.UnixSocketRecord dissect.target.plugins.os.unix.linux.sockets.PacketSocketRecord .. py:data:: NetSocketRecord .. py:data:: UnixSocketRecord .. py:data:: PacketSocketRecord .. py:class:: NetSocketPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Base class for plugins. Plugins can optionally be namespaced by specifying the ``__namespace__`` class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified ``test`` as namespace and a function called ``example``, you must call your plugin with ``test.example``:: A ``Plugin`` class has the following private class attributes: - ``__namespace__`` - ``__record_descriptors__`` With the following three being assigned in :func:`register`: - ``__plugin__`` - ``__functions__`` - ``__exports__`` Additionally, the methods and attributes of :class:`Plugin` receive more private attributes by using decorators. The :func:`export` decorator adds the following private attributes - ``__exported__`` - ``__output__``: Set with the :func:`export` decorator. - ``__record__``: Set with the :func:`export` decorator. The :func:`internal` decorator and :class:`InternalPlugin` set the ``__internal__`` attribute. Finally. :func:`args` decorator sets the ``__args__`` attribute. :param target: The :class:`~dissect.target.target.Target` object to load the plugin for. .. py:attribute:: __namespace__ :value: 'sockets' .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: packet() -> Iterator[PacketSocketRecord] This plugin yields the packet sockets and available stats associated with them. Yields PacketSocketRecord with the following fields: hostname (string): The target hostname. domain (string): The target domain. protocol (int): The captured protocol i.e. 0003 is ETH_P_ALL protocol_type (str): The canonical name of the captured protocol. sk (string): The socket number. type (int): The integer type of the socket (packet). iface (int): The interface index of the socket. r (int): The number of bytes that have been received by the socket and are waiting to be processed. rmem (int): The size of the receive buffer for the socket. user (int): The user ID of the process that created the socket. inode (int): The inode associated to the socket. pid (int): The pid associated with this socket. name (string): The process name associated to this socket. cmdline (string): The command line used to start the socket with. owner (string): The resolved user ID of the socket. .. py:method:: unix() -> Iterator[UnixSocketRecord] This plugin yields the unix sockets and available stats associated with them. Yields UnixSocketRecord with the following fields: hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. flags (bytes): The flags associated with the socket. type (string): The stream type of the socket. state (string): The state of the socket. inode (int): The inode associated to the socket. path (string): The path associated to the socket. .. py:method:: raw() -> Iterator[NetSocketRecord] This plugin yields the raw and raw6 sockets and available stats associated with them. Yields NetSocketRecord with the following fields: hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with. .. py:method:: udp() -> Iterator[NetSocketRecord] This plugin yields the udp and udp6 sockets and available stats associated with them. Yields NetSocketRecord with the following fields: hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with. .. py:method:: tcp() -> Iterator[NetSocketRecord] This plugin yields the tcp and tcp6 sockets and available stats associated with them. Yields NetSocketRecord with the following fields: hostname (string): The target hostname. domain (string): The target domain. protocol (string): The protocol used by the socket. receive_queue (int): The size, in bytes of the receive queue of the socket. transmit_queue (int): The size, in bytes of the transmit queue of the socket. local_ip (string): The local ip the socket connects from. local_port (int): The local port the socket connects from. remote_ip (string): The remote ip the socket connects to. remote_port (int): The remote port the socket connects to. state (string): The state of the socket. owner (string): The loginuid of the pid associated with this socket. inode (int): The inode (fd) associated with this socket. pid (int): The pid associated with this socket. name (string): The process name associated with this socket. cmdline (string): The command line used to start the socket with.