Skip to main content

classify_raw_socket

memf_linux::heuristics

Function classify_raw_socket 

Source 
pub fn classify_raw_socket(
    comm: &str,
    socket_type: &str,
    is_promiscuous: bool,
) -> bool
Expand description

Classify whether a raw socket is suspicious.

Promiscuous sockets are always suspicious. AF_PACKET sockets owned by non-standard utilities are flagged.