Expand description
Linux Unix domain socket walker.
Enumerates Unix domain sockets from kernel memory by walking the
unix_socket_table hash table of unix_sock structures. Unix sockets
are used for local IPC and can reveal hidden communication channels
between processes. Malware uses abstract Unix sockets (names starting
with \0) for covert C2 channels. Equivalent to Volatility’s
linux.sockstat for AF_UNIX.
Re-exports§
pub use crate::heuristics::classify_unix_socket;
Structs§
- Unix
Socket Info - Information about a Unix domain socket extracted from kernel memory.
Functions§
- socket_
type_ name - Map a kernel
sk_typevalue to a human-readable socket type name. - walk_
unix_ sockets - Walk Unix domain sockets from kernel memory.