scapy.contrib.sebek
Sebek: kernel module for data collection on honeypots.
- class scapy.contrib.sebek.SebekHead(_pkt, /, *, magic=13684944, version=1, type=0, counter=0, time_sec=0, time_usec=0)[source]
Bases:
Packet- aliastypes = [<class 'scapy.contrib.sebek.SebekHead'>, <class 'scapy.packet.Packet'>]
- fields_desc: List[Field[Any, Any] | _FieldContainer] = [<XIntField (SebekHead).magic>, <ShortField (SebekHead).version>, <ShortEnumField (SebekHead).type>, <IntField (SebekHead).counter>, <IntField (SebekHead).time_sec>, <IntField (SebekHead).time_usec>]
- payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'version': 1}, <class 'scapy.contrib.sebek.SebekV1'>), ({'type': 2, 'version': 2}, <class 'scapy.contrib.sebek.SebekV2Sock'>), ({'version': 2}, <class 'scapy.contrib.sebek.SebekV2'>), ({'type': 2, 'version': 3}, <class 'scapy.contrib.sebek.SebekV3Sock'>), ({'version': 3}, <class 'scapy.contrib.sebek.SebekV3'>)]
- class scapy.contrib.sebek.SebekV1(_pkt, /, *, pid=0, uid=0, fd=0, cmd=b'', data_length=None, data=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.contrib.sebek.SebekV1'>, <class 'scapy.packet.Packet'>]
- class scapy.contrib.sebek.SebekV2(_pkt, /, *, parent_pid=0, pid=0, uid=0, fd=0, inode=0, cmd=b'', data_length=None, data=b'')[source]
Bases:
SebekV3- aliastypes = [<class 'scapy.contrib.sebek.SebekV2'>, <class 'scapy.contrib.sebek.SebekV3'>, <class 'scapy.packet.Packet'>]
- fields_desc: List[Field[Any, Any] | _FieldContainer] = [<IntField (SebekV3,SebekV2).parent_pid>, <IntField (SebekV3,SebekV2).pid>, <IntField (SebekV3,SebekV2).uid>, <IntField (SebekV3,SebekV2).fd>, <IntField (SebekV3,SebekV2).inode>, <StrFixedLenField (SebekV3,SebekV2).cmd>, <FieldLenField (SebekV3,SebekV2).data_length>, <StrLenField (SebekV3,SebekV2).data>]
- class scapy.contrib.sebek.SebekV2Sock(_pkt, /, *, parent_pid=0, pid=0, uid=0, fd=0, inode=0, cmd=b'', data_length=15, dip='127.0.0.1', dport=0, sip='127.0.0.1', sport=0, call=0, proto=0)[source]
Bases:
SebekV3Sock- aliastypes = [<class 'scapy.contrib.sebek.SebekV2Sock'>, <class 'scapy.contrib.sebek.SebekV3Sock'>, <class 'scapy.packet.Packet'>]
- fields_desc: List[Field[Any, Any] | _FieldContainer] = [<IntField (SebekV3Sock,SebekV2Sock).parent_pid>, <IntField (SebekV3Sock,SebekV2Sock).pid>, <IntField (SebekV3Sock,SebekV2Sock).uid>, <IntField (SebekV3Sock,SebekV2Sock).fd>, <IntField (SebekV3Sock,SebekV2Sock).inode>, <StrFixedLenField (SebekV3Sock,SebekV2Sock).cmd>, <IntField (SebekV3Sock,SebekV2Sock).data_length>, <IPField (SebekV3Sock,SebekV2Sock).dip>, <ShortField (SebekV3Sock,SebekV2Sock).dport>, <IPField (SebekV3Sock,SebekV2Sock).sip>, <ShortField (SebekV3Sock,SebekV2Sock).sport>, <ShortEnumField (SebekV3Sock,SebekV2Sock).call>, <ByteEnumField (SebekV3Sock,SebekV2Sock).proto>]
- class scapy.contrib.sebek.SebekV3(_pkt, /, *, parent_pid=0, pid=0, uid=0, fd=0, inode=0, cmd=b'', data_length=None, data=b'')[source]
Bases:
Packet- aliastypes = [<class 'scapy.contrib.sebek.SebekV3'>, <class 'scapy.packet.Packet'>]
- fields_desc: List[Field[Any, Any] | _FieldContainer] = [<IntField (SebekV3,SebekV2).parent_pid>, <IntField (SebekV3,SebekV2).pid>, <IntField (SebekV3,SebekV2).uid>, <IntField (SebekV3,SebekV2).fd>, <IntField (SebekV3,SebekV2).inode>, <StrFixedLenField (SebekV3,SebekV2).cmd>, <FieldLenField (SebekV3,SebekV2).data_length>, <StrLenField (SebekV3,SebekV2).data>]
- class scapy.contrib.sebek.SebekV3Sock(_pkt, /, *, parent_pid=0, pid=0, uid=0, fd=0, inode=0, cmd=b'', data_length=15, dip='127.0.0.1', dport=0, sip='127.0.0.1', sport=0, call=0, proto=0)[source]
Bases:
Packet- aliastypes = [<class 'scapy.contrib.sebek.SebekV3Sock'>, <class 'scapy.packet.Packet'>]
- fields_desc: List[Field[Any, Any] | _FieldContainer] = [<IntField (SebekV3Sock,SebekV2Sock).parent_pid>, <IntField (SebekV3Sock,SebekV2Sock).pid>, <IntField (SebekV3Sock,SebekV2Sock).uid>, <IntField (SebekV3Sock,SebekV2Sock).fd>, <IntField (SebekV3Sock,SebekV2Sock).inode>, <StrFixedLenField (SebekV3Sock,SebekV2Sock).cmd>, <IntField (SebekV3Sock,SebekV2Sock).data_length>, <IPField (SebekV3Sock,SebekV2Sock).dip>, <ShortField (SebekV3Sock,SebekV2Sock).dport>, <IPField (SebekV3Sock,SebekV2Sock).sip>, <ShortField (SebekV3Sock,SebekV2Sock).sport>, <ShortEnumField (SebekV3Sock,SebekV2Sock).call>, <ByteEnumField (SebekV3Sock,SebekV2Sock).proto>]