This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. Network_Socket_Object 2.0 04/08/2013 The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. The Network_Socket element is intended to characterize network sockets. The NetworkSocketObjectType is intended to characterize network sockets. The Address_Family field specifies the address family (AF_*) that the socket is configured for. The Domain field specifies the communication domain (PF_*) of the socket. The Local_Address field specifies the IP address and port for the socket on the local machine. The Options field specifies any particular options used by the socket. The Protocol field specifies the type of IP layer protocol used by the socket. The Remote_Address field specifies the IP address and port for the socket on the remote machine. The Type field specifies the type of socket being characterized. The is_blocking field specifies whether or not the socket is in blocking mode. The is_listening field specifies whether or not the socket is in listening mode. The SocketOptionsType specifies any particular options used by the socket. If an options is supported only by specific address families or socket types, that's indicated in parentheses. Set the interface over which outgoing multicast datagrams should be sent (AF_INET / SOCK_DGRAM or SOCK_RAW). Set the interface over which outgoing multicast datagrams should be sent (AF_INET6 / SOCK_DGRAM or SOCK_RAW) . Specify that the sending host receives a copy of an outgoing multicast datagram (AF_INET / SOCK_DGRAM or SOCK_RAW). Set Type of Service (TOS) and Precedence in the IP header (AF_INET). Enable the socket for issuing messages to a broadcast address (AF_INET / SOCK_DGRAM or SOCK_RAW). ( Allows an application to decide whether or not to accept an incoming connection on a listening socket (Windows only). Keep the connection up by sending periodic transmissions (AF_INET or AF_INET6 / SOCK_STREAM). Bypass normal routing mechanisms (AF_INET or AF_INET6 ) Specfies if the system attempts delivery of or discards any buffered data when a close() is issued. Complement of SO_LINGER. Indicates whether out-of-band data is received inline with normal data (AF_INET or AF_INET6). Set size of the receive buffer. Sets the relative priority for the socket in its group (Windows only). Indicates if the local socket address can be reused (AF_INET or AF_INET6 / SOCK_DGRAM or SOCK_RAW) Indicates if low-level debugging is active. Set the receive timeout value. Set size of the send buffer. Set the send timeout value. Updates the properties of the socket which are inherited from the listening socket (Windows only). Set the socket timeout. When set, TCP will send data immediately instead of using the Nagle delay algorithm (AF_INET or AF_INET6 / SOCK_STREAM). ( AddressFamilyType specifies address family types, via a union of the AddressFamilyTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. DomainFamilyType specifies domain family types, via a union of the DomainTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. SocketType specifies socket types, via a union of the SocketTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. ProtocolType specifies protocol types, via a union of the ProtocolTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. The AddressFamilyTypeEnum is an enumeration of address family (AF_*) types. Specifies an unspecified address family. Specifies sockets using for the Internet when using Berkeley sockets. Specifies the IPX (Novell Internet Protocol) address family. Specifies the APPLETALK DDP address family. Specifies the NETBIOS address family. Specifies the IP version 6 address family. Specifies IRDA sockets. Specifies BTH sockets. The DomainTypeEnum is an enumeration of communication domain (PF_*) types. Specifies the communication domain from local to host. Specifies the communication domain from UNIX to host. Specifies the communication domain from file to host. Specifies the IP protocol family. Specifies the Amateur Radio AX.25 family. Specifies the Novell Internet Protocol family. Specifies the IP version 6 protocol family. Specifies the Appletalk DDP protocol family. Specifies the Amateur radio NetROM protocol family. Specifies the Multiprotocol bridge protocol family. Specifies the ATM PVCs protocol family. Specifies the protocol family reserved for the X.25 project. Specifies the PF_KEY key management API family. Specifies the protocol family reserved for the DECnet project. Specifies the protocol family reserved for the 802.2LLC project. Specifies the Security callback pseudo AF protocol family. Specifies the PF_KEY key management API protocol family. Specifies the netlink routing API family. Specifies the PF_ROUTE routing API family. Specifies the packet family. Specifies the Ash family. Specifies the Acorn Econet family. Specifies the ATM SVCs protocol family. Specifies the Linux SNA Project protocol family. Specifies IRDA sockets. Specifies PPPoX sockets. Specifies Wanpipe API sockets. Specifies Bluetooth sockets. The SocketTypeEnum is an enumeration of socket (SOCK_*) types. Specifies a pipe-like socket which operates over a connection with a particular remote socket, and transmits data reliably as a stream of bytes. Specifies a socket in which individually-addressed packets are sent (datagram). Specifies raw sockets which allow new IP protocls to be implemented in user space. A raw socket receives or sends the raw datagram not including link level headers. Specifies a socket indicating a reliably-delivered message.. Specifies a datagram congestion control Protocol socket. The ProtocolTypeEnum is an enumeration of protocol types. Indicates the ICMP protocol. Indicates the IGMP protocol. Indicates the Bluetooth protocol. Indicates the TCP protocol. Indicates the UDP protocol. Indicates the ICMP v6 protocol. Indicates the Reliable Multicating protocol.