base/bif/plugins/Zeek_SOCKS.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

socks_login_userpass_reply: event

Generated when a SOCKS server replies to a username/password login attempt.

socks_login_userpass_request: event

Generated when a SOCKS client performs username and password based login.

socks_reply: event

Generated when a SOCKS reply is analyzed.

socks_request: event

Generated when a SOCKS request is analyzed.

Detailed Interface

Events

socks_login_userpass_reply
Type

event (c: connection, code: count)

Generated when a SOCKS server replies to a username/password login attempt.

Parameters
  • c – The parent connection of the proxy.

  • code – The response code for the attempted login.

socks_login_userpass_request
Type

event (c: connection, user: string, password: string)

Generated when a SOCKS client performs username and password based login.

Parameters
  • c – The parent connection of the proxy.

  • user – The given username.

  • password – The given password.

socks_reply
Type

event (c: connection, version: count, reply: count, sa: SOCKS::Address, p: port)

Generated when a SOCKS reply is analyzed.

Parameters
  • c – The parent connection of the proxy.

  • version – The version of SOCKS this message used.

  • reply – The status reply from the server.

  • sa – The address that the server sent the traffic to.

  • p – The destination port for the proxied traffic.

socks_request
Type

event (c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string)

Generated when a SOCKS request is analyzed.

Parameters
  • c – The parent connection of the proxy.

  • version – The version of SOCKS this message used.

  • request_type – The type of the request.

  • sa – Address that the tunneled traffic should be sent to.

  • p – The destination port for the proxied traffic.

  • user – Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.