base/bif/plugins/Zeek_SOCKS.events.bif.zeek
- GLOBAL
- Namespace
GLOBAL
Summary
Events
Generated when a SOCKS server replies to a username/password login attempt. |
|
Generated when a SOCKS client performs username and password based login. |
|
Generated when a SOCKS reply is analyzed. |
|
Generated when a SOCKS request is analyzed. |
Detailed Interface
Events
- socks_login_userpass_reply
- Type
event
(c:connection
, code:count
)
Generated when a SOCKS server replies to a username/password login attempt.
- Parameters
c – The parent connection of the proxy.
code – The response code for the attempted login.
- socks_login_userpass_request
- Type
event
(c:connection
, user:string
, password:string
)
Generated when a SOCKS client performs username and password based login.
- Parameters
c – The parent connection of the proxy.
user – The given username.
password – The given password.
- socks_reply
- Type
event
(c:connection
, version:count
, reply:count
, sa:SOCKS::Address
, p:port
)
Generated when a SOCKS reply is analyzed.
- Parameters
c – The parent connection of the proxy.
version – The version of SOCKS this message used.
reply – The status reply from the server.
sa – The address that the server sent the traffic to.
p – The destination port for the proxied traffic.
- socks_request
- Type
event
(c:connection
, version:count
, request_type:count
, sa:SOCKS::Address
, p:port
, user:string
)
Generated when a SOCKS request is analyzed.
- Parameters
c – The parent connection of the proxy.
version – The version of SOCKS this message used.
request_type – The type of the request.
sa – Address that the tunneled traffic should be sent to.
p – The destination port for the proxied traffic.
user – Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.