policy/frameworks/dpd/detect-protocols.zeek

ProtocolDetector

Finds connections with protocols on non-standard ports with DPD.

Namespace:ProtocolDetector Imports:base/frameworks/notice, base/utils/conn-ids.zeek, base/utils/site.zeek

Summary

Runtime Options

ProtocolDetector::minimum_duration: interval &redef
ProtocolDetector::minimum_volume: double &redef
ProtocolDetector::suppress_servers: set &redef
ProtocolDetector::valids: table &redef

Constants

ProtocolDetector::check_interval: interval

State Variables

ProtocolDetector::servers: table &read_expire = 14.0 days

Types

ProtocolDetector::dir: enum

Redefinitions

Notice::Type: enum

Functions

ProtocolDetector::found_protocol: function

Detailed Interface

Runtime Options

ProtocolDetector::minimum_duration

Type:interval Attributes:&redef Default:30.0 secs

ProtocolDetector::minimum_volume

Type:double Attributes:&redef Default:4000.0

ProtocolDetector::suppress_servers

Type:set [Analyzer::Tag] Attributes:&redef Default:{}

ProtocolDetector::valids

Type:table [Analyzer::Tag, addr, port] of ProtocolDetector::dir Attributes:&redef Default:{}

Constants

ProtocolDetector::check_interval

Type:interval Default:5.0 secs

State Variables

ProtocolDetector::servers

Type:table [addr, port, string] of set [string] Attributes:&read_expire = 14.0 days Default:{}

Types

ProtocolDetector::dir

Type:

enum

ProtocolDetector::NONE

ProtocolDetector::INCOMING

ProtocolDetector::OUTGOING

ProtocolDetector::BOTH

Functions

ProtocolDetector::found_protocol

Type:function (c: connection, atype: Analyzer::Tag, protocol: string) : void