policy/frameworks/dpd/detect-protocols.zeek

ProtocolDetector

Finds connections with protocols on non-standard ports with DPD.

Namespace

ProtocolDetector

Imports

base/frameworks/notice, base/protocols/conn/removal-hooks.zeek, base/utils/conn-ids.zeek, base/utils/site.zeek

Summary

Runtime Options

ProtocolDetector::minimum_duration: interval &redef
ProtocolDetector::minimum_volume: double &redef
ProtocolDetector::suppress_servers: set &redef
ProtocolDetector::valids: table &redef

Constants

ProtocolDetector::check_interval: interval

State Variables

ProtocolDetector::servers: table &read_expire = 14.0 days

Types

ProtocolDetector::dir: enum

Redefinitions

Notice::Type: enum

ProtocolDetector::Protocol_Found ProtocolDetector::Server_Found

Hooks

ProtocolDetector::finalize_protocol_detection: Conn::RemovalHook

Non-standard protocol port detection finalization hook.

Functions

ProtocolDetector::found_protocol: function

Detailed Interface

Runtime Options

ProtocolDetector::minimum_duration

Type

interval

Attributes

&redef

Default

30.0 secs

ProtocolDetector::minimum_volume

Type

double

Attributes

&redef

Default

4000.0

ProtocolDetector::suppress_servers

Type

set [Analyzer::Tag]

Attributes

&redef

Default

{}

ProtocolDetector::valids

Type

table [Analyzer::Tag, addr, port] of ProtocolDetector::dir

Attributes

&redef

Default

{}

Constants

ProtocolDetector::check_interval

Type

interval

Default

5.0 secs

State Variables

ProtocolDetector::servers

Type

table [addr, port, string] of set [string]

Attributes

&read_expire = 14.0 days

Default

{}

Types

ProtocolDetector::dir

Type

enum

ProtocolDetector::NONE

ProtocolDetector::INCOMING

ProtocolDetector::OUTGOING

ProtocolDetector::BOTH

Hooks

ProtocolDetector::finalize_protocol_detection

Type

Conn::RemovalHook

Non-standard protocol port detection finalization hook.

Functions

ProtocolDetector::found_protocol

Type

function (c: connection, atype: Analyzer::Tag, protocol: string) : void