base/bif/plugins/Zeek_Ident.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

ident_error: event

Generated for Ident error replies.

ident_reply: event

Generated for Ident replies.

ident_request: event

Generated for Ident requests.

Detailed Interface

Events

ident_error
Type

event (c: connection, lport: port, rport: port, line: string)

Generated for Ident error replies.

See Wikipedia for more information about the Ident protocol.

Parameters
  • c – The connection.

  • lport – The corresponding request’s local port.

  • rport – The corresponding request’s remote port.

  • line – The error description returned by the reply.

See also: ident_reply, ident_request

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_reply
Type

event (c: connection, lport: port, rport: port, user_id: string, system: string)

Generated for Ident replies.

See Wikipedia for more information about the Ident protocol.

Parameters
  • c – The connection.

  • lport – The corresponding request’s local port.

  • rport – The corresponding request’s remote port.

  • user_id – The user id returned by the reply.

  • system – The operating system returned by the reply.

See also: ident_error, ident_request

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_request
Type

event (c: connection, lport: port, rport: port)

Generated for Ident requests.

See Wikipedia for more information about the Ident protocol.

Parameters
  • c – The connection.

  • lport – The request’s local port.

  • rport – The request’s remote port.

See also: ident_error, ident_reply

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.