base/protocols/ftp/info.zeek
- FTP
Defines data structures for tracking and logging FTP sessions.
- Namespace
FTP
- Imports
Summary
Runtime Options
This setting changes if passwords used in FTP sessions are captured or not. |
Types
The expected endpoints of an FTP data channel. |
|
Detailed Interface
Runtime Options
- FTP::default_capture_password
-
This setting changes if passwords used in FTP sessions are captured or not.
Types
- FTP::ExpectedDataChannel
- Type
The expected endpoints of an FTP data channel.
- FTP::Info
- Type
-
- ts:
time
&log
Time when the command was sent.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- user:
string
&log
&default
="<unknown>"
&optional
User name for the current FTP session.
- password:
string
&log
&optional
Password for the current FTP session if captured.
- command:
string
&log
&optional
Command given by the client.
- arg:
string
&log
&optional
Argument for the command if one is given.
- mime_type:
string
&log
&optional
Sniffed mime type of file.
- file_size:
count
&log
&optional
Size of the file if the command indicates a file transfer.
- reply_code:
count
&log
&optional
Reply code from the server in response to the command.
- reply_msg:
string
&log
&optional
Reply message from the server in response to the command.
- data_channel:
FTP::ExpectedDataChannel
&log
&optional
Expected FTP data channel.
- cwd:
string
&default
="."
&optional
Current working directory that this session is in. By making the default value ‘.’, we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use.
- cmdarg:
FTP::CmdArg
&optional
Command that is currently waiting for a response.
- pending_commands:
FTP::PendingCmds
Queue for commands that have been sent but not yet responded to are tracked here.
- command_seq:
count
&default
=0
&optional
Sequence number of previous command.
- passive:
bool
&default
=F
&optional
Indicates if the session is in active or passive mode.
- capture_password:
bool
&default
=FTP::default_capture_password
&optional
Determines if the password will be captured for this request.
- fuid:
string
&optional
&log
File unique ID.
- last_auth_requested:
string
&optional
(present if base/protocols/ftp/gridftp.zeek is loaded)
- ts: