base/protocols/ftp/info.zeek

FTP

Defines data structures for tracking and logging FTP sessions.

Namespace

FTP

Imports

base/protocols/ftp/utils-commands.zeek

Summary

Runtime Options

FTP::default_capture_password: bool &redef

This setting changes if passwords used in FTP sessions are captured or not.

Types

FTP::ExpectedDataChannel: record

The expected endpoints of an FTP data channel.

FTP::Info: record

Detailed Interface

Runtime Options

FTP::default_capture_password
Type

bool

Attributes

&redef

Default

F

This setting changes if passwords used in FTP sessions are captured or not.

Types

FTP::ExpectedDataChannel
Type

record

passive: bool &log

Whether PASV mode is toggled for control channel.

orig_h: addr &log

The host that will be initiating the data connection.

resp_h: addr &log

The host that will be accepting the data connection.

resp_p: port &log

The port at which the acceptor is listening for the data connection.

The expected endpoints of an FTP data channel.

FTP::Info
Type

record

ts: time &log

Time when the command was sent.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

user: string &log &default = "<unknown>" &optional

User name for the current FTP session.

password: string &log &optional

Password for the current FTP session if captured.

command: string &log &optional

Command given by the client.

arg: string &log &optional

Argument for the command if one is given.

mime_type: string &log &optional

Sniffed mime type of file.

file_size: count &log &optional

Size of the file if the command indicates a file transfer.

reply_code: count &log &optional

Reply code from the server in response to the command.

reply_msg: string &log &optional

Reply message from the server in response to the command.

data_channel: FTP::ExpectedDataChannel &log &optional

Expected FTP data channel.

cwd: string &default = "." &optional

Current working directory that this session is in. By making the default value ‘.’, we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use.

cmdarg: FTP::CmdArg &optional

Command that is currently waiting for a response.

pending_commands: FTP::PendingCmds

Queue for commands that have been sent but not yet responded to are tracked here.

command_seq: count &default = 0 &optional

Sequence number of previous command.

passive: bool &default = F &optional

Indicates if the session is in active or passive mode.

capture_password: bool &default = FTP::default_capture_password &optional

Determines if the password will be captured for this request.

fuid: string &optional &log

File unique ID.

last_auth_requested: string &optional

(present if base/protocols/ftp/gridftp.zeek is loaded)