Zeek_Ident.events.bif.zeek¶

GLOBAL¶

Namespace:	GLOBAL

Summary¶

Events¶

`ident_error`: `event`	Generated for Ident error replies.
`ident_reply`: `event`	Generated for Ident replies.
`ident_request`: `event`	Generated for Ident requests.

Detailed Interface¶

Events¶

ident_error¶

Type:	`event` (c: `connection`, lport: `port`, rport: `port`, line: `string`)

Generated for Ident error replies.

See Wikipedia for more information about the Ident protocol.

C:	The connection.
Lport:	The corresponding request’s local port.
Rport:	The corresponding request’s remote port.
Line:	The error description returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_reply¶

Type:	`event` (c: `connection`, lport: `port`, rport: `port`, user_id: `string`, system: `string`)

Generated for Ident replies.

See Wikipedia for more information about the Ident protocol.

C:	The connection.
Lport:	The corresponding request’s local port.
Rport:	The corresponding request’s remote port.
User_id:	The user id returned by the reply.
System:	The operating system returned by the reply.

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ident_request¶

Type:	`event` (c: `connection`, lport: `port`, rport: `port`)

Generated for Ident requests.

See Wikipedia for more information about the Ident protocol.

C:	The connection.
Lport:	The request’s local port.
Rport:	The request’s remote port.