base/bif/plugins/Zeek_SOCKS.events.bif.zeek¶
-
GLOBAL
¶
Namespace: | GLOBAL |
---|
Summary¶
Events¶
socks_login_userpass_reply : event |
Generated when a SOCKS server replies to a username/password login attempt. |
socks_login_userpass_request : event |
Generated when a SOCKS client performs username and password based login. |
socks_reply : event |
Generated when a SOCKS reply is analyzed. |
socks_request : event |
Generated when a SOCKS request is analyzed. |
Detailed Interface¶
Events¶
-
socks_login_userpass_reply
¶ Type: event
(c:connection
, code:count
)Generated when a SOCKS server replies to a username/password login attempt.
C: The parent connection of the proxy. Code: The response code for the attempted login.
-
socks_login_userpass_request
¶ Type: event
(c:connection
, user:string
, password:string
)Generated when a SOCKS client performs username and password based login.
C: The parent connection of the proxy. User: The given username. Password: The given password.
-
socks_reply
¶ Type: event
(c:connection
, version:count
, reply:count
, sa:SOCKS::Address
, p:port
)Generated when a SOCKS reply is analyzed.
C: The parent connection of the proxy. Version: The version of SOCKS this message used. Reply: The status reply from the server. Sa: The address that the server sent the traffic to. P: The destination port for the proxied traffic.
-
socks_request
¶ Type: event
(c:connection
, version:count
, request_type:count
, sa:SOCKS::Address
, p:port
, user:string
)Generated when a SOCKS request is analyzed.
C: The parent connection of the proxy. Version: The version of SOCKS this message used. Request_type: The type of the request. Sa: Address that the tunneled traffic should be sent to. P: The destination port for the proxied traffic. User: Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.