base/bif/plugins/Zeek_SOCKS.events.bif.zeek¶
- GLOBAL¶
- Namespace
GLOBAL
Summary¶
Events¶
Generated when a SOCKS server replies to a username/password login attempt. |
|
Generated when a SOCKS client performs username and password based login. |
|
Generated when a SOCKS reply is analyzed. |
|
Generated when a SOCKS request is analyzed. |
Detailed Interface¶
Events¶
- socks_login_userpass_reply¶
- Type
event(c:connection, code:count)
Generated when a SOCKS server replies to a username/password login attempt.
- C
The parent connection of the proxy.
- Code
The response code for the attempted login.
- socks_login_userpass_request¶
- Type
event(c:connection, user:string, password:string)
Generated when a SOCKS client performs username and password based login.
- C
The parent connection of the proxy.
- User
The given username.
- Password
The given password.
- socks_reply¶
- Type
event(c:connection, version:count, reply:count, sa:SOCKS::Address, p:port)
Generated when a SOCKS reply is analyzed.
- C
The parent connection of the proxy.
- Version
The version of SOCKS this message used.
- Reply
The status reply from the server.
- Sa
The address that the server sent the traffic to.
- P
The destination port for the proxied traffic.
- socks_request¶
- Type
event(c:connection, version:count, request_type:count, sa:SOCKS::Address, p:port, user:string)
Generated when a SOCKS request is analyzed.
- C
The parent connection of the proxy.
- Version
The version of SOCKS this message used.
- Request_type
The type of the request.
- Sa
Address that the tunneled traffic should be sent to.
- P
The destination port for the proxied traffic.
- User
Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.