base/bif/plugins/Zeek_SOCKS.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated when a SOCKS server replies to a username/password login attempt. |
|
Generated when a SOCKS client performs username and password based login. |
|
Generated when a SOCKS reply is analyzed. |
|
Generated when a SOCKS request is analyzed. |
Detailed Interface
Events
- socks_login_userpass_reply
- Type:
event(c:connection, code:count)
Generated when a SOCKS server replies to a username/password login attempt.
- Parameters:
c – The parent connection of the proxy.
code – The response code for the attempted login.
- socks_login_userpass_request
- Type:
event(c:connection, user:string, password:string)
Generated when a SOCKS client performs username and password based login.
- Parameters:
c – The parent connection of the proxy.
user – The given username.
password – The given password.
- socks_reply
- Type:
event(c:connection, version:count, reply:count, sa:SOCKS::Address, p:port)
Generated when a SOCKS reply is analyzed.
- Parameters:
c – The parent connection of the proxy.
version – The version of SOCKS this message used.
reply – The status reply from the server.
sa – The address that the server sent the traffic to.
p – The destination port for the proxied traffic.
- socks_request
- Type:
event(c:connection, version:count, request_type:count, sa:SOCKS::Address, p:port, user:string)
Generated when a SOCKS request is analyzed.
- Parameters:
c – The parent connection of the proxy.
version – The version of SOCKS this message used.
request_type – The type of the request.
sa – Address that the tunneled traffic should be sent to.
p – The destination port for the proxied traffic.
user – Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.