Zeek_SOCKS.events.bif.zeek¶

Namespace:	GLOBAL

Summary¶

`socks_login_userpass_reply`: `event`	Generated when a SOCKS server replies to a username/password login attempt.
`socks_login_userpass_request`: `event`	Generated when a SOCKS client performs username and password based login.
`socks_reply`: `event`	Generated when a SOCKS reply is analyzed.
`socks_request`: `event`	Generated when a SOCKS request is analyzed.

socks_login_userpass_reply¶

Type:	`event` (c: `connection`, code: `count`)

Generated when a SOCKS server replies to a username/password login attempt.

C:	The parent connection of the proxy.
Code:	The response code for the attempted login.

socks_login_userpass_request¶

Type:	`event` (c: `connection`, user: `string`, password: `string`)

Generated when a SOCKS client performs username and password based login.

C:	The parent connection of the proxy.
User:	The given username.
Password:	The given password.

socks_reply¶

Type:	`event` (c: `connection`, version: `count`, reply: `count`, sa: `SOCKS::Address`, p: `port`)

Generated when a SOCKS reply is analyzed.

C:	The parent connection of the proxy.
Version:	The version of SOCKS this message used.
Reply:	The status reply from the server.
Sa:	The address that the server sent the traffic to.
P:	The destination port for the proxied traffic.

socks_request¶

Type:	`event` (c: `connection`, version: `count`, request_type: `count`, sa: `SOCKS::Address`, p: `port`, user: `string`)

Generated when a SOCKS request is analyzed.

C:	The parent connection of the proxy.
Version:	The version of SOCKS this message used.
Request_type:	The type of the request.
Sa:	Address that the tunneled traffic should be sent to.
P:	The destination port for the proxied traffic.
User:	Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.