base/bif/plugins/Zeek_StreamEvent.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for each chunk of reassembled TCP payload. |
|
Generated when Zeek detects a gap in a reassembled TCP payload stream. |
Detailed Interface
Events
- stream_deliver
- Type:
event
(c:connection
, is_orig:bool
, data:string
)
Generated for each chunk of reassembled TCP payload.
This is a low-level event to inspect stream data from the originator and responder endpoints. This can be useful for debugging purposes, or for logging of plain-text interactive sessions when no more appropriate analyzer is available.
Note that this event is potentially expensive if connections that have the stream event analyzer attached carry significant amounts of data. Generally, a native protocol parser will have much less overhead than passing the complete stream data to the scripting layer.
- Parameters:
c – The connection.
is_orig – T if stream data is from the originator-side, else F.
data – The raw payload.
See also:
stream_undelivered
,tcp_contents
- stream_undelivered
- Type:
event
(c:connection
, is_orig:bool
, seq:count
, len:count
)
Generated when Zeek detects a gap in a reassembled TCP payload stream.
- Parameters:
c – The connection.
is_orig – T if the gap is in the originator-side input, else F.
seq – The sequence number of the first byte of the gap.
len – The length of the gap.
See also:
stream_deliver
,content_gap