base/bif/plugins/Zeek_TCP.functions.bif.zeek
- GLOBAL
- Namespace
GLOBAL
Summary
Functions
Returns the file handle of the contents file of a connection. |
|
Get the originator sequence number of a TCP connection. |
|
Get the responder sequence number of a TCP connection. |
|
Associates a file handle with a connection for writing TCP byte stream contents. |
Detailed Interface
Functions
- get_contents_file
-
Returns the file handle of the contents file of a connection.
- Parameters
cid – The connection ID.
direction – Controls what sides of the connection to record. See
set_contents_file
for possible values.
- Returns
The
file
handle for the contents file of the connection identified by cid. If the connection exists but there is no contents file for direction, then the function generates an error and returns a file handle tostderr
.
See also:
set_contents_file
,set_record_packets
,contents_file_write_failure
- get_orig_seq
-
Get the originator sequence number of a TCP connection. Sequence numbers are absolute (i.e., they reflect the values seen directly in packet headers; they are not relative to the beginning of the connection).
- Parameters
cid – The connection ID.
- Returns
The highest sequence number sent by a connection’s originator, or 0 if cid does not point to an active TCP connection.
See also:
get_resp_seq
- get_resp_seq
-
Get the responder sequence number of a TCP connection. Sequence numbers are absolute (i.e., they reflect the values seen directly in packet headers; they are not relative to the beginning of the connection).
- Parameters
cid – The connection ID.
- Returns
The highest sequence number sent by a connection’s responder, or 0 if cid does not point to an active TCP connection.
See also:
get_orig_seq
- set_contents_file
-
Associates a file handle with a connection for writing TCP byte stream contents.
- Parameters
cid – The connection ID.
direction –
Controls what sides of the connection to record. The argument can take one of the four values:
CONTENTS_NONE
: Stop recording the connection’s content.CONTENTS_ORIG
: Record the data sent by the connection originator (often the client).CONTENTS_RESP
: Record the data sent by the connection responder (often the server).CONTENTS_BOTH
: Record the data sent in both directions. Results in the two directions being intermixed in the file, in the order the data was seen by Zeek.
f – The file handle of the file to write the contents to.
- Returns
Returns false if cid does not point to an active connection, and true otherwise.
Note
The data recorded to the file reflects the byte stream, not the contents of individual packets. Reordering and duplicates are removed. If any data is missing, the recording stops at the missing data; this can happen, e.g., due to an
content_gap
event.See also:
get_contents_file
,set_record_packets
,contents_file_write_failure