detect-protocols.zeek¶

ProtocolDetector¶

Finds connections with protocols on non-standard ports with DPD.

Namespace: ProtocolDetector
Imports: base/frameworks/notice, base/protocols/conn/removal-hooks.zeek, base/utils/conn-ids.zeek, base/utils/site.zeek

Summary¶

Runtime Options¶

`ProtocolDetector::minimum_duration`: `interval` `&redef`
`ProtocolDetector::minimum_volume`: `double` `&redef`
`ProtocolDetector::suppress_servers`: `set` `&redef`
`ProtocolDetector::valids`: `table` `&redef`

Non-standard protocol port detection finalization hook.

Functions¶

ProtocolDetector::found_protocol: function

Detailed Interface¶

Runtime Options¶

ProtocolDetector::minimum_duration ¶

Type: interval
Attributes: &redef
Default: 30.0 secs

ProtocolDetector::minimum_volume ¶

Type: double
Attributes: &redef
Default: 4000.0

ProtocolDetector::suppress_servers ¶

Type: set [Analyzer::Tag]
Attributes: &redef
Default: {}

ProtocolDetector::valids ¶

Type: table [Analyzer::Tag, addr, port] of ProtocolDetector::dir
Attributes: &redef
Default: {}

Constants¶

ProtocolDetector::check_interval ¶

Type: interval
Default: 5.0 secs

State Variables¶

ProtocolDetector::servers ¶

Type: table [addr, port, string] of set [string]
Attributes: &read_expire = 14.0 days
Default: {}

Types¶

ProtocolDetector::dir ¶

Type

enum

ProtocolDetector::NONE¶

ProtocolDetector::INCOMING¶

ProtocolDetector::OUTGOING¶

ProtocolDetector::BOTH¶

Hooks¶

ProtocolDetector::finalize_protocol_detection ¶

Type: Conn::RemovalHook

Non-standard protocol port detection finalization hook.

Functions¶

ProtocolDetector::found_protocol ¶

Type: function (c: connection, atype: Analyzer::Tag, protocol: string) : void

policy/frameworks/dpd/detect-protocols.zeek¶

Summary¶

Runtime Options¶

Constants¶

State Variables¶

Types¶

Redefinitions¶

Hooks¶

Functions¶

Detailed Interface¶

Runtime Options¶

Constants¶

State Variables¶

Types¶

Hooks¶

Functions¶