detect-protocols.zeek

ProtocolDetector

Finds connections with protocols on non-standard ports with DPD.

Namespace:: ProtocolDetector
Imports:: base/frameworks/notice, base/protocols/conn/removal-hooks.zeek, base/utils/conn-ids.zeek, base/utils/site.zeek

Summary

Runtime Options

`ProtocolDetector::minimum_duration`: `interval` `&redef`
`ProtocolDetector::minimum_volume`: `double` `&redef`
`ProtocolDetector::suppress_servers`: `set` `&redef`
`ProtocolDetector::valids`: `table` `&redef`

Non-standard protocol port detection finalization hook.

Functions

ProtocolDetector::found_protocol: function

Detailed Interface

Runtime Options

ProtocolDetector::minimum_duration 

Type:: interval
Attributes:: &redef
Default:: 30.0 secs

ProtocolDetector::minimum_volume 

Type:: double
Attributes:: &redef
Default:: 4000.0

ProtocolDetector::suppress_servers 

Type:: set [AllAnalyzers::Tag]
Attributes:: &redef
Default:: {}

ProtocolDetector::valids 

Type:: table [AllAnalyzers::Tag, addr, port] of ProtocolDetector::dir
Attributes:: &redef
Default:: {}

Constants

ProtocolDetector::check_interval 

Type:: interval
Default:: 5.0 secs

State Variables

ProtocolDetector::servers 

Type:: table [addr, port, string] of set [string]
Attributes:: &read_expire = 14.0 days
Default:: {}

Types

ProtocolDetector::dir 

Type:

enum

ProtocolDetector::NONE

ProtocolDetector::INCOMING

ProtocolDetector::OUTGOING

ProtocolDetector::BOTH

Hooks

ProtocolDetector::finalize_protocol_detection 

Type:: Conn::RemovalHook

Non-standard protocol port detection finalization hook.

Functions

ProtocolDetector::found_protocol 

Type:: function (c: connection, atype: AllAnalyzers::Tag, protocol: string) : void

policy/frameworks/dpd/detect-protocols.zeek

Summary

Runtime Options

Constants

State Variables

Types

Redefinitions

Hooks

Functions

Detailed Interface

Runtime Options

Constants

State Variables

Types

Hooks

Functions