GLOBAL
Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_Ident.events.bif.bro |
ident_error : event |
Generated for Ident error replies. |
ident_reply : event |
Generated for Ident replies. |
ident_request : event |
Generated for Ident requests. |
ident_error
Type: | event (c: connection , lport: port , rport: port , line: string ) |
---|
Generated for Ident error replies.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The corresponding request’s local port. |
Rport: | The corresponding request’s remote port. |
Line: | The error description returned by the reply. |
See also: ident_reply
, ident_request
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
ident_reply
Type: | event (c: connection , lport: port , rport: port , user_id: string , system: string ) |
---|
Generated for Ident replies.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The corresponding request’s local port. |
Rport: | The corresponding request’s remote port. |
User_id: | The user id returned by the reply. |
System: | The operating system returned by the reply. |
See also: ident_error
, ident_request
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
ident_request
Type: | event (c: connection , lport: port , rport: port ) |
---|
Generated for Ident requests.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The request’s local port. |
Rport: | The request’s remote port. |
See also: ident_error
, ident_reply
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.