base/bif/plugins/Bro_NTP.events.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_NTP.events.bif.bro

Summary

Events

ntp_message: event Generated for all NTP messages.

Detailed Interface

Events

ntp_message
Type:event (u: connection, msg: ntp_msg, excess: string)

Generated for all NTP messages. Different from many other of Bro’s events, this one is generated for both client-side and server-side messages.

See Wikipedia for more information about the NTP protocol.

U:The connection record describing the corresponding UDP flow.
Msg:The parsed NTP message.
Excess:The raw bytes of any optional parts of the NTP packet. Bro does not further parse any optional fields.

See also: ntp_session_timeout

Todo

Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.


Table of Contents

Next Page

base/bif/plugins/Bro_POP3.events.bif.bro

Previous Page

base/bif/plugins/Bro_NTLM.events.bif.bro

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.