Bro_NTP.events.bif.bro¶

GLOBAL¶

Namespace:	GLOBAL
Source File:	`/scripts/base/bif/plugins/Bro_NTP.events.bif.bro`

Summary¶

Events¶

ntp_message: event Generated for all NTP messages.

Detailed Interface¶

Events¶

ntp_message¶

Type:	`event` (u: `connection`, msg: `ntp_msg`, excess: `string`)

Generated for all NTP messages. Different from many other of Bro’s events, this one is generated for both client-side and server-side messages.

See Wikipedia for more information about the NTP protocol.

U:	The connection record describing the corresponding UDP flow.
Msg:	The parsed NTP message.
Excess:	The raw bytes of any optional parts of the NTP packet. Bro does not further parse any optional fields.

See also: ntp_session_timeout

Todo

Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.

base/bif/plugins/Bro_NTP.events.bif.bro¶

Summary¶

Events¶

Detailed Interface¶

Events¶

Table of Contents

Next Page

Previous Page

base/bif/plugins/Bro_NTP.events.bif.bro¶

Summary¶

Events¶

Detailed Interface¶

Events¶

Table of Contents

Next Page

Previous Page

Search