GLOBAL
¶Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_ICMP.events.bif.bro |
icmp_echo_reply : event |
Generated for ICMP echo reply messages. |
icmp_echo_request : event |
Generated for ICMP echo request messages. |
icmp_error_message : event |
Generated for all ICMPv6 error messages that are not handled separately with dedicated events. |
icmp_neighbor_advertisement : event |
Generated for ICMP neighbor advertisement messages. |
icmp_neighbor_solicitation : event |
Generated for ICMP neighbor solicitation messages. |
icmp_packet_too_big : event |
Generated for ICMPv6 packet too big messages. |
icmp_parameter_problem : event |
Generated for ICMPv6 parameter problem messages. |
icmp_redirect : event |
Generated for ICMP redirect messages. |
icmp_router_advertisement : event |
Generated for ICMP router advertisement messages. |
icmp_router_solicitation : event |
Generated for ICMP router solicitation messages. |
icmp_sent : event |
Generated for all ICMP messages that are not handled separately with dedicated ICMP events. |
icmp_sent_payload : event |
The same as icmp_sent except containing the ICMP payload. |
icmp_time_exceeded : event |
Generated for ICMP time exceeded messages. |
icmp_unreachable : event |
Generated for ICMP destination unreachable messages. |
icmp_echo_reply
¶Type: | event (c: connection , icmp: icmp_conn , id: count , seq: count , payload: string ) |
---|
Generated for ICMP echo reply messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Id: | The echo reply identifier. |
Seq: | The echo reply sequence number. |
Payload: | The message-specific data of the packet payload, i.e., everything after the first 8 bytes of the ICMP header. |
See also: icmp_echo_request
icmp_echo_request
¶Type: | event (c: connection , icmp: icmp_conn , id: count , seq: count , payload: string ) |
---|
Generated for ICMP echo request messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Id: | The echo request identifier. |
Seq: | The echo request sequence number. |
Payload: | The message-specific data of the packet payload, i.e., everything after the first 8 bytes of the ICMP header. |
See also: icmp_echo_reply
icmp_error_message
¶Type: | event (c: connection , icmp: icmp_conn , code: count , context: icmp_context ) |
---|
Generated for all ICMPv6 error messages that are not handled separately with dedicated events. Bro’s ICMP analyzer handles a number of ICMP error messages directly with dedicated events. This event acts as a fallback for those it doesn’t.
See Wikipedia for more information about the ICMPv6 protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Code: | The ICMP code of the error message. |
Context: | A record with specifics of the original packet that the message refers to. |
See also: icmp_unreachable
, icmp_packet_too_big
, icmp_time_exceeded
, icmp_parameter_problem
icmp_neighbor_advertisement
¶Type: | event (c: connection , icmp: icmp_conn , router: bool , solicited: bool , override: bool , tgt: addr , options: icmp6_nd_options ) |
---|
Generated for ICMP neighbor advertisement messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Router: | Flag indicating the sender is a router. |
Solicited: | Flag indicating advertisement is in response to a solicitation. |
Override: | Flag indicating advertisement should override existing caches. |
Tgt: | the Target Address in the soliciting message or the address whose link-layer address has changed for unsolicited adverts. |
Options: | Any Neighbor Discovery options included with message (RFC 4861). |
See also: icmp_router_solicitation
, icmp_router_advertisement
, icmp_neighbor_solicitation
, icmp_redirect
icmp_neighbor_solicitation
¶Type: | event (c: connection , icmp: icmp_conn , tgt: addr , options: icmp6_nd_options ) |
---|
Generated for ICMP neighbor solicitation messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Tgt: | The IP address of the target of the solicitation. |
Options: | Any Neighbor Discovery options included with message (RFC 4861). |
See also: icmp_router_solicitation
, icmp_router_advertisement
, icmp_neighbor_advertisement
, icmp_redirect
icmp_packet_too_big
¶Type: | event (c: connection , icmp: icmp_conn , code: count , context: icmp_context ) |
---|
Generated for ICMPv6 packet too big messages.
See Wikipedia for more information about the ICMPv6 protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Code: | The ICMP code of the too big message. |
Context: | A record with specifics of the original packet that the message refers to. Too big messages should include the original IP header from the packet that triggered them, and Bro parses that into the context structure. Note that if the too big includes only a partial IP header for some reason, no fields of context will be filled out. |
See also: icmp_error_message
, icmp_unreachable
, icmp_time_exceeded
, icmp_parameter_problem
icmp_parameter_problem
¶Type: | event (c: connection , icmp: icmp_conn , code: count , context: icmp_context ) |
---|
Generated for ICMPv6 parameter problem messages.
See Wikipedia for more information about the ICMPv6 protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Code: | The ICMP code of the parameter problem message. |
Context: | A record with specifics of the original packet that the message refers to. Parameter problem messages should include the original IP header from the packet that triggered them, and Bro parses that into the context structure. Note that if the parameter problem includes only a partial IP header for some reason, no fields of context will be filled out. |
See also: icmp_error_message
, icmp_unreachable
, icmp_packet_too_big
, icmp_time_exceeded
icmp_redirect
¶Type: | event (c: connection , icmp: icmp_conn , tgt: addr , dest: addr , options: icmp6_nd_options ) |
---|
Generated for ICMP redirect messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Tgt: | The address that is supposed to be a better first hop to use for ICMP Destination Address. |
Dest: | The address of the destination which is redirected to the target. |
Options: | Any Neighbor Discovery options included with message (RFC 4861). |
See also: icmp_router_solicitation
, icmp_router_advertisement
, icmp_neighbor_solicitation
, icmp_neighbor_advertisement
icmp_router_advertisement
¶Type: | event (c: connection , icmp: icmp_conn , cur_hop_limit: count , managed: bool , other: bool , home_agent: bool , pref: count , proxy: bool , rsv: count , router_lifetime: interval , reachable_time: interval , retrans_timer: interval , options: icmp6_nd_options ) |
---|
Generated for ICMP router advertisement messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Cur_hop_limit: | The default value that should be placed in Hop Count field for outgoing IP packets. |
Managed: | Managed address configuration flag, RFC 4861. |
Other: | Other stateful configuration flag, RFC 4861. |
Home_agent: | Mobile IPv6 home agent flag, RFC 3775. |
Pref: | Router selection preferences, RFC 4191. |
Proxy: | Neighbor discovery proxy flag, RFC 4389. |
Rsv: | Remaining two reserved bits of router advertisement flags. |
Router_lifetime: | |
How long this router should be used as a default router. | |
Reachable_time: | How long a neighbor should be considered reachable. |
Retrans_timer: | How long a host should wait before retransmitting. |
Options: | Any Neighbor Discovery options included with message (RFC 4861). |
See also: icmp_router_solicitation
, icmp_neighbor_solicitation
, icmp_neighbor_advertisement
, icmp_redirect
icmp_router_solicitation
¶Type: | event (c: connection , icmp: icmp_conn , options: icmp6_nd_options ) |
---|
Generated for ICMP router solicitation messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Options: | Any Neighbor Discovery options included with message (RFC 4861). |
See also: icmp_router_advertisement
, icmp_neighbor_solicitation
, icmp_neighbor_advertisement
, icmp_redirect
icmp_sent
¶Type: | event (c: connection , icmp: icmp_conn ) |
---|
Generated for all ICMP messages that are not handled separately with dedicated ICMP events. Bro’s ICMP analyzer handles a number of ICMP messages directly with dedicated events. This event acts as a fallback for those it doesn’t.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
See also: icmp_error_message
, icmp_sent_payload
icmp_sent_payload
¶Type: | event (c: connection , icmp: icmp_conn , payload: string ) |
---|
The same as icmp_sent
except containing the ICMP payload.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Payload: | The payload of the ICMP message. |
See also: icmp_error_message
, icmp_sent_payload
icmp_time_exceeded
¶Type: | event (c: connection , icmp: icmp_conn , code: count , context: icmp_context ) |
---|
Generated for ICMP time exceeded messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Code: | The ICMP code of the exceeded message. |
Context: | A record with specifics of the original packet that the message refers to. Unreachable messages should include the original IP header from the packet that triggered them, and Bro parses that into the context structure. Note that if the exceeded includes only a partial IP header for some reason, no fields of context will be filled out. |
See also: icmp_error_message
, icmp_unreachable
, icmp_packet_too_big
, icmp_parameter_problem
icmp_unreachable
¶Type: | event (c: connection , icmp: icmp_conn , code: count , context: icmp_context ) |
---|
Generated for ICMP destination unreachable messages.
See Wikipedia for more information about the ICMP protocol.
C: | The connection record for the corresponding ICMP flow. |
---|---|
Icmp: | Additional ICMP-specific information augmenting the standard connection record c. |
Code: | The ICMP code of the unreachable message. |
Context: | A record with specifics of the original packet that the message refers to. Unreachable messages should include the original IP header from the packet that triggered them, and Bro parses that into the context structure. Note that if the unreachable includes only a partial IP header for some reason, no fields of context will be filled out. |
See also: icmp_error_message
, icmp_packet_too_big
, icmp_time_exceeded
, icmp_parameter_problem