Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_Ident.events.bif.bro |
ident_error: event | Generated for Ident error replies. |
ident_reply: event | Generated for Ident replies. |
ident_request: event | Generated for Ident requests. |
Type: | event (c: connection, lport: port, rport: port, line: string) |
---|
Generated for Ident error replies.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The corresponding request’s local port. |
Rport: | The corresponding request’s remote port. |
Line: | The error description returned by the reply. |
See also: ident_reply, ident_request
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
Type: | event (c: connection, lport: port, rport: port, user_id: string, system: string) |
---|
Generated for Ident replies.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The corresponding request’s local port. |
Rport: | The corresponding request’s remote port. |
User_id: | The user id returned by the reply. |
System: | The operating system returned by the reply. |
See also: ident_error, ident_request
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
Type: | event (c: connection, lport: port, rport: port) |
---|
Generated for Ident requests.
See Wikipedia for more information about the Ident protocol.
C: | The connection. |
---|---|
Lport: | The request’s local port. |
Rport: | The request’s remote port. |
See also: ident_error, ident_reply
Todo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.