Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_SSH.events.bif.bro |
ssh_client_version: event | Generated when seeing an SSH client’s version identification. |
ssh_server_version: event | Generated when seeing an SSH server’s version identification. |
Type: | event (c: connection, version: string) |
---|
Generated when seeing an SSH client’s version identification. The SSH protocol starts with a clear-text handshake message that reports client and server protocol/software versions. This event provides access to what the client sent.
See Wikipedia for more information about the SSH protocol.
C: | The connection. |
---|---|
Version: | The version string the client sent (e.g., SSH-2.0-libssh-0.11). |
See also: ssh_server_version
Note
As everything after the initial version handshake proceeds encrypted, Bro cannot further analyze SSH sessions.
Type: | event (c: connection, version: string) |
---|
Generated when seeing an SSH server’s version identification. The SSH protocol starts with a clear-text handshake message that reports client and server protocol/software versions. This event provides access to what the server sent.
See Wikipedia for more information about the SSH protocol.
C: | The connection. |
---|---|
Version: | The version string the server sent (e.g., SSH-1.99-OpenSSH_3.9p1). |
See also: ssh_client_version
Note
As everything coming after the initial version handshake proceeds encrypted, Bro cannot further analyze SSH sessions.