base/protocols/ftp/info.bro

FTP

Defines data structures for tracking and logging FTP sessions.

Namespace:FTP
Imports:base/protocols/ftp/utils-commands.bro
Source File:/scripts/base/protocols/ftp/info.bro

Summary

Options

FTP::default_capture_password: bool &redef This setting changes if passwords used in FTP sessions are captured or not.

Types

FTP::ExpectedDataChannel: record The expected endpoints of an FTP data channel.
FTP::Info: record  

Detailed Interface

Options

FTP::default_capture_password
Type:bool
Attributes:&redef
Default:F

This setting changes if passwords used in FTP sessions are captured or not.

Types

FTP::ExpectedDataChannel
Type:

record

passive: bool &log

Whether PASV mode is toggled for control channel.

orig_h: addr &log

The host that will be initiating the data connection.

resp_h: addr &log

The host that will be accepting the data connection.

resp_p: port &log

The port at which the acceptor is listening for the data connection.

The expected endpoints of an FTP data channel.

FTP::Info
Type:

record

ts: time &log

Time when the command was sent.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

user: string &log &default = "<unknown>" &optional

User name for the current FTP session.

password: string &log &optional

Password for the current FTP session if captured.

command: string &log &optional

Command given by the client.

arg: string &log &optional

Argument for the command if one is given.

mime_type: string &log &optional

Libmagic “sniffed” file type if the command indicates a file transfer.

file_size: count &log &optional

Size of the file if the command indicates a file transfer.

reply_code: count &log &optional

Reply code from the server in response to the command.

reply_msg: string &log &optional

Reply message from the server in response to the command.

data_channel: FTP::ExpectedDataChannel &log &optional

Expected FTP data channel.

cwd: string &default = "." &optional

Current working directory that this session is in. By making the default value ‘.’, we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use.

cmdarg: FTP::CmdArg &optional

Command that is currently waiting for a response.

pending_commands: FTP::PendingCmds

Queue for commands that have been sent but not yet responded to are tracked here.

passive: bool &default = F &optional

Indicates if the session is in active or passive mode.

capture_password: bool &default = FTP::default_capture_password &optional

Determines if the password will be captured for this request.

fuid: string &optional &log

(present if base/protocols/ftp/files.bro is loaded)

File unique ID.

last_auth_requested: string &optional

(present if base/protocols/ftp/gridftp.bro is loaded)


Copyright 2016, The Bro Project. Last updated on October 17, 2017. Created using Sphinx 1.5.2.