policy/frameworks/dpd/detect-protocols.bro

ProtocolDetector

Finds connections with protocols on non-standard ports with DPD.

Namespace:ProtocolDetector
Imports:base/frameworks/notice, base/utils/conn-ids.bro, base/utils/site.bro
Source File:/scripts/policy/frameworks/dpd/detect-protocols.bro

Detailed Interface

Options

ProtocolDetector::minimum_duration
Type:interval
Attributes:&redef
Default:30.0 secs
ProtocolDetector::minimum_volume
Type:double
Attributes:&redef
Default:4000.0
ProtocolDetector::suppress_servers
Type:set [Analyzer::Tag]
Attributes:&redef
Default:{}
ProtocolDetector::valids
Type:table [Analyzer::Tag, addr, port] of ProtocolDetector::dir
Attributes:&redef
Default:{}

Constants

ProtocolDetector::check_interval
Type:interval
Default:5.0 secs

State Variables

ProtocolDetector::servers
Type:table [addr, port, string] of set [string]
Attributes:&read_expire = 14.0 days
Default:{}

Types

ProtocolDetector::dir
Type:

enum

ProtocolDetector::NONE
ProtocolDetector::INCOMING
ProtocolDetector::OUTGOING
ProtocolDetector::BOTH

Functions

ProtocolDetector::found_protocol
Type:function (c: connection, atype: Analyzer::Tag, protocol: string) : void
Copyright 2016, The Bro Project. Last updated on October 17, 2017. Created using Sphinx 1.5.2.