base/protocols/socks/main.bro

SOCKS
Namespace:SOCKS
Imports:base/frameworks/tunnels, base/protocols/socks/consts.bro
Source File:/scripts/base/protocols/socks/main.bro

Summary

Types

SOCKS::Info: record The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks: event Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Detailed Interface

Types

SOCKS::Info
Type:

record

ts: time &log

Time when the proxy connection was first detected.

uid: string &log

Unique ID for the tunnel - may correspond to connection uid or be non-existent.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

version: count &log

Protocol version of SOCKS.

user: string &log &optional

Username used to request a login to the proxy.

password: string &log &optional

Password used to request a login to the proxy.

status: string &log &optional

Server status for the attempt at using the proxy.

request: SOCKS::Address &log &optional

Client requested SOCKS address. Could be an address, a name or both.

request_p: port &log &optional

Client requested port.

bound: SOCKS::Address &log &optional

Server bound address. Could be an address, a name or both.

bound_p: port &log &optional

Server bound port.

The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks
Type:event (rec: SOCKS::Info)

Event that can be handled to access the SOCKS record as it is sent on to the logging framework.


Copyright 2016, The Bro Project. Last updated on October 17, 2017. Created using Sphinx 1.5.2.