policy/frameworks/dpd/detect-protocols.zeek
- ProtocolDetector
Finds connections with protocols on non-standard ports with DPD.
- Namespace
ProtocolDetector
- Imports
base/frameworks/notice, base/protocols/conn/removal-hooks.zeek, base/utils/conn-ids.zeek, base/utils/site.zeek
Summary
Runtime Options
Constants
State Variables
|
Types
Redefinitions
Hooks
|
Non-standard protocol port detection finalization hook. |
Functions
Detailed Interface
Runtime Options
- ProtocolDetector::suppress_servers
- Type
- Attributes
- Default
{}
- ProtocolDetector::valids
- Type
table
[AllAnalyzers::Tag
,addr
,port
] ofProtocolDetector::dir
- Attributes
- Default
{}
Constants
- ProtocolDetector::check_interval
- Type
- Default
5.0 secs
State Variables
Types
Hooks
- ProtocolDetector::finalize_protocol_detection
- Type
Non-standard protocol port detection finalization hook.
Functions
- ProtocolDetector::found_protocol
- Type
function
(c:connection
, atype:AllAnalyzers::Tag
, protocol:string
) :void