pom-ng:analyzer:smtp
Table of Contents
Analyzer smtp
This analyzer listens for smtp_cmd and smtp_reply events as well as smtp packets and generates smtp_msg and smtp_auth events.
It also generates rfc822 messages.
Events
Name | Payload associated | Description |
---|---|---|
smtp_msg | yes | Provide all the information from a message sent over SMTP. |
smtp_auth | no | Parse SMTP authentication attempts. |
smtp_msg
Field | Type | Description |
---|---|---|
client_addr | ipv4 or ipv6 | IPv4 or IPv6 address of the client. |
server_addr | ipv4 or ipv6 | IPv4 or IPv6 address of the server. |
server_port | uint16 | Port on the server side. |
server_host | string | Hostname of the server from a DNS lookup. |
client_hello | string | Argument passed to the HELO or EHLO command. |
server_hello | string | Text following the 220 reply from the server upon connection. |
from | string | Sender of the email according the “MAIL FROM” command. |
to | string list | Recipients according the “RCPT TO” command. |
result | uint16 | Result code following the end of the DATA command. |
smtp_auth
This event contains data gathered while the client tried to authenticate. Currently, only LOGIN and PLAIN authentications are supported.
Field | Type | Description |
---|---|---|
client_addr | ipv4 or ipv6 | IPv4 or IPv6 address of the client. |
server_addr | ipv4 or ipv6 | IPv4 or IPv6 address of the server. |
server_port | uint16 | Port on the server side. |
server_host | string | Hostname of the server from a DNS lookup. |
client_hello | string | Argument passed to the HELO or EHLO command. |
server_hello | string | Text following the 220 reply from the server upon connection. |
type | string | Type of authentication. |
params | string list | Authentication parameters. It will contain the parameter “username” and “password” for PLAIN and LOGIN authentication or will contain “challenge” and “response” for CRAM-MD5. |
success | bool | True if the authentication attempt succeeded. |
pom-ng/analyzer/smtp.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1