pom-ng:events
Events
Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.
Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.
Here is a list of all the events :
Name | Source | Payload associated | Description |
---|---|---|---|
arp_new_sta | analyzer arp | no | New station found. |
arp_sta_changed | analyzer arp | no | Station MAC address changed. |
dns_record | analyzer dns | no | New DNS record found. |
docsis_cm_new | analyzer docsis | no | A new cable modem has been found. |
docsis_cm_reg_status | analyzer docsis | no | The registration status of a cable modem changed. |
docsis_scan_stream | input docsis_scan | no | Provide information about discovered DOCSIS streams. |
dvb_status | input dvb_atsc, input dvb_c, input dvb_s, input docsis | no | Locking status of a DVB interface. |
http_query | protocol http | no | Contains all the information about an HTTP query made by a client to a server. |
http_request | analyzer http | yes | Compound event containing informations from both http_query and http_response event. |
http_response | protocol http | no | Contains all the information about an HTTP response sent to a client by a server. |
imap_auth | analyzer imap | no | Contains authentication attempts. |
imap_cmd | protocol imap | no | Details the IMAP commands made by a client to a server. |
imap_id | analyzer imap | no | Contains information about client and server ID commands. |
imap_msg | analyzer imap | yes | Generated when a message or part of a message is found. |
imap_pload | protocol imap | yes | Issued when a partial command will contain a payload (prefix-quoted strings). |
imap_rsp | protocol imap | no | Details the IMAP response from a server to a client. |
pcap_flow_file | output pcap_flow | no | Event containing informations about files created by the output pcap_flow. |
ppp_chap_challenge_response | proto ppp_chap | no | Contains the content of PPP CHAP challenge or response packets. |
ppp_chap_md5_auth | analyzer ppp_chap | no | Contains the crypto material of PPP-MD5 authentication. |
ppp_chap_mschapv2_auth | analyzer ppp_chap | no | Contains the crypto material of PPP MSCHAPv2 authentication. |
ppp_chap_success_failure | proto ppp_chap | no | Contains the content of PPP CHAP success or failure packets. |
ppp_pap_request | proto ppp_pap | no | Contains all the information contained in a PPP-PAP request packet. |
ppp_pap_ack_nack | proto ppp_pap | no | Contains all the information contained in an PPP-PAP ACK or NACK packet. |
ppp_pap_auth | analyzer ppp_pap | no | Details of a PPP-PAP authentication attemp. |
rtp_stream | analyzer rtp | yes | Provide information about the RTP stream. |
sip_call | analyzer sip | yes | Begins when a call starts and ends when the call hangs up. |
sip_call_dial | analyzer sip | no | A SIP call is being dialed and not yet ringing. |
sip_call_ringing | analyzer sip | no | A SIP call is ringing. |
sip_call_connect | analyzer sip | no | A SIP call connected (got picked up). |
sip_call_hangup | analyzer sip | no | A SIP call was hanged up. |
sip_call_dtmf | analyzer sip | no | Occurs on DTMF signal (from SIP INFO method). |
smtp_auth | analyzer smtp | no | Contains credentials for SMTP authentication. |
smtp_cmd | protocol smtp | no | Contains SMTP commands sent by clients. |
smtp_msg | analyzer smtp | yes | Generated for each SMTP message. |
smtp_reply | protocol smtp | no | Contains SMTP replies from the server. |
tftp_file | analyzer tftp | yes | Contains all the information about files transfered through TFTP. |
pom-ng/events.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1