User Tools

Site Tools



Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.

Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.

Here is a list of all the events :

Name Source Payload associated Description
arp_new_staanalyzer arpnoNew station found.
arp_sta_changedanalyzer arpnoStation MAC address changed.
dns_recordanalyzer dnsnoNew DNS record found.
docsis_cm_newanalyzer docsisnoA new cable modem has been found.
docsis_cm_reg_statusanalyzer docsisnoThe registration status of a cable modem changed.
docsis_scan_streaminput docsis_scannoProvide information about discovered DOCSIS streams.
dvb_statusinput dvb_atsc, input dvb_c, input dvb_s, input docsisnoLocking status of a DVB interface.
http_queryprotocol httpnoContains all the information about an HTTP query made by a client to a server.
http_requestanalyzer httpyesCompound event containing informations from both http_query and http_response event.
http_responseprotocol httpnoContains all the information about an HTTP response sent to a client by a server.
imap_authanalyzer imapnoContains authentication attempts.
imap_cmdprotocol imapnoDetails the IMAP commands made by a client to a server.
imap_idanalyzer imapnoContains information about client and server ID commands.
imap_msganalyzer imapyesGenerated when a message or part of a message is found.
imap_ploadprotocol imapyesIssued when a partial command will contain a payload (prefix-quoted strings).
imap_rspprotocol imapnoDetails the IMAP response from a server to a client.
pcap_flow_fileoutput pcap_flownoEvent containing informations about files created by the output pcap_flow.
ppp_chap_challenge_responseproto ppp_chapnoContains the content of PPP CHAP challenge or response packets.
ppp_chap_md5_authanalyzer ppp_chapnoContains the crypto material of PPP-MD5 authentication.
ppp_chap_mschapv2_authanalyzer ppp_chapnoContains the crypto material of PPP MSCHAPv2 authentication.
ppp_chap_success_failureproto ppp_chapnoContains the content of PPP CHAP success or failure packets.
ppp_pap_requestproto ppp_papnoContains all the information contained in a PPP-PAP request packet.
ppp_pap_ack_nackproto ppp_papnoContains all the information contained in an PPP-PAP ACK or NACK packet.
ppp_pap_authanalyzer ppp_papnoDetails of a PPP-PAP authentication attemp.
rtp_streamanalyzer rtpyesProvide information about the RTP stream.
sip_callanalyzer sipyesBegins when a call starts and ends when the call hangs up.
sip_call_dialanalyzer sipnoA SIP call is being dialed and not yet ringing.
sip_call_ringinganalyzer sipnoA SIP call is ringing.
sip_call_connectanalyzer sipnoA SIP call connected (got picked up).
sip_call_hangupanalyzer sipnoA SIP call was hanged up.
sip_call_dtmfanalyzer sipnoOccurs on DTMF signal (from SIP INFO method).
smtp_authanalyzer smtpnoContains credentials for SMTP authentication.
smtp_cmdprotocol smtpnoContains SMTP commands sent by clients.
smtp_msganalyzer smtpyesGenerated for each SMTP message.
smtp_replyprotocol smtpnoContains SMTP replies from the server.
tftp_fileanalyzer tftpyesContains all the information about files transfered through TFTP.
pom-ng/events.txt · Last modified: 2017/10/06 21:34 by gmsoft