pom-ng:events
This is an old revision of the document!
Events
Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.
Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.
Here is a list of all the events :
Name | Source | Payload associated | Description | |
---|---|---|---|---|
arp_new_sta | analyzer arp | no | New station found. | |
arp_sta_changed | analyzer arp | no | Station MAC address changed. | |
dns_record | analyzer dns | no | New DNS record found. | |
docsis_cm_new | analyzer docsis | no | A new cable modem has been found. | |
docsis_cm_reg_status | analyzer docsis | no | The registration status of a cable modem changed. | |
http_query | protocol http | no | Contains all the information about an HTTP query made by a client to a server. | |
http_request | analyzer http | yes | Compound event containing informations from both http_query and http_response event. | |
http_response | protocol http | no | Contains all the information about an HTTP response sent to a client by a server. | |
pcap_flow_file | output pcap_flow|no|Event containing informations about files created by the output pcap_flow.| |[[pom-ng:proto:ppp_chap#ppp_chap_challenge_response | proto ppp_chap | no | Contains the content of PPP CHAP challenge or response packets. |
ppp_chap_md5_auth | analyzer ppp_chap | no | Contains the crypto material of PPP-MD5 authentication. | |
ppp_chap_mschapv2_auth | analyzer ppp_chap | no | Contains the crypto material of PPP MSCHAPv2 authentication. | |
ppp_chap_success_failure | proto ppp_chap | no | Contains the content of PPP CHAP success or failure packets. | |
ppp_pap_request | proto ppp_pap | no | Contains all the information contained in a PPP-PAP request packet. | |
ppp_pap_ack_nack | proto ppp_pap | no | Contains all the information contained in an PPP-PAP ACK or NACK packet. | |
ppp_pap_auth | analyzer ppp_pap | no | Details of a PPP-PAP authentication attemp. | |
smtp_auth | analyzer smtp | no | Contains credentials for SMTP authentication. | |
smtp_cmd | protocol smtp | no | Contains SMTP commands sent by clients. | |
smtp_msg | analyzer smtp | yes | Generated for each SMTP message. | |
smtp_reply | protocol smtp | no | Contains SMTP replies from the server. | |
tftp_file | analyzer tftp | yes | Contains all the information about files transfered through TFTP. |
pom-ng/events.1401115588.txt.gz · Last modified: 2020/05/26 21:59 (external edit)