User Tools

Site Tools


pom-ng:events

This is an old revision of the document!


Events

Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.

Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.

Here is a list of all the events :

Name Source Payload associated Description
arp_new_staanalyzer arpnoNew station found.
arp_sta_changedanalyzer arpnoStation MAC address changed.
dns_recordanalyzer dnsnoNew DNS record found.
docsis_cm_newanalyzer docsisnoA new cable modem has been found.
docsis_cm_reg_statusanalyzer docsisnoThe registration status of a cable modem changed.
http_queryprotocol httpnoContains all the information about an HTTP query made by a client to a server.
http_requestanalyzer httpyesCompound event containing informations from both http_query and http_response event.
http_responseprotocol httpnoContains all the information about an HTTP response sent to a client by a server.
pcap_flow_filepcap_flowoutput pcap_flownoEvent containing informations about files created by the output pcap_flow.
ppp_chap_challenge_responseproto ppp_chapnoContains the content of PPP CHAP challenge or response packets.
ppp_chap_md5_authanalyzer ppp_chapnoContains the crypto material of PPP-MD5 authentication.
ppp_chap_mschapv2_authanalyzer ppp_chapnoContains the crypto material of PPP MSCHAPv2 authentication.
ppp_chap_success_failureproto ppp_chapnoContains the content of PPP CHAP success or failure packets.
ppp_pap_requestproto ppp_papnoContains all the information contained in a PPP-PAP request packet.
ppp_pap_ack_nackproto ppp_papnoContains all the information contained in an PPP-PAP ACK or NACK packet.
ppp_pap_authanalyzer ppp_papnoDetails of a PPP-PAP authentication attemp.
smtp_authanalyzer smtpnoContains credentials for SMTP authentication.
smtp_cmdprotocol smtpnoContains SMTP commands sent by clients.
smtp_msganalyzer smtpyesGenerated for each SMTP message.
smtp_replyprotocol smtpnoContains SMTP replies from the server.
tftp_fileanalyzer tftpyesContains all the information about files transfered through TFTP.
pom-ng/events.1401115611.txt.gz · Last modified: 2020/05/26 21:59 (external edit)