User Tools

Site Tools


pom-ng:events

This is an old revision of the document!


A PCRE internal error occured. This might be caused by a faulty plugin

====== Events ====== Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible. Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request. Here is a list of all the events : ^ Name ^ Source ^ Payload associated ^ Description ^ |[[pom-ng:analyzer:arp#arp_new_sta]]|[[pom-ng:analyzer:arp|analyzer arp]]|no|New station found.| |[[pom-ng:analyzer:arp#arp_sta_changed]]|[[pom-ng:analyzer:arp|analyzer arp]]|no|Station MAC address changed.| |[[pom-ng:analyzer:dns#dns_record]]|[[pom-ng:analyzer:dns|analyzer dns]]|no|New DNS record found.| |[[pom-ng:analyzer:docsis#docsis_cm_new]]|[[pom-ng:analyzer:docsis|analyzer docsis]]|no|A new cable modem has been found.| |[[pom-ng:analyzer:docsis#docsis_cm_reg_status]]|[[pom-ng:analyzer:docsis|analyzer docsis]]|no|The registration status of a cable modem changed.| |[[pom-ng:proto:http#http_query]]|[[pom-ng:proto:http|protocol http]]|no|Contains all the information about an HTTP query made by a client to a server.| |[[pom-ng:analyzer:http#http_request]]|[[pom-ng:analyzer:http|analyzer http]]|yes|Compound event containing informations from both [[pom-ng:proto:http#http_query]] and [[pom-ng:proto:http#http_response|http_response]] event.| |[[pom-ng:proto:http#http_response]]|[[pom-ng:proto:http|protocol http]]|no|Contains all the information about an HTTP response sent to a client by a server.| |[[pom-ng:output:pcap_flow#pcap_flow_file]]|[[pom-ng:output:pcap_flow|output pcap_flow]]|no|Event containing informations about files created by the output pcap_flow.| |[[pom-ng:proto:ppp_chap#ppp_chap_challenge_response]]|[[pom-ng:proto:ppp_chap|proto ppp_chap]]|no|Contains the content of PPP CHAP challenge or response packets.| |[[pom-ng:analyzer:ppp_chap#ppp_chap_md5_auth]]|[[pom-ng:analyzer:ppp_chap|analyzer ppp_chap]]|no|Contains the crypto material of PPP-MD5 authentication.| |[[pom-ng:analyzer:ppp_chap#ppp_chap_mschapv2_auth]]|[[pom-ng:analyzer:ppp_chap|analyzer ppp_chap]]|no|Contains the crypto material of PPP MSCHAPv2 authentication.| |[[pom-ng:proto:ppp_chap#ppp_chap_success_failure]]|[[pom-ng:proto:ppp_chap|proto ppp_chap]]|no|Contains the content of PPP CHAP success or failure packets.| |[[pom-ng:proto:ppp_pap#ppp_pap_request]]|[[pom-ng:proto:ppp_pap|proto ppp_pap]]|no|Contains all the information contained in a PPP-PAP request packet.| |[[pom-ng:proto:ppp_pap#ppp_pap_ack_nack]]|[[pom-ng:proto:ppp_pap|proto ppp_pap]]|no|Contains all the information contained in an PPP-PAP ACK or NACK packet.| |[[pom-ng:analyzer:ppp_pap#ppp_pap_auth]]|[[pom-ng:analyzer:ppp_pap|analyzer ppp_pap]]|no|Details of a PPP-PAP authentication attemp.| |[[pom-ng:analyzer:smtp#smtp_auth]]|[[pom-ng:analyzer:smtp|analyzer smtp]]|no|Contains credentials for SMTP authentication.| |[[pom-ng:proto:smtp#smtp_cmd]]|[[pom-ng:proto:smtp|protocol smtp]]|no|Contains SMTP commands sent by clients.| |[[pom-ng:analyzer:smtp#smtp_msg]]|[[pom-ng:analyzer:smtp|analyzer smtp]]|yes|Generated for each SMTP message.| |[[pom-ng:proto:smtp#smtp_reply]]|[[pom-ng:proto:smtp|protocol smtp]]|no|Contains SMTP replies from the server.| |[[pom-ng:analyzer:tftp#tftp_file]]|[[pom-ng:analyzer:tftp|analyzer tftp]]|yes|Contains all the information about files transfered through TFTP.|

pom-ng/events.1401115635.txt.gz · Last modified: 2014/05/26 14:47 by gmsoft