pom-ng:events
This is an old revision of the document!
Events
Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.
Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.
Here is a list of all the events :
| Name | Source | Payload associated | Description |
|---|---|---|---|
| arp_new_sta | analyzer arp | no | New station found. |
| arp_sta_changed | analyzer arp | no | Station MAC address changed. |
| dns_record | analyzer dns | no | New DNS record found. |
| docsis_cm_new | analyzer docsis | no | A new cable modem has been found. |
| docsis_cm_reg_status | analyzer docsis | no | The registration status of a cable modem changed. |
| docsis_scan_stream | input docsis_scan | no | Provide information about discovered DOCSIS streams. |
| dvb_status | input dvb_atsc, input dvb_c, input dvb_s, input docsis | no | Locking status of a DVB interface. |
| http_query | protocol http | no | Contains all the information about an HTTP query made by a client to a server. |
| http_request | analyzer http | yes | Compound event containing informations from both http_query and http_response event. |
| http_response | protocol http | no | Contains all the information about an HTTP response sent to a client by a server. |
| imap_auth | analyzer imap | no | Contains authentication attempts. |
| imap_cmd | protocol imap | no | Details the IMAP commands made by a client to a server. |
| imap_id | analyzer imap | no | Contains information about client and server ID commands. |
| imap_msg | analyzer imap | yes | Generated when a message or part of a message is found. |
| imap_pload | protocol imap | yes | Issued when a partial command will contain a payload (prefix-quoted strings). |
| imap_rsp | protocol imap | no | Details the IMAP response from a server to a client. |
| pcap_flow_file | output pcap_flow | no | Event containing informations about files created by the output pcap_flow. |
| ppp_chap_challenge_response | proto ppp_chap | no | Contains the content of PPP CHAP challenge or response packets. |
| ppp_chap_md5_auth | analyzer ppp_chap | no | Contains the crypto material of PPP-MD5 authentication. |
| ppp_chap_mschapv2_auth | analyzer ppp_chap | no | Contains the crypto material of PPP MSCHAPv2 authentication. |
| ppp_chap_success_failure | proto ppp_chap | no | Contains the content of PPP CHAP success or failure packets. |
| ppp_pap_request | proto ppp_pap | no | Contains all the information contained in a PPP-PAP request packet. |
| ppp_pap_ack_nack | proto ppp_pap | no | Contains all the information contained in an PPP-PAP ACK or NACK packet. |
| ppp_pap_auth | analyzer ppp_pap | no | Details of a PPP-PAP authentication attemp. |
| rtp_stream | analyzer rtp | yes | Provide information about the RTP stream. |
| sip_call | analyzer sip | yes | Begins when a call starts and ends when the call hangs up. |
| sip_call_dial | analyzer sip | no | A SIP call is being dialed and not yet ringing. |
| sip_call_ringing | analyzer sip | no | A SIP call is ringing. |
| sip_call_connect | analyzer sip | no | A SIP call connected (got picked up). |
| sip_call_hangup | analyzer sip | no | A SIP call was hanged up. |
| sip_call_dtmf | analyzer sip | no | Occurs on DTMF signal (from SIP INFO method). |
| smtp_auth | analyzer smtp | no | Contains credentials for SMTP authentication. |
| smtp_cmd | protocol smtp | no | Contains SMTP commands sent by clients. |
| smtp_msg | analyzer smtp | yes | Generated for each SMTP message. |
| smtp_reply | protocol smtp | no | Contains SMTP replies from the server. |
| tftp_file | analyzer tftp | yes | Contains all the information about files transfered through TFTP. |
pom-ng/events.1507318482.txt.gz · Last modified: 2020/05/26 21:59 (external edit)