User Tools

Site Tools


This is an old revision of the document!


Events are the link between parsing protocols and doing something useful with the result. The events will describe what happened on a protocol level with as much details as possible.

Some events have one or more payload associated to them. For example, an HTTP request has a payload associated to it when the server returns the content of a web page. It might also have another payload associated if the client sends some information via a POST request.

Here is a list of all the events :

Name Source Payload associated Description
arp_new_staanalyzer arpnoNew station found.
arp_sta_changedanalyzer arpnoStation MAC address changed.
dns_recordanalyzer dnsnoNew DNS record found.
docsis_cm_newanalyzer docsisnoA new cable modem has been found.
docsis_cm_reg_statusanalyzer docsisnoThe registration status of a cable modem changed.
docsis_scan_streaminput docsis_scannoProvide information about discovered DOCSIS streams.
dvb_statusinput dvb_atsc, input dvb_c, input dvb_s, input docsisnoLocking status of a DVB interface.
http_queryprotocol httpnoContains all the information about an HTTP query made by a client to a server.
http_requestanalyzer httpyesCompound event containing informations from both http_query and http_response event.
http_responseprotocol httpnoContains all the information about an HTTP response sent to a client by a server.
imap_authanalyzer imapnoContains authentication attempts.
imap_cmdprotocol imapnoDetails the IMAP commands made by a client to a server.
imap_idanalyzer imapnoContains information about client and server ID commands.
imap_msganalyzer imapyesGenerated when a message or part of a message is found.
imap_ploadprotocol imapyesIssued when a partial command will contain a payload (prefix-quoted strings).
imap_rspprotocol imapnoDetails the IMAP response from a server to a client.
pcap_flow_fileoutput pcap_flownoEvent containing informations about files created by the output pcap_flow.
ppp_chap_challenge_responseproto ppp_chapnoContains the content of PPP CHAP challenge or response packets.
ppp_chap_md5_authanalyzer ppp_chapnoContains the crypto material of PPP-MD5 authentication.
ppp_chap_mschapv2_authanalyzer ppp_chapnoContains the crypto material of PPP MSCHAPv2 authentication.
ppp_chap_success_failureproto ppp_chapnoContains the content of PPP CHAP success or failure packets.
ppp_pap_requestproto ppp_papnoContains all the information contained in a PPP-PAP request packet.
ppp_pap_ack_nackproto ppp_papnoContains all the information contained in an PPP-PAP ACK or NACK packet.
ppp_pap_authanalyzer ppp_papnoDetails of a PPP-PAP authentication attemp.
rtp_streamanalyzer rtpyesProvide information about the RTP stream.
sip_callanalyzer sipyesBegins when a call starts and ends when the call hangs up.
sip_call_dialanalyzer sipnoA SIP call is being dialed and not yet ringing.
sip_call_ringinganalyzer sipnoA SIP call is ringing.
sip_call_connectanalyzer sipnoA SIP call connected (got picked up).
sip_call_hangupanalyzer sipnoA SIP call was hanged up.
sip_call_dtmfanalyzer sipnoOccurs on DTMF signal (from SIP INFO method).
smtp_authanalyzer smtpnoContains credentials for SMTP authentication.
smtp_cmdprotocol smtpnoContains SMTP commands sent by clients.
smtp_msganalyzer smtpyesGenerated for each SMTP message.
smtp_replyprotocol smtpnoContains SMTP replies from the server.
tftp_fileanalyzer tftpyesContains all the information about files transfered through TFTP.
pom-ng/events.1507318482.txt.gz · Last modified: 2020/05/26 21:59 (external edit)