Skip to content

Latest commit

 

History

History
554 lines (338 loc) · 22.6 KB

Zeek_TCP.events.bif.zeek.rst

File metadata and controls

554 lines (338 loc) · 22.6 KB
Raw
tocdepth

3

base/bif/plugins/Zeek_TCP.events.bif.zeek

Namespace

GLOBAL

Summary

Events

:zeekconnection_EOF: :zeekevent Generated at the end of reassembled TCP connections.
:zeekconnection_SYN_packet: :zeekevent Generated for a SYN packet.
:zeekconnection_attempt: :zeekevent Generated for an unsuccessful connection attempt.

:zeekconnection_established: :zeekevent

Generated when seeing a SYN-ACK packet from the responder in a TCP handshake.
:zeekconnection_finished: :zeekevent Generated for a TCP connection that finished normally.

:zeekconnection_first_ACK: :zeekevent

Generated for the first ACK packet seen for a TCP connection from its originator.

:zeekconnection_half_finished: :zeekevent

Generated when one endpoint of a TCP connection attempted to gracefully close the connection, but the other endpoint is in the TCP_INACTIVE state.

:zeekconnection_partial_close: :zeekevent

Generated when a previously inactive endpoint attempts to close a TCP connection via a normal FIN handshake or an abort RST sequence.
:zeekconnection_pending: :zeekevent Generated for each still-open TCP connection when Zeek terminates.
:zeekconnection_rejected: :zeekevent Generated for a rejected TCP connection.
:zeekconnection_reset: :zeekevent Generated when an endpoint aborted a TCP connection.
:zeekcontents_file_write_failure: :zeekevent Generated when failing to write contents of a TCP stream to a file.
:zeeknew_connection_contents: :zeekevent Generated when reassembly starts for a TCP connection.

:zeekpartial_connection: :zeekevent

Generated for a new active TCP connection if Zeek did not see the initial handshake.
:zeektcp_contents: :zeekevent Generated for each chunk of reassembled TCP payload.

:zeektcp_multiple_checksum_errors: :zeekevent

Generated if a TCP flow crosses a checksum-error threshold, per 'C'/'c' history reporting.

:zeektcp_multiple_gap: :zeekevent

Generated if a TCP flow crosses a gap threshold, per 'G'/'g' history reporting.

:zeektcp_multiple_retransmissions: :zeekevent

Generated if a TCP flow crosses a retransmission threshold, per 'T'/'t' history reporting.

:zeektcp_multiple_zero_windows: :zeekevent

Generated if a TCP flow crosses a zero-window threshold, per 'W'/'w' history reporting.
:zeektcp_option: :zeekevent Generated for each option found in a TCP header.
:zeektcp_options: :zeekevent Generated for each TCP header that contains TCP options.
:zeektcp_packet: :zeekevent Generated for every TCP packet.
:zeektcp_rexmit: :zeekevent Generated for each detected TCP segment retransmission.

Detailed Interface

Events