Documentation
¶
Index ¶
- Variables
- func CleanupExpiredConnections()
- func ExtractDataChannel(conv *core.ConversationInfo, data []byte, conn *FTPDataConnection) error
- func RemoveDataConnection(key string)
- func ShouldDecodeAsDataChannel(conv *core.ConversationInfo) bool
- type FTPDataConnection
- type FTPFileExtractor
- func (f *FTPFileExtractor) DescribeFile(handle *file.FileHandle) string
- func (f *FTPFileExtractor) ExtractFile(conv *core.ConversationInfo, data []byte, metadata file.FileMetadata) error
- func (f *FTPFileExtractor) GetFileHandle(conv *core.ConversationInfo, isOrigin bool, depth int) string
- func (f *FTPFileExtractor) ProtocolName() string
Constants ¶
This section is empty.
Variables ¶
var DataDecoder = &decoder.StreamDecoder{ Type: types.Type_NC_FTP, Name: "FTP-DATA", Description: "File Transfer Protocol - data channel", PostInit: func(sd *decoder.StreamDecoder) error { return nil }, CanDecode: func(client, server []byte) bool { return false }, DeInit: func(sd *decoder.StreamDecoder) error { return nil }, Factory: &ftpDataReader{}, Typ: core.TCP, }
DataDecoder for FTP DATA channel analysis This decoder tries to detect FTP data connections by checking against tracked connections
var Decoder = &decoder.StreamDecoder{ Type: types.Type_NC_FTP, Name: "FTP", Description: "File Transfer Protocol - control and data channels", PostInit: func(sd *decoder.StreamDecoder) error { var err error ftpLog, _, err = logging.InitZapLogger( decoderconfig.Instance.Out, "ftp", decoderconfig.Instance.Debug, ) if err != nil { return err } initConnectionTracker() return nil }, CanDecode: func(client, server []byte) bool { if len(server) > 3 && server[0] == '2' && server[1] == '2' && server[2] == '0' { return true } return false }, DeInit: func(sd *decoder.StreamDecoder) error { return ftpLog.Sync() }, Factory: &ftpReader{}, Typ: core.TCP, }
Decoder for FTP protocol analysis
Functions ¶
func CleanupExpiredConnections ¶
func CleanupExpiredConnections()
CleanupExpiredConnections removes stale data connection expectations
func ExtractDataChannel ¶
func ExtractDataChannel(conv *core.ConversationInfo, data []byte, conn *FTPDataConnection) error
ExtractDataChannel extracts file from FTP data channel
func RemoveDataConnection ¶
func RemoveDataConnection(key string)
RemoveDataConnection removes a tracked data connection
func ShouldDecodeAsDataChannel ¶
func ShouldDecodeAsDataChannel(conv *core.ConversationInfo) bool
ShouldDecodeAsDataChannel checks if a conversation should be decoded as FTP DATA This is called during stream identification
Types ¶
type FTPDataConnection ¶
type FTPDataConnection struct {
IP string
Port int
Filename string
Command string // RETR or STOR
TransferMode string
IsPassive bool
FileSize int64
CreatedAt time.Time
}
FTPDataConnection tracks expected FTP data connections
func CheckDataConnection ¶
func CheckDataConnection(key string) (*FTPDataConnection, bool)
CheckDataConnection checks if a connection matches an expected FTP data connection
type FTPFileExtractor ¶
type FTPFileExtractor struct{}
FTPFileExtractor implements file extraction for FTP DATA channel transfers
func (*FTPFileExtractor) DescribeFile ¶
func (f *FTPFileExtractor) DescribeFile(handle *file.FileHandle) string
DescribeFile returns a human-readable description of the FTP file transfer
func (*FTPFileExtractor) ExtractFile ¶
func (f *FTPFileExtractor) ExtractFile(conv *core.ConversationInfo, data []byte, metadata file.FileMetadata) error
ExtractFile performs FTP file extraction
func (*FTPFileExtractor) GetFileHandle ¶
func (f *FTPFileExtractor) GetFileHandle(conv *core.ConversationInfo, isOrigin bool, depth int) string
GetFileHandle generates a unique identifier for an FTP file transfer
func (*FTPFileExtractor) ProtocolName ¶
func (f *FTPFileExtractor) ProtocolName() string
ProtocolName returns the protocol name
Source Files