34 lines
903 B
Plaintext
34 lines
903 B
Plaintext
Pdu ftp_pdu Proto ftp Transport tcp/ip {
|
|
Extract ftp_addr From ip.addr;
|
|
Extract ftp_port From tcp.port;
|
|
Extract ftp_resp From ftp.response.code;
|
|
Extract ftp_req From ftp.request.command;
|
|
Extract server_addr From ftp.passive.ip;
|
|
Extract server_port From ftp.passive.port;
|
|
|
|
LastPdu true;
|
|
};
|
|
|
|
Pdu ftp_data_pdu Proto ftp-data Transport tcp/ip{
|
|
Extract server_addr From ip.src;
|
|
Extract server_port From tcp.srcport;
|
|
|
|
};
|
|
|
|
Gop ftp_data On ftp_data_pdu Match (server_addr, server_port) {
|
|
Start (server_addr);
|
|
};
|
|
|
|
Gop ftp_ctl On ftp_pdu Match (ftp_addr, ftp_addr, ftp_port, ftp_port) {
|
|
Start (ftp_resp=220);
|
|
Stop (ftp_resp=221);
|
|
Extra (server_addr, server_port);
|
|
};
|
|
|
|
Gog ftp_ses {
|
|
Member ftp_ctl (ftp_addr, ftp_addr, ftp_port, ftp_port);
|
|
Member ftp_data (server_addr, server_port);
|
|
};
|
|
|
|
Done;
|