@load ssh
@load irc    
@load http-request
@load ftp
    
@load dpd    
    
module Fingerprint;


export  {
	# Define a NOTICE type for our alert. 
	redef enum Notice += {
		FingerprintFound
	};
}

# We track a state-machine for each host.
type state: enum { expect_http, expect_ftp_exec, expect_ftp_zip, expect_irc, found };

global hosts: table[addr] of state;

event protocol_confirmation(c: connection, atype: count, aid: count)
	{
	#### Insert code here.
	}

event http_request(c: connection, method: string, original_URI: string,
				   unescaped_URI: string, version: string)
	{
        #### Insert code here.
	}
	
event file_transferred(c: connection, prefix: string, descr: string,
					   mime_type: string)
	{
        #### Insert code here.
	}

# If we don't have libmagic, we can alternatively check the 
# requested file names but that's less reliable.
#
#event ftp_request(c: connection, command: string, arg: string)
#	{
#       #### Insert code here.
#	}