90 lines
3.3 KiB
ReStructuredText
90 lines
3.3 KiB
ReStructuredText
:tocdepth: 3
|
|
|
|
base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
|
|
==============================================
|
|
.. zeek:namespace:: GLOBAL
|
|
|
|
|
|
:Namespace: GLOBAL
|
|
|
|
Summary
|
|
~~~~~~~
|
|
Events
|
|
######
|
|
================================================== =========================================================================================================
|
|
:zeek:id:`smb1_empty_response`: :zeek:type:`event` Generated when there is an :abbr:`SMB (Server Message Block)` version 1 response with no message body.
|
|
:zeek:id:`smb1_error`: :zeek:type:`event` Generated for :abbr:`SMB (Server Message Block)` version 1 messages
|
|
that indicate an error.
|
|
:zeek:id:`smb1_message`: :zeek:type:`event` Generated for all :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` version 1
|
|
messages.
|
|
================================================== =========================================================================================================
|
|
|
|
|
|
Detailed Interface
|
|
~~~~~~~~~~~~~~~~~~
|
|
Events
|
|
######
|
|
.. zeek:id:: smb1_empty_response
|
|
:source-code: base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek 31 31
|
|
|
|
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, hdr: :zeek:type:`SMB1::Header`)
|
|
|
|
Generated when there is an :abbr:`SMB (Server Message Block)` version 1 response with no message body.
|
|
|
|
|
|
:param c: The connection.
|
|
|
|
|
|
:param hdr: The parsed header of the :abbr:`SMB (Server Message Block)` message.
|
|
|
|
.. zeek:see:: smb1_message
|
|
|
|
.. zeek:id:: smb1_error
|
|
:source-code: policy/protocols/smb/log-cmds.zeek 49 64
|
|
|
|
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, hdr: :zeek:type:`SMB1::Header`, is_orig: :zeek:type:`bool`)
|
|
|
|
Generated for :abbr:`SMB (Server Message Block)` version 1 messages
|
|
that indicate an error. This event is triggered by an :abbr:`SMB (Server Message Block)` header
|
|
including a status that signals an error.
|
|
|
|
|
|
:param c: The connection.
|
|
|
|
|
|
:param hdr: The parsed header of the :abbr:`SMB (Server Message Block)` message.
|
|
|
|
|
|
:param is_orig: True if the message was sent by the originator of the underlying
|
|
transport-level connection.
|
|
|
|
.. zeek:see:: smb1_message
|
|
|
|
.. zeek:id:: smb1_message
|
|
:source-code: base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek 21 21
|
|
|
|
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, hdr: :zeek:type:`SMB1::Header`, is_orig: :zeek:type:`bool`)
|
|
|
|
Generated for all :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` version 1
|
|
messages.
|
|
|
|
See `Wikipedia <http://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
|
|
:abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` protocol. Zeek's
|
|
:abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` analyzer parses
|
|
both :abbr:`SMB (Server Message Block)`-over-:abbr:`NetBIOS (Network Basic Input/Output System)` on
|
|
ports 138/139 and :abbr:`SMB (Server Message Block)`-over-TCP on port 445.
|
|
|
|
|
|
:param c: The connection.
|
|
|
|
|
|
:param hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message.
|
|
|
|
|
|
:param is_orig: True if the message was sent by the originator of the underlying
|
|
transport-level connection.
|
|
|
|
.. zeek:see:: smb2_message
|
|
|
|
|