pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/doc/scripts/base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek.rst
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

72 lines
3.0 KiB
ReStructuredText
Raw Permalink Blame History

:tocdepth: 3
base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek
==============================================
.. zeek:namespace:: GLOBAL
:Namespace: GLOBAL
Summary
~~~~~~~
Events
######
============================================================ ===========================================================================================
:zeek:id:`smb2_discarded_messages_state`: :zeek:type:`event` Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
version 2 connections for which pending read, ioctl or tree requests exceeds
the :zeek:see:`SMB::max_pending_messages` setting.
:zeek:id:`smb2_message`: :zeek:type:`event` Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
version 2 messages.
============================================================ ===========================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. zeek:id:: smb2_discarded_messages_state
:source-code: base/protocols/smb/smb2-main.zeek 350 366
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, state: :zeek:type:`string`)
Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
version 2 connections for which pending read, ioctl or tree requests exceeds
the :zeek:see:`SMB::max_pending_messages` setting. This event indicates either
traffic loss, traffic load-balancing issues, or failures to parse or match
SMB responses with SMB requests. When this event is raised, internal per-connection
parser state has been reset.
:param c: The affected connection.
:param state: String describing what kind of state was affected.
One of read, ioctl or tree.
.. zeek:id:: smb2_message
:source-code: base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek 20 20
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, hdr: :zeek:type:`SMB2::Header`, is_orig: :zeek:type:`bool`)
Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
version 2 messages.
See `Wikipedia <http://en.wikipedia.org/wiki/Server_Message_Block>`__ for more information about the
:abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` protocol. Zeek's
:abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` analyzer parses
both :abbr:`SMB (Server Message Block)`-over-:abbr:`NetBIOS (Network Basic Input/Output System)` on
ports 138/139 and :abbr:`SMB (Server Message Block)`-over-TCP on port 445.
:param c: The connection.
:param hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message.
:param is_orig: True if the message came from the originator side.
.. zeek:see:: smb1_message
Reference in New Issue View Git Blame Copy Permalink