base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for every DCE-RPC alter context request message. |
|
Generated for every DCE-RPC alter context response message. |
|
Generated for every DCE-RPC bind request message. |
|
Generated for every DCE-RPC bind request ack message. |
|
Generated for every DCE-RPC message. |
|
Generated for every DCE-RPC request message. |
|
Generated for every DCE-RPC request message. |
|
Generated for every DCE-RPC response message. |
|
Generated for every DCE-RPC response message. |
Detailed Interface
Events
- dce_rpc_alter_context
- Type:
event(c:connection, fid:count, ctx_id:count, uuid:string, ver_major:count, ver_minor:count)
Generated for every DCE-RPC alter context request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
uuid – The string interpreted uuid of the endpoint being requested.
ver_major – The major version of the endpoint being requested.
ver_minor – The minor version of the endpoint being requested.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_request,dce_rpc_response,dce_rpc_alter_context_resp
- dce_rpc_alter_context_resp
- Type:
event(c:connection, fid:count)
Generated for every DCE-RPC alter context response message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_request,dce_rpc_response,dce_rpc_alter_context
- dce_rpc_bind
- Type:
event(c:connection, fid:count, ctx_id:count, uuid:string, ver_major:count, ver_minor:count)
Generated for every DCE-RPC bind request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
uuid – The string interpreted uuid of the endpoint being requested.
ver_major – The major version of the endpoint being requested.
ver_minor – The minor version of the endpoint being requested.
See also:
dce_rpc_message,dce_rpc_bind_ack,dce_rpc_request,dce_rpc_response
- dce_rpc_bind_ack
- Type:
event(c:connection, fid:count, sec_addr:string)
Generated for every DCE-RPC bind request ack message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
sec_addr – Secondary address for the ack.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_request,dce_rpc_response
- dce_rpc_message
- Type:
event(c:connection, is_orig:bool, fid:count, ptype_id:count, ptype:DCE_RPC::PType)
Generated for every DCE-RPC message.
- Parameters:
c – The connection.
is_orig – True if the message was sent by the originator of the TCP connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ptype_id – Numeric representation of the procedure type of the message.
ptype – Enum representation of the procedure type of the message.
See also:
dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_request,dce_rpc_response
- dce_rpc_request
-
Generated for every DCE-RPC request message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
opnum – Number of the RPC operation.
stub_len – Length of the data for the request.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_response,dce_rpc_request_stub
- dce_rpc_request_stub
-
Generated for every DCE-RPC request message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
opnum – Number of the RPC operation.
stub – The data for the request.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_response_stub,dce_rpc_request
- dce_rpc_response
-
Generated for every DCE-RPC response message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
opnum – Number of the RPC operation.
stub_len – Length of the data for the response.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_request,dce_rpc_response_stub
- dce_rpc_response_stub
-
Generated for every DCE-RPC response message.
- Parameters:
c – The connection.
fid – File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
ctx_id – The context identifier of the data representation.
opnum – Number of the RPC operation.
stub – The data for the response.
See also:
dce_rpc_message,dce_rpc_bind,dce_rpc_bind_ack,dce_rpc_request_stub,dce_rpc_response