base/bif/plugins/Zeek_NCP.events.bif.zeek¶
- GLOBAL¶
- Namespace
GLOBAL
Summary¶
Events¶
Generated for NCP replies (Netware Core Protocol). |
|
Generated for NCP requests (Netware Core Protocol). |
Detailed Interface¶
Events¶
- ncp_reply¶
- Type
event
(c:connection
, frame_type:count
, length:count
, req_frame:count
, req_func:count
, completion_code:count
)
Generated for NCP replies (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- Parameters
c – The connection.
frame_type – The frame type, as specified by the protocol.
length – The length of the request body, excluding the frame header.
req_frame – The frame type from the corresponding request.
req_func – The function code from the corresponding request.
completion_code – The reply’s completion code, as specified by the protocol.
See also:
ncp_request
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
- ncp_request¶
- Type
event
(c:connection
, frame_type:count
, length:count
, func:count
)
Generated for NCP requests (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- Parameters
c – The connection.
frame_type – The frame type, as specified by the protocol.
length – The length of the request body, excluding the frame header.
func – The requested function, as specified by the protocol.
See also:
ncp_reply
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.