base/bif/plugins/Zeek_NCP.events.bif.zeek¶
-
GLOBAL
¶
Namespace: | GLOBAL |
---|
Summary¶
Events¶
ncp_reply : event |
Generated for NCP replies (Netware Core Protocol). |
ncp_request : event |
Generated for NCP requests (Netware Core Protocol). |
Detailed Interface¶
Events¶
-
ncp_reply
¶ Type: event
(c:connection
, frame_type:count
, length:count
, req_frame:count
, req_func:count
, completion_code:count
)Generated for NCP replies (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
C: The connection. Frame_type: The frame type, as specified by the protocol. Length: The length of the request body, excluding the frame header. Req_frame: The frame type from the corresponding request. Req_func: The function code from the corresponding request. Completion_code: The reply’s completion code, as specified by the protocol. See also:
ncp_request
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ncp_request
¶ Type: event
(c:connection
, frame_type:count
, length:count
, func:count
)Generated for NCP requests (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
C: The connection. Frame_type: The frame type, as specified by the protocol. Length: The length of the request body, excluding the frame header. Func: The requested function, as specified by the protocol. See also:
ncp_reply
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.