base/bif/plugins/Zeek_NCP.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for NCP replies (Netware Core Protocol). |
|
Generated for NCP requests (Netware Core Protocol). |
Detailed Interface
Events
- ncp_reply
- Type:
event
(c:connection
, frame_type:count
, length:count
, req_frame:count
, req_func:count
, completion_code:count
)
Generated for NCP replies (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- Parameters:
c – The connection.
frame_type – The frame type, as specified by the protocol.
length – The length of the request body, excluding the frame header.
req_frame – The frame type from the corresponding request.
req_func – The function code from the corresponding request.
completion_code – The reply’s completion code, as specified by the protocol.
See also:
ncp_request
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
- ncp_request
- Type:
event
(c:connection
, frame_type:count
, length:count
, func:count
)
Generated for NCP requests (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- Parameters:
c – The connection.
frame_type – The frame type, as specified by the protocol.
length – The length of the request body, excluding the frame header.
func – The requested function, as specified by the protocol.
See also:
ncp_reply
Todo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.