base/bif/plugins/Zeek_NCP.events.bif.zeek

GLOBAL

Namespace

GLOBAL

Summary

Events

ncp_reply: event	Generated for NCP replies (Netware Core Protocol).
ncp_request: event	Generated for NCP requests (Netware Core Protocol).

Detailed Interface

Events

ncp_reply

Type

event (c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)

Generated for NCP replies (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

C

The connection.

Frame_type

The frame type, as specified by the protocol.

Length

The length of the request body, excluding the frame header.

Req_frame

The frame type from the corresponding request.

Req_func

The function code from the corresponding request.

Completion_code

The reply’s completion code, as specified by the protocol.

See also: ncp_request

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ncp_request

Type

event (c: connection, frame_type: count, length: count, func: count)

Generated for NCP requests (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

C

The connection.

Frame_type

The frame type, as specified by the protocol.

Length

The length of the request body, excluding the frame header.

Func

The requested function, as specified by the protocol.

See also: ncp_reply

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.