base/bif/plugins/Zeek_NCP.events.bif.zeek¶
- GLOBAL¶
- Namespace
GLOBAL
Summary¶
Events¶
Generated for NCP replies (Netware Core Protocol). |
|
Generated for NCP requests (Netware Core Protocol). |
Detailed Interface¶
Events¶
- ncp_reply¶
- Type
event(c:connection, frame_type:count, length:count, req_frame:count, req_func:count, completion_code:count)
Generated for NCP replies (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- C
The connection.
- Frame_type
The frame type, as specified by the protocol.
- Length
The length of the request body, excluding the frame header.
- Req_frame
The frame type from the corresponding request.
- Req_func
The function code from the corresponding request.
- Completion_code
The reply’s completion code, as specified by the protocol.
See also:
ncp_requestTodo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.
- ncp_request¶
- Type
event(c:connection, frame_type:count, length:count, func:count)
Generated for NCP requests (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
- C
The connection.
- Frame_type
The frame type, as specified by the protocol.
- Length
The length of the request body, excluding the frame header.
- Func
The requested function, as specified by the protocol.
See also:
ncp_replyTodo
Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.