base/bif/plugins/Zeek_NCP.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

ncp_reply: event

Generated for NCP replies (Netware Core Protocol).

ncp_request: event

Generated for NCP requests (Netware Core Protocol).

Detailed Interface

Events

ncp_reply
Type

event (c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)

Generated for NCP replies (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

Parameters

  • c – The connection.

  • frame_type – The frame type, as specified by the protocol.

  • length – The length of the request body, excluding the frame header.

  • req_frame – The frame type from the corresponding request.

  • req_func – The function code from the corresponding request.

  • completion_code – The reply’s completion code, as specified by the protocol.

See also: ncp_request

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ncp_request
Type

event (c: connection, frame_type: count, length: count, func: count)

Generated for NCP requests (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

Parameters

  • c – The connection.

  • frame_type – The frame type, as specified by the protocol.

  • length – The length of the request body, excluding the frame header.

  • func – The requested function, as specified by the protocol.

See also: ncp_reply

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.