base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek

GLOBAL
Namespace:GLOBAL

Summary

Events

smb1_read_andx_request: event Generated for SMB/CIFS version 1 requests of type read andx.
smb1_read_andx_response: event Generated for SMB/CIFS version 1 responses of type read andx.

Detailed Interface

Events

smb1_read_andx_request
Type:event (c: connection, hdr: SMB1::Header, file_id: count, offset: count, length: count)

Generated for SMB/CIFS version 1 requests of type read andx. This is sent by the client to read bytes from a regular file, a named pipe, or a directly accessible device such as a serial port (COM) or printer port (LPT).

For more information, see MS-CIFS:2.2.4.42

C:The connection.
Hdr:The parsed header of the SMB version 1 message.
File_id:The file identifier being written to.
Offset:The byte offset the requested read begins at.
Length:The number of bytes being requested.

See also: smb1_message, smb1_read_andx_response

smb1_read_andx_response
Type:event (c: connection, hdr: SMB1::Header, data_len: count)

Generated for SMB/CIFS version 1 responses of type read andx. This is the server response to the read andx request.

For more information, see MS-CIFS:2.2.4.42

C:The connection.
Hdr:The parsed header of the SMB version 1 message.
Data_len:The length of data from the requested file.

See also: smb1_message, smb1_read_andx_request