base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

smb1_trans2_find_first2_request: event

Generated for SMB/CIFS version 1 transaction2 requests of subtype find first2.

smb1_trans2_get_dfs_referral_request: event

Generated for SMB/CIFS version 1 transaction2 requests of subtype get DFS referral.

smb1_trans2_query_path_info_request: event

Generated for SMB/CIFS version 1 transaction2 requests of subtype query path info.

smb1_transaction2_request: event

Generated for SMB/CIFS version 1 requests of type transaction2.

Detailed Interface

Events

smb1_trans2_find_first2_request
Type

event (c: connection, hdr: SMB1::Header, args: SMB1::Find_First2_Request_Args)

Generated for SMB/CIFS version 1 transaction2 requests of subtype find first2. This transaction is used to begin a search for file(s) within a directory or for a directory

For more information, see MS-CIFS:2.2.6.2

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • args – A record data structure with arguments given to the command.

See also: smb1_message, smb1_transaction2_request, smb1_trans2_query_path_info_request, smb1_trans2_get_dfs_referral_request

smb1_trans2_get_dfs_referral_request
Type

event (c: connection, hdr: SMB1::Header, file_name: string)

Generated for SMB/CIFS version 1 transaction2 requests of subtype get DFS referral. This transaction is used to request a referral for a disk object in DFS.

For more information, see MS-CIFS:2.2.6.16

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • file_name – File name the request is in reference to.

See also: smb1_message, smb1_transaction2_request, smb1_trans2_find_first2_request, smb1_trans2_query_path_info_request

smb1_trans2_query_path_info_request
Type

event (c: connection, hdr: SMB1::Header, file_name: string)

Generated for SMB/CIFS version 1 transaction2 requests of subtype query path info. This transaction is used to get information about a specific file or directory.

For more information, see MS-CIFS:2.2.6.6

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • file_name – File name the request is in reference to.

See also: smb1_message, smb1_transaction2_request, smb1_trans2_find_first2_request, smb1_trans2_get_dfs_referral_request

smb1_transaction2_request
Type

event (c: connection, hdr: SMB1::Header, args: SMB1::Trans2_Args, sub_cmd: count)

Generated for SMB/CIFS version 1 requests of type transaction2. This command serves as the transport for the Transaction2 Subprotocol Commands. These commands operate on mailslots and named pipes, which are interprocess communication endpoints within the CIFS file system. Compared to the Transaction Subprotocol Commands, these commands allow clients to set and retrieve Extended Attribute key/value pairs, make use of long file names (longer than the original 8.3 format names), and perform directory searches, among other tasks.

For more information, see MS-CIFS:2.2.4.46

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • sub_cmd – The sub command, some are parsed and have their own events.

See also: smb1_message, smb1_trans2_find_first2_request, smb1_trans2_query_path_info_request, smb1_trans2_get_dfs_referral_request, smb1_transaction_request