base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype. |
|
Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the link subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the position subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype. |
|
Generated for SMB/CIFS version 2 requests of type set_info of the file subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype |
|
Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype |
Detailed Interface
Events
- smb2_file_allocation
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, alloc_size:int)
Generated for SMB/CIFS version 2 requests of type set_info of the allocation subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
alloc_size – desired allocation size.
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_delete
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, delete_pending:bool)
Generated for SMB/CIFS version 2 requests of type set_info of the delete subtype.
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
delete_pending – A boolean value to indicate that a file should be deleted when it’s closed if set to T.
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_endoffile
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, end_of_file:int)
Generated for SMB/CIFS version 2 requests of type set_info of the end_of_file subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
end_of_file – the absolute new end of file position as a byte offset from the start of the file
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_fscontrol
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, fs_control:SMB2::Fscontrol)
Generated for SMB/CIFS version 2 requests of type set_info of the fs_control subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
fs_control – contains fs_control info (see MS-FCC 2.5.2)
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_fsobjectid
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, object_id:SMB2::GUID, extended_info:string)
Generated for SMB/CIFS version 2 requests of type set_info of the fs_object_id subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
object_id – contains a 16-bytes GUID that identifies the file system volume (see MS-FCC 2.5.6)
extended_info – contains extended information on the file system volume
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link
- smb2_file_fullea
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, file_eas:SMB2::FileEAs)
Generated for SMB/CIFS version 2 requests of type set_info of the full_EA subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
FileEAs – a vector of extended file attributes as defined in MS-FSCC:2.4.15
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_link
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, root_directory:count, file_name:string)
Generated for SMB/CIFS version 2 requests of type set_info of the link subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
root_directory – contains the file handle for the directory where the link is to be created
file_name – contains the name to be assigned to the newly created link
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_mode
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, mode:count)
Generated for SMB/CIFS version 2 requests of type set_info of the mode subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
mode – specifies how the file will subsequently be accessed.
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_pipe
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, read_mode:count, completion_mode:count)
Generated for SMB/CIFS version 2 requests of type set_info of the pipe subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
read_mode – specifies if data must be read as a stream of bytes or messages
completion_mode – specifies if blocking mode must be enabled or not
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_position
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, current_byte_offset:int)
Generated for SMB/CIFS version 2 requests of type set_info of the position subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
current_byte_offset – specifies the offset, in bytes, of the file pointer from the beginning of the file
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_rename
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, dst_filename:string)
Generated for SMB/CIFS version 2 requests of type set_info of the rename subtype.
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – A GUID to identify the file.
dst_filename – The filename to rename the file into.
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_sattr
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, times:SMB::MACTimes, attrs:SMB2::FileAttrs)
Generated for SMB/CIFS version 2 requests of type set_info of the file subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
times – Timestamps associated with the file in question.
attrs – File attributes.
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_shortname
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, file_name:string)
Generated for SMB/CIFS version 2 requests of type set_info of the short_name subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
file_name – specifies the name of the file to be changed
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid
- smb2_file_validdatalength
- Type:
event(c:connection, hdr:SMB2::Header, file_id:SMB2::GUID, valid_data_length:int)
Generated for SMB/CIFS version 2 requests of type set_info of the valid_data_length subtype
For more information, see MS-SMB2:2.2.39
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 2 message.
file_id – The SMB2 GUID for the file.
valid_data_length – specifies the new valid data length for the file
See also:
smb2_message,smb2_file_delete,smb2_file_sattr,smb2_file_allocation,smb2_file_endoffile,smb2_file_mode,smb2_file_pipe,smb2_file_position,smb2_file_shortname,smb2_file_validdatalength,smb2_file_fullea,smb2_file_link,smb2_file_fsobjectid