base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Functions

decode_netbios_name: function

Decode a NetBIOS name.

decode_netbios_name_type: function

Converts a NetBIOS name type to its corresponding numeric value.

Detailed Interface

Functions

decode_netbios_name
Type

function (name: string) : string

Decode a NetBIOS name. See https://jeffpar.github.io/kbarchive/kb/194/Q194203/.

Parameters

name – The encoded NetBIOS name, e.g., "FEEIEFCAEOEFFEECEJEPFDCAEOEBENEF".

Returns

The decoded NetBIOS name, e.g., "THE NETBIOS NAM". An empty string is returned if the argument is not a valid NetBIOS encoding (though an encoding that would decode to something that includes only null-bytes or space-characters also yields an empty string).

See also: decode_netbios_name_type

decode_netbios_name_type
Type

function (name: string) : count

Converts a NetBIOS name type to its corresponding numeric value. See https://en.wikipedia.org/wiki/NetBIOS#NetBIOS_Suffixes.

Parameters

name – An encoded NetBIOS name.

Returns

The numeric value of name or 256 if it’s not a valid encoding.

See also: decode_netbios_name