base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

smb1_echo_request: event

Generated for SMB/CIFS version 1 requests of type echo.

smb1_echo_response: event

Generated for SMB/CIFS version 1 responses of type echo.

Detailed Interface

Events

smb1_echo_request
Type

event (c: connection, echo_count: count, data: string)

Generated for SMB/CIFS version 1 requests of type echo. This is sent by the client to test the transport layer connection with the server.

For more information, see MS-CIFS:2.2.4.39

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • echo_count – The number of times the server should echo the data back.

  • data – The data for the server to echo.

See also: smb1_message, smb1_echo_response

smb1_echo_response
Type

event (c: connection, seq_num: count, data: string)

Generated for SMB/CIFS version 1 responses of type echo. This is the server response to the echo request.

For more information, see MS-CIFS:2.2.4.39

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 1 message.

  • seq_num – The sequence number of this echo reply.

  • data – The data echoed back from the client.

See also: smb1_message, smb1_echo_request