base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated when there is an SMB version 1 response with no message body. |
|
Generated for SMB version 1 messages that indicate an error. |
|
Generated for all SMB/CIFS version 1 messages. |
Detailed Interface
Events
- smb1_empty_response
- Type:
event
(c:connection
, hdr:SMB1::Header
)
Generated when there is an SMB version 1 response with no message body.
- Parameters:
c – The connection.
hdr – The parsed header of the SMB message.
See also:
smb1_message
- smb1_error
- Type:
event
(c:connection
, hdr:SMB1::Header
, is_orig:bool
)
Generated for SMB version 1 messages that indicate an error. This event is triggered by an SMB header including a status that signals an error.
- Parameters:
c – The connection.
hdr – The parsed header of the SMB message.
is_orig – True if the message was sent by the originator of the underlying transport-level connection.
See also:
smb1_message
- smb1_message
- Type:
event
(c:connection
, hdr:SMB1::Header
, is_orig:bool
)
Generated for all SMB/CIFS version 1 messages.
See Wikipedia for more information about the SMB/CIFS protocol. Zeek’s SMB/CIFS analyzer parses both SMB-over-NetBIOS on ports 138/139 and SMB-over-TCP on port 445.
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 1 message.
is_orig – True if the message was sent by the originator of the underlying transport-level connection.
See also:
smb2_message