base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

smb2_close_request: event

Generated for SMB/CIFS version 2 requests of type close.

smb2_close_response: event

Generated for SMB/CIFS version 2 responses of type close.

Detailed Interface

Events

smb2_close_request
Type

event (c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)

Generated for SMB/CIFS version 2 requests of type close. This is used by the client to close an instance of a file that was opened previously with a successful SMB2 CREATE Request.

For more information, see MS-SMB2:2.2.15

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • file_name – The SMB2 GUID of the file being closed.

See also: smb2_message, smb2_close_response

smb2_close_response
Type

event (c: connection, hdr: SMB2::Header, response: SMB2::CloseResponse)

Generated for SMB/CIFS version 2 responses of type close. This is sent by the server to indicate that an SMB2 CLOSE request was processed successfully.

For more information, see MS-SMB2:2.2.16

Parameters
  • c – The connection.

  • hdr – The parsed header of the SMB version 2 message.

  • response – A record of attributes returned from the server from the close.

See also: smb2_message, smb2_close_request