base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek

GLOBAL

Namespace

GLOBAL

Summary

Events

smb2_message: event

Generated for SMB/CIFS version 2 messages.

Detailed Interface

Events

smb2_message

Type

event (c: connection, hdr: SMB2::Header, is_orig: bool)

Generated for SMB/CIFS version 2 messages.

See Wikipedia for more information about the SMB/CIFS protocol. Zeek’s SMB/CIFS analyzer parses both SMB-over-NetBIOS on ports 138/139 and SMB-over-TCP on port 445.

C

The connection.

Hdr

The parsed header of the SMB version 2 message.

Is_orig

True if the message came from the originator side.

See also: smb1_message