Zeek_SMB.smb1_com_nt_create_andx.bif.zeek¶

GLOBAL¶

Namespace: GLOBAL

Summary¶

Events¶

`smb1_nt_create_andx_request`: `event`	Generated for SMB/CIFS version 1 requests of type nt create andx.
`smb1_nt_create_andx_response`: `event`	Generated for SMB/CIFS version 1 responses of type nt create andx.

Detailed Interface¶

Events¶

smb1_nt_create_andx_request¶

Type: event (c: connection, hdr: SMB1::Header, file_name: string)

Generated for SMB/CIFS version 1 requests of type nt create andx. This is sent by the client to create and open a new file, or to open an existing file, or to open and truncate an existing file to zero length, or to create a directory, or to create a connection to a named pipe.

For more information, see MS-CIFS:2.2.4.64

C: The connection.
Hdr: The parsed header of the SMB version 1 message.
Name: The name attribute specified in the message.

smb1_nt_create_andx_response¶

Type: event (c: connection, hdr: SMB1::Header, file_id: count, file_size: count, times: SMB::MACTimes)

Generated for SMB/CIFS version 1 responses of type nt create andx. This is the server response to the nt create andx request.

For more information, see MS-CIFS:2.2.4.64

C: The connection.
Hdr: The parsed header of the SMB version 1 message.
File_id: The SMB2 GUID for the file.
File_size: Size of the file.
Times: Timestamps associated with the file in question.