base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek¶
-
GLOBAL
¶
- Namespace
GLOBAL
Summary¶
Events¶
Generated for every DCE-RPC alter context request message. |
|
Generated for every DCE-RPC alter context response message. |
|
Generated for every DCE-RPC bind request message. |
|
Generated for every DCE-RPC bind request ack message. |
|
Generated for every DCE-RPC message. |
|
Generated for every DCE-RPC request message. |
|
Generated for every DCE-RPC request message. |
|
Generated for every DCE-RPC response message. |
|
Generated for every DCE-RPC response message. |
Detailed Interface¶
Events¶
- dce_rpc_alter_context¶
- Type
event
(c:connection
, fid:count
, ctx_id:count
, uuid:string
, ver_major:count
, ver_minor:count
)
Generated for every DCE-RPC alter context request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Uuid
The string interpretted uuid of the endpoint being requested.
- Ver_major
The major version of the endpoint being requested.
- Ver_minor
The minor version of the endpoint being requested.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_request
,dce_rpc_response
,dce_rpc_alter_context_resp
- dce_rpc_alter_context_resp¶
- Type
event
(c:connection
, fid:count
)
Generated for every DCE-RPC alter context response message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_request
,dce_rpc_response
,dce_rpc_alter_context
- dce_rpc_bind¶
- Type
event
(c:connection
, fid:count
, ctx_id:count
, uuid:string
, ver_major:count
, ver_minor:count
)
Generated for every DCE-RPC bind request message. Since RPC offers the ability for a client to request connections to multiple endpoints, this event can occur multiple times for a single RPC message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Uuid
The string interpretted uuid of the endpoint being requested.
- Ver_major
The major version of the endpoint being requested.
- Ver_minor
The minor version of the endpoint being requested.
See also:
dce_rpc_message
,dce_rpc_bind_ack
,dce_rpc_request
,dce_rpc_response
- dce_rpc_bind_ack¶
- Type
event
(c:connection
, fid:count
, sec_addr:string
)
Generated for every DCE-RPC bind request ack message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Sec_addr
Secondary address for the ack.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_request
,dce_rpc_response
-
dce_rpc_message
¶ - Type
event
(c:connection
, is_orig:bool
, fid:count
, ptype_id:count
, ptype:DCE_RPC::PType
)
Generated for every DCE-RPC message.
- C
The connection.
- Is_orig
True if the message was sent by the originator of the TCP connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ptype_id
Numeric representation of the procedure type of the message.
- Ptype
Enum representation of the prodecure type of the message.
See also:
dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_request
,dce_rpc_response
- dce_rpc_request¶
-
Generated for every DCE-RPC request message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Opnum
Number of the RPC operation.
- Stub_len
Length of the data for the request.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_response
,dce_rpc_request_stub
-
dce_rpc_request_stub
¶ -
Generated for every DCE-RPC request message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Opnum
Number of the RPC operation.
- Stub
The data for the request.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_response_stub
,dce_rpc_request
-
dce_rpc_response
¶ -
Generated for every DCE-RPC response message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Opnum
Number of the RPC operation.
- Stub_len
Length of the data for the response.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_request
,dce_rpc_response_stub
-
dce_rpc_response_stub
¶ -
Generated for every DCE-RPC response message.
- C
The connection.
- Fid
File ID of the PIPE that carried the DCE-RPC message. Zero will be used if the DCE-RPC was not transported over a pipe.
- Ctx_id
The context identifier of the data representation.
- Opnum
Number of the RPC operation.
- Stub
The data for the response.
See also:
dce_rpc_message
,dce_rpc_bind
,dce_rpc_bind_ack
,dce_rpc_request_stub
,dce_rpc_response