base/bif/plugins/Zeek_NCP.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

ncp_reply: event

Generated for NCP replies (Netware Core Protocol).

ncp_request: event

Generated for NCP requests (Netware Core Protocol).

Detailed Interface

Events

ncp_reply
Type

event (c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)

Generated for NCP replies (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

C

The connection.

Frame_type

The frame type, as specified by the protocol.

Length

The length of the request body, excluding the frame header.

Req_frame

The frame type from the corresponding request.

Req_func

The function code from the corresponding request.

Completion_code

The reply’s completion code, as specified by the protocol.

See also: ncp_request

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.

ncp_request
Type

event (c: connection, frame_type: count, length: count, func: count)

Generated for NCP requests (Netware Core Protocol).

See Wikipedia for more information about the NCP protocol.

C

The connection.

Frame_type

The frame type, as specified by the protocol.

Length

The length of the request body, excluding the frame header.

Func

The requested function, as specified by the protocol.

See also: ncp_reply

Todo

Zeek’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported. To still enable this event, one needs to register a port for it or add a DPD payload signature.