base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for SMB/CIFS version 1 requests of type nt create andx. |
|
Generated for SMB/CIFS version 1 responses of type nt create andx. |
Detailed Interface
Events
- smb1_nt_create_andx_request
- Type:
event(c:connection, hdr:SMB1::Header, file_name:string)
Generated for SMB/CIFS version 1 requests of type nt create andx. This is sent by the client to create and open a new file, or to open an existing file, or to open and truncate an existing file to zero length, or to create a directory, or to create a connection to a named pipe.
For more information, see MS-CIFS:2.2.4.64
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 1 message.
name – The
nameattribute specified in the message.
See also:
smb1_message,smb1_nt_create_andx_response
- smb1_nt_create_andx_response
- Type:
event(c:connection, hdr:SMB1::Header, file_id:count, file_size:count, times:SMB::MACTimes)
Generated for SMB/CIFS version 1 responses of type nt create andx. This is the server response to the nt create andx request.
For more information, see MS-CIFS:2.2.4.64
- Parameters:
c – The connection.
hdr – The parsed header of the SMB version 1 message.
file_id – The SMB2 GUID for the file.
file_size – Size of the file.
times – Timestamps associated with the file in question.
See also:
smb1_message,smb1_nt_create_andx_request