base/bif/plugins/Bro_SMB.smb1_events.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro

Summary

Events

smb1_empty_response: event Generated when there is an SMB version 1 response with no message body.
smb1_error: event Generated for SMB version 1 messages that indicate an error.
smb1_message: event Generated for all SMB/CIFS version 1 messages.

Detailed Interface

Events

smb1_empty_response
Type:event (c: connection, hdr: SMB1::Header)

Generated when there is an SMB version 1 response with no message body.

C:The connection.
Hdr:The parsed header of the SMB message.

See also: smb1_message

smb1_error
Type:event (c: connection, hdr: SMB1::Header, is_orig: bool)

Generated for SMB version 1 messages that indicate an error. This event is triggered by an SMB header including a status that signals an error.

C:The connection.
Hdr:The parsed header of the SMB message.
Is_orig:True if the message was sent by the originator of the underlying transport-level connection.

See also: smb1_message

smb1_message
Type:event (c: connection, hdr: SMB1::Header, is_orig: bool)

Generated for all SMB/CIFS version 1 messages.

See Wikipedia for more information about the SMB/CIFS protocol. Bro’s SMB/CIFS analyzer parses both SMB-over-NetBIOS on ports 138/139 and SMB-over-TCP on port 445.

C:The connection.
Hdr:The parsed header of the SMB version 1 message.
Is_orig:True if the message was sent by the originator of the underlying transport-level connection.

See also: smb2_message

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.