base/bif/plugins/Bro_NCP.events.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_NCP.events.bif.bro |
Summary¶
Events¶
ncp_reply: event |
Generated for NCP replies (Netware Core Protocol). |
ncp_request: event |
Generated for NCP requests (Netware Core Protocol). |
Detailed Interface¶
Events¶
-
ncp_reply¶ Type: event(c:connection, frame_type:count, length:count, req_frame:count, req_func:count, completion_code:count)Generated for NCP replies (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
C: The connection. Frame_type: The frame type, as specified by the protocol. Length: The length of the request body, excluding the frame header. Req_frame: The frame type from the corresponding request. Req_func: The function code from the corresponding request. Completion_code: The reply’s completion code, as specified by the protocol. See also:
ncp_requestTodo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
-
ncp_request¶ Type: event(c:connection, frame_type:count, length:count, func:count)Generated for NCP requests (Netware Core Protocol).
See Wikipedia for more information about the NCP protocol.
C: The connection. Frame_type: The frame type, as specified by the protocol. Length: The length of the request body, excluding the frame header. Func: The requested function, as specified by the protocol. See also:
ncp_replyTodo
Bro’s current default configuration does not activate the protocol analyzer that generates this event; the corresponding script has not yet been ported to Bro 2.x. To still enable this event, one needs to register a port for it or add a DPD payload signature.
