base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro

GLOBAL

Namespace:GLOBAL Source File:/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro

Summary

Events

smb1_transaction_request: event	Generated for SMB/CIFS version 1 requests of type transaction.
smb1_transaction_response: event	Generated for SMB/CIFS version 1 requests of type transaction.

Detailed Interface

Events

smb1_transaction_request

Type:event (c: connection, hdr: SMB1::Header, name: string, sub_cmd: count, parameters: string, data: string)

Generated for SMB/CIFS version 1 requests of type transaction. This command serves as the transport for the Transaction Subprotocol Commands. These commands operate on mailslots and named pipes, which are interprocess communication endpoints within the CIFS file system.

For more information, see MS-CIFS:2.2.4.33.1

C:The connection. Hdr:The parsed header of the SMB version 1 message. Name:A name string that MAY identify the resource (a specific Mailslot or Named Pipe) against which the operation is performed. Sub_cmd:The sub command, some may be parsed and have their own events. Parameters:content of the SMB_Data.Trans_Parameters field Data:content of the SMB_Data.Trans_Data field

See also: smb1_message, smb1_transaction2_request

smb1_transaction_response

Type:event (c: connection, hdr: SMB1::Header, parameters: string, data: string)

Generated for SMB/CIFS version 1 requests of type transaction. This command serves as the transport for the Transaction Subprotocol Commands. These commands operate on mailslots and named pipes, which are interprocess communication endpoints within the CIFS file system.

For more information, see MS-CIFS:2.2.4.33.2

C:The connection. Hdr:The parsed header of the SMB version 1 message. Parameters:content of the SMB_Data.Trans_Parameters field Data:content of the SMB_Data.Trans_Data field