Bro_SMB.smb1_events.bif.bro¶

GLOBAL¶

Namespace:	GLOBAL
Source File:	`/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro`

Summary¶

Events¶

`smb1_empty_response`: `event`	Generated when there is an SMB version 1 response with no message body.
`smb1_error`: `event`	Generated for SMB version 1 messages that indicate an error.
`smb1_message`: `event`	Generated for all SMB/CIFS version 1 messages.

Detailed Interface¶

Events¶

smb1_empty_response¶

Type:	`event` (c: `connection`, hdr: `SMB1::Header`)

Generated when there is an SMB version 1 response with no message body.

C:	The connection.
Hdr:	The parsed header of the SMB message.

See also: smb1_message

smb1_error¶

Type:	`event` (c: `connection`, hdr: `SMB1::Header`, is_orig: `bool`)

Generated for SMB version 1 messages that indicate an error. This event is triggered by an SMB header including a status that signals an error.

C:	The connection.
Hdr:	The parsed header of the SMB message.
Is_orig:	True if the message was sent by the originator of the underlying transport-level connection.

See also: smb1_message

smb1_message¶

Type:	`event` (c: `connection`, hdr: `SMB1::Header`, is_orig: `bool`)

Generated for all SMB/CIFS version 1 messages.

See Wikipedia for more information about the SMB/CIFS protocol. Bro’s SMB/CIFS analyzer parses both SMB-over-NetBIOS on ports 138/139 and SMB-over-TCP on port 445.

C:	The connection.
Hdr:	The parsed header of the SMB version 1 message.
Is_orig:	True if the message was sent by the originator of the underlying transport-level connection.

base/bif/plugins/Bro_SMB.smb1_events.bif.bro¶

Summary¶

Events¶

Detailed Interface¶

Events¶

Table of Contents

Next Page

Previous Page

base/bif/plugins/Bro_SMB.smb1_events.bif.bro¶

Summary¶

Events¶

Detailed Interface¶

Events¶

Table of Contents

Next Page

Previous Page

Search