Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add parameters and data to smb1_transaction_request/response messages

Browse source 
expose SMB_Data.Trans_Parameters and SMB_Data.Trans_Data fields of
SMB_COM_TRANSACTION (0x25) message type. See MS-CIFS section
2.2.4.33.1.

These fields are exposed to the script level as Bro strings. Note that
this commit also expose a new event smb1_transaction_response.
This commit is contained in:
Jeffrey Bencteux 2017-05-26 15:18:59 +02:00
parent f2c3a9495d
commit bd72710e3b
3 changed files with 104 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/smb/smb1-main.bro
View file

@ -263,7 +263,7 @@ event smb1_session_setup_andx_response(c: connection, hdr: SMB1::Header, respons
# No behavior yet.
}
event smb1_transaction_request(c: connection, hdr: SMB1::Header, name: string, sub_cmd: count)
event smb1_transaction_request(c: connection, hdr: SMB1::Header, name: string, sub_cmd: count, parameters: string, data: string)
{
c$smb_state$current_cmd$sub_command = SMB1::trans_sub_commands[sub_cmd];
}