Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Service Contexts: SMB

 

The table displays the security context details for SMB:

Table 1: Service Contexts: SMB

Context and Direction

Description

Example of Contexts

smb-account-name (ANY)

Matches the SMB account name in the SESSION_SETUP_ANDX request of an SMB session.

smb-atsvc-request (CTS)

Matches any AT Service requests sent as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-atsvc-response (STC)

Matches any AT Service responses received as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-browser-request (CTS)

Matches any Browser requests sent as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-browser-response (STC)

Matches any Browser responses received as named pipe transactions over the SMB Transport Layer. The first two bytes of this context contains the opcode of the function.

smb-called-name (ANY)

Matches the NetBIOS name of the initiator of an SMB session.

smb-calling-name (ANY)

Matches the NetBIOS name of the receiver of an SMB session.

smb-connect-path (CTS)

Matches the connect path in the TREE_CONNECT_ANDX request of an SMB session.

smb-connect-service (CTS)

Matches the connect service in the TREE_CONNECT_ANDX request of an SMB session.

smb-copy-filename (CTS)

Matches the filename in the COPY request of an SMB session.

smb-data (ANY)

Matches any SMB data portion.

smb-dce-rpc (ANY)

Matches any DCE/RPC message sent over the SMB Transport Layer.

smb-dce-rpc-bind (CTS)

Matches any DCE/RPC bind message sent over the SMB Transport Layer.

smb-dce-rpc-bind-ack (STC)

Matches any DCE/RPC bind-ack message sent over the SMB Transport Layer.

smb-dce-rpc-bind-nack (STC)

Matches any DCE/RPC bind-nack message sent over the SMB Transport Layer.

smb-dce-rpc-request (CTS)

Matches any DCE/RPC request message sent over the SMB Transport Layer.

smb-dce-rpc- request-obj-uuid (CTS)

Matches object UUID of any DCE/RPC request message.

smb-dce-rpc- response (STC)

Matches any DCE/RPC response message sent over the SMB Transport Layer.

smb-delete- filename (CTS)

Matches the filename in the DELETE request of an SMB session.

smb-dialect (CTS)

Matches each SMB dialect string in the NEGOTIATE request of an SMB session.

smb-header

Matches any SMB header portion

smb-lanman- request (CTS)

Matches any LANMAN requests sent as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-lanman- response (STC)

Matches any LANMAN responses received as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-lsarpc- request (CTS)

Matches any Local Security Authority requests sent as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-move- filename (CTS)

Matches the filename in the MOVE request of an SMB session.

smb-native- lanman (ANY)

Matches the native LANMAN in the SESSION_SETUP_ANDX request of an SMB session.

smb-native-os (ANY)

Matches the native OS in the SESSION_SETUP_ANDX request of an SMB session.

smb-open-filename (CTS)

Matches the filename in the NT_CREATE_ANDX and OPEN_ANDX requests of an SMB session.

smb-primary-domain (ANY)

Matches the SMB primary domain name in the SESSION_SETUP_ANDX request of an SMB session.

smb-rename-filename (CTS)

Matches the filename in the RENAME request of an SMB session.

smb-samr-request (CTS)

Matches any Security Account Manager requests sent as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-samr-response (STC)

Matches any Security Account Manager responses received as named pipe transactions over the SMB Transport Layer. The first 2 bytes of this context contains the opcode of the function.

smb-session-header

Matches any SMB session header portion

smb-srvsvc-request (CTS)

Matches any Server Service requests sent as named pipe transactions over the SMB Transport Layer. The first two bytes of this context contains the opcode of the function.

smb-svcctl-request (CTS)

Matches any Service Control Manager requests sent as named pipe transactions over the SMB Transport Layer. The first two bytes of this context contains the opcode of the function.

smb-trans2-request (CTS)

Matches any SMB Transaction2 request.

smb-trans2-response (STC)

Matches any SMB Transaction2 response.

smb-trans2-set-path-info (CTS)

Matches any SMB Transaction2 SET-PATH-INFORMATION request.