Rlp_RpcAttribute_t Struct Reference

This option looks at RPC requests and automatically decodes the application, procedure, and program version, indicating success when all three variables are matched. More...

#include <rlp.h>

Data Fields
int	application
bool	anyProcedure
int	procedure
bool	anyVersion
int	version

---

Detailed Description

This option looks at RPC requests and automatically decodes the application, procedure, and program version, indicating success when all three variables are matched.

This option looks at RPC requests and automatically decodes the application, procedure, and program version, indicating success when all three variables are matched.

The format of the option call is application, procedure, version.

Wildcards are valid for both the procedure and version numbers and are indicated with a *.

Format: rpc: <number, [number|*], [number|*]>

Example:

alert tcp any any -> 192.168.1.0/24 111 (rpc: 100000,*,3; msg:"RPC getport (TCP)";)

alert udp any any -> 192.168.1.0/24 111 (rpc: 100000,*,3; msg:"RPC getport (UDP)";) a

alert udp any any -> 192.168.1.0/24 111 (rpc: 100083,*,*; msg:"RPC ttdb";)

alert udp any any -> 192.168.1.0/24 111 (rpc: 100232,10,*; msg:"RPC sadmin";)

Definition at line 896 of file rlp.h.

---

Field Documentation

int Rlp_RpcAttribute_t::application

Definition at line 898 of file rlp.h.

bool Rlp_RpcAttribute_t::anyProcedure

Definition at line 899 of file rlp.h.

int Rlp_RpcAttribute_t::procedure

Definition at line 900 of file rlp.h.

bool Rlp_RpcAttribute_t::anyVersion

Definition at line 901 of file rlp.h.

int Rlp_RpcAttribute_t::version

Definition at line 902 of file rlp.h.