📄 _smb.c
字号:
}
else
{
words = data = NULL;
}
}
PUTS ("\n");
}
/*
* print a NBT packet received across tcp on port 139
*/
void nbt_tcp_print (u_char *data, u_char *maxbuf)
{
int flags = CVAL (data, 0);
int nbt_len = RSVAL (data, 2);
nbt_startbuf = data;
if (maxbuf <= data)
return;
#if 0
PUTS ("\n>>> NBT Packet\n");
#else
PUTCHAR ('\n');
#endif
switch (flags)
{
case 0:
data = fdata (data, "NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",
data + 4);
if (!memcmp (data, "\377SMB", 4))
{
if (nbt_len > PTR_DIFF (maxbuf, data))
PRINTF ("WARNING: Short packet. Try increasing the snap length (%d)\n",
(int)PTR_DIFF (maxbuf, data));
print_smb (data, maxbuf > data + nbt_len ? data + nbt_len : maxbuf);
}
else
PUTS ("Session packet:(raw data?)\n");
break;
case 0x81:
data = fdata (data,
"NBT Session Request\nFlags=[rW]\n"
"Destination=[n1]\nSource=[n1]\n", maxbuf);
break;
case 0x82:
data = fdata (data, "NBT Session Granted\nFlags=[rW]\n", maxbuf);
break;
case 0x83:
{
int ecode = CVAL (data, 4);
data = fdata (data, "NBT SessionReject\nFlags=[rW]\nReason=[B]\n",
maxbuf);
switch (ecode)
{
case 0x80:
PUTS ("Not listening on called name\n");
break;
case 0x81:
PUTS ("Not listening for calling name\n");
break;
case 0x82:
PUTS ("Called name not present\n");
break;
case 0x83:
PUTS ("Called name present, but insufficient resources\n");
break;
default:
PRINTF ("Unspecified error 0x%X\n", ecode);
break;
}
}
break;
case 0x85:
data = fdata (data, "NBT Session Keepalive\nFlags=[rW]\n", maxbuf);
break;
default:
data = fdata (data, "NBT - Unknown packet type\nType=[rW]\n", maxbuf);
}
PUTS ("\n");
}
/*
* print a NBT packet received across udp on port 137
*/
void nbt_udp137_print (u_char *data, u_char *maxbuf)
{
int name_trn_id = RSVAL (data, 0);
int response = (CVAL (data, 2) >> 7);
int opcode = (CVAL (data, 2) >> 3) & 0xF;
int nm_flags = ((CVAL (data, 2) & 0x7) << 4) + (CVAL (data, 3) >> 4);
int rcode = CVAL (data, 3) & 0xF;
int qdcount = RSVAL (data, 4);
int ancount = RSVAL (data, 6);
int nscount = RSVAL (data, 8);
int arcount = RSVAL (data, 10);
char des[1024];
char *opcodestr = "OPUNKNOWN";
char *p;
nbt_startbuf = data;
if (maxbuf <= data)
return;
strcpy (des, "\n>>> NBT UDP PACKET(137): ");
switch (opcode)
{
case 0:
opcodestr = "QUERY";
break;
case 5:
opcodestr = "REGISTRATION";
break;
case 6:
opcodestr = "RELEASE";
break;
case 7:
opcodestr = "WACK";
break;
case 8:
opcodestr = "REFRESH(8)";
break;
case 9:
opcodestr = "REFRESH";
break;
}
strcat (des, opcodestr);
if (response)
{
if (rcode)
strcat (des, "; NEGATIVE");
else strcat (des, "; POSITIVE");
}
if (response)
strcat (des, "; RESPONSE");
else strcat (des, "; REQUEST");
if (nm_flags & 1)
strcat (des, "; BROADCAST");
else strcat (des, "; UNICAST");
PRINTF ("%s\n"
"TrnID=0x%X\n"
"OpCode=%d\n"
"NmFlags=0x%X\n"
"Rcode=%d\n"
"QueryCount=%d\n"
"AnswerCount=%d\n"
"AuthorityCount=%d\n"
"AddressRecCount=%d\n",
des, name_trn_id, opcode, nm_flags, rcode,
qdcount, ancount, nscount, arcount);
p = data + 12;
{
int i, total = ancount + nscount + arcount;
if (qdcount > 100 || total > 100)
{
PUTS ("Corrupt packet??\n");
return;
}
if (qdcount)
{
PUTS ("QuestionRecords:\n");
for (i = 0; i < qdcount; i++)
p = fdata (p, "|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",
maxbuf);
}
if (total)
{
PUTS ("\nResourceRecords:\n");
for (i = 0; i < total; i++)
{
int rdlen;
int restype;
p = fdata (p, "Name=[n1]\n#", maxbuf);
restype = RSVAL (p, 0);
p = fdata (p, "ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n", p + 8);
rdlen = RSVAL (p, 0);
PRINTF ("ResourceLength=%d\nResourceData=\n", rdlen);
p += 2;
if (rdlen == 6)
{
p = fdata (p, "AddrType=[rw]\nAddress=[b.b.b.b]\n", p + rdlen);
}
else
{
if (restype == 0x21)
{
int numnames = CVAL (p, 0);
p = fdata (p, "NumNames=[B]\n", p + 1);
while (numnames--)
{
char flags[128] = "";
p = fdata (p, "Name=[n2]\t#", maxbuf);
if (p[0] & 0x80)
strcat (flags, "<GROUP> ");
if ((p[0] & 0x60) == 0)
strcat (flags, "B ");
if ((p[0] & 0x60) == 1)
strcat (flags, "P ");
if ((p[0] & 0x60) == 2)
strcat (flags, "M ");
if ((p[0] & 0x60) == 3)
strcat (flags, "_ ");
if (p[0] & 0x10)
strcat (flags, "<DEREGISTERING> ");
if (p[0] & 0x08)
strcat (flags, "<CONFLICT> ");
if (p[0] & 0x04)
strcat (flags, "<ACTIVE> ");
if (p[0] & 0x02)
strcat (flags, "<PERMANENT> ");
PRINTF ("%s\n", flags);
p += 2;
}
}
else
{
print_data (p, rdlen);
p += rdlen;
}
}
}
}
}
if ((uchar*)p < maxbuf)
fdata (p, "AdditionalData:\n", maxbuf);
PUTS ("\n");
}
/*
* print a NBT packet received across udp on port 138
*/
void nbt_udp138_print (u_char *data, u_char *maxbuf)
{
nbt_startbuf = data;
if (maxbuf <= data)
return;
data = fdata (data,
"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] "
"Port=[rd] Length=[rd] Res2=[rw]\n"
"SourceName=[n1]\nDestName=[n1]\n#", maxbuf);
print_smb (data, maxbuf);
PUTS ("\n");
}
/*
* print netbeui frames
*/
void netbeui_print (uchar *data, uchar *maxbuf)
{
int len = SVAL (data, 1);
int command = CVAL (data, 5);
uchar *data2 = data + 1 + len;
nbt_startbuf = data;
data = fdata (data,
"\n>>> NetBeui Packet\n"
"Type=[B] Length=[d] Signature=[w] Command=[B]\n#",
maxbuf);
switch (command)
{
case 0xA:
data = fdata (data,
"NameQuery:[P1]\n"
"SessionNumber=[B]\n"
"NameType=[B][P2]\n"
"ResponseCorrelator=[w]\n"
"Destination=[n2]\n"
"Source=[n2]\n", data2);
break;
case 0x8:
data = fdata (data,
"NetbiosDataGram:[P7]\n"
"Destination=[n2]\n"
"Source=[n2]\n", data2);
break;
case 0xE:
data = fdata (data,
"NameRecognise:\n"
"[P1]\nData2=[w]\n"
"TransmitCorrelator=[w]\n"
"ResponseCorelator=[w]\n"
"Destination=[n2]\n"
"Source=[n2]\n", data2);
break;
case 0x19:
data = fdata (data,
"SessionInitialise:\n"
"Data1=[B]\n"
"Data2=[w]\n"
"TransmitCorrelator=[w]\n"
"ResponseCorelator=[w]\n"
"RemoteSessionNumber=[B]\n"
"LocalSessionNumber=[B]\n", data2);
break;
case 0x17:
data = fdata (data,
"SessionConfirm:\n"
"Data1=[B]\n"
"Data2=[w]\n"
"TransmitCorrelator=[w]\n"
"ResponseCorelator=[w]\n"
"RemoteSessionNumber=[B]\n"
"LocalSessionNumber=[B]\n", data2);
break;
case 0x16:
data = fdata (data,
"NetbiosDataOnlyLast:\n"
"Flags=[{|NO_ACK|PIGGYBACK_ACK_ALLOWED|PIGGYBACK_ACK_INCLUDED|}]\n"
"ResyncIndicator=[w][P2]\n"
"ResponseCorelator=[w]\n"
"RemoteSessionNumber=[B]\n"
"LocalSessionNumber=[B]\n", data2);
break;
case 0x14:
data = fdata (data,
"NetbiosDataAck:\n"
"[P3]TransmitCorrelator=[w][P2]\n"
"RemoteSessionNumber=[B]\n"
"LocalSessionNumber=[B]\n", data2);
break;
case 0x18:
data = fdata (data,
"SessionEnd:\n"
"[P1]Data2=[w][P4]\n"
"RemoteSessionNumber=[B]\n"
"LocalSessionNumber=[B]\n", data2);
break;
default:
data = fdata (data, "Unknown Netbios Command ", maxbuf);
return; // !! was break
}
if (!memcmp(data2, "\377SMB", 4))
print_smb (data2, maxbuf);
else fdata (data2, "Extra ", maxbuf);
PUTS ("\n");
}
/*
* print IPX-Netbios frames
*/
void ipx_netbios_print (u_char *data, u_char *maxbuf)
{
/* this is a hack till I work out how to parse the rest of the IPX stuff
*/
int i;
nbt_startbuf = data;
for (i = 0; i < 128; i++)
{
if (!memcmp (&data[i], "\377SMB", 4))
{
fdata (data, "\n>>> IPX transport ", &data[i]);
print_smb (&data[i], maxbuf);
PUTS ("\n");
break;
}
}
if (i == 128)
fdata (data, "\n>>> Unknown IPX ", maxbuf);
}
#endif /* PRINT_NETBIOS_DETAILS */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -