print-smb.c (56893) | print-smb.c (75115) |
---|---|
1/* 2 Copyright (C) Andrew Tridgell 1995-1999 3 4 This software may be distributed either under the terms of the 5 BSD-style license that accompanies tcpdump or the GNU GPL version 2 6 or later */ 7 8#ifdef HAVE_CONFIG_H 9#include "config.h" 10#endif 11 12#ifndef lint 13static const char rcsid[] = | 1/* 2 Copyright (C) Andrew Tridgell 1995-1999 3 4 This software may be distributed either under the terms of the 5 BSD-style license that accompanies tcpdump or the GNU GPL version 2 6 or later */ 7 8#ifdef HAVE_CONFIG_H 9#include "config.h" 10#endif 11 12#ifndef lint 13static const char rcsid[] = |
14 "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.3.2.1 2000/01/11 06:58:27 fenner Exp $"; | 14 "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.7 2000/12/05 06:42:47 guy Exp $"; |
15#endif 16 17#include <stdio.h> 18#include <string.h> 19#include <sys/types.h> 20 21#include "interface.h" 22#include "smb.h" --- 691 unchanged lines hidden (view full) --- 714 715 printf("\n>>> NBT Packet\n"); 716 717 switch (flags) { 718 case 1: 719 printf("flags=0x%x\n", flags); 720 case 0: 721 data = fdata(data,"NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",data+4); | 15#endif 16 17#include <stdio.h> 18#include <string.h> 19#include <sys/types.h> 20 21#include "interface.h" 22#include "smb.h" --- 691 unchanged lines hidden (view full) --- 714 715 printf("\n>>> NBT Packet\n"); 716 717 switch (flags) { 718 case 1: 719 printf("flags=0x%x\n", flags); 720 case 0: 721 data = fdata(data,"NBT Session Packet\nFlags=[rw]\nLength=[rd]\n",data+4); |
722 if (data == NULL) 723 break; |
|
722 if (memcmp(data,"\377SMB",4)==0) { 723 if (nbt_len>PTR_DIFF(maxbuf,data)) 724 printf("WARNING: Short packet. Try increasing the snap length (%ld)\n", 725 PTR_DIFF(maxbuf,data)); 726 print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf); 727 } else { 728 printf("Session packet:(raw data?)\n"); 729 } --- 54 unchanged lines hidden (view full) --- 784 int response = (CVAL(data,2)>>7); 785 int opcode = (CVAL(data,2) >> 3) & 0xF; 786 int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4); 787 int rcode = CVAL(data,3) & 0xF; 788 int qdcount = RSVAL(data,4); 789 int ancount = RSVAL(data,6); 790 int nscount = RSVAL(data,8); 791 int arcount = RSVAL(data,10); | 724 if (memcmp(data,"\377SMB",4)==0) { 725 if (nbt_len>PTR_DIFF(maxbuf,data)) 726 printf("WARNING: Short packet. Try increasing the snap length (%ld)\n", 727 PTR_DIFF(maxbuf,data)); 728 print_smb(data,maxbuf>data+nbt_len?data+nbt_len:maxbuf); 729 } else { 730 printf("Session packet:(raw data?)\n"); 731 } --- 54 unchanged lines hidden (view full) --- 786 int response = (CVAL(data,2)>>7); 787 int opcode = (CVAL(data,2) >> 3) & 0xF; 788 int nm_flags = ((CVAL(data,2) & 0x7) << 4) + (CVAL(data,3)>>4); 789 int rcode = CVAL(data,3) & 0xF; 790 int qdcount = RSVAL(data,4); 791 int ancount = RSVAL(data,6); 792 int nscount = RSVAL(data,8); 793 int arcount = RSVAL(data,10); |
792 char des[1024]; 793 char *opcodestr="OPUNKNOWN"; | 794 char *opcodestr; |
794 const char *p; 795 796 startbuf = data; 797 798 if (maxbuf <= data) return; 799 | 795 const char *p; 796 797 startbuf = data; 798 799 if (maxbuf <= data) return; 800 |
800 strcpy(des,"\n>>> NBT UDP PACKET(137): "); | 801 printf("\n>>> NBT UDP PACKET(137): "); |
801 802 switch (opcode) { 803 case 0: opcodestr = "QUERY"; break; 804 case 5: opcodestr = "REGISTRATION"; break; 805 case 6: opcodestr = "RELEASE"; break; 806 case 7: opcodestr = "WACK"; break; 807 case 8: opcodestr = "REFRESH(8)"; break; 808 case 9: opcodestr = "REFRESH"; break; | 802 803 switch (opcode) { 804 case 0: opcodestr = "QUERY"; break; 805 case 5: opcodestr = "REGISTRATION"; break; 806 case 6: opcodestr = "RELEASE"; break; 807 case 7: opcodestr = "WACK"; break; 808 case 8: opcodestr = "REFRESH(8)"; break; 809 case 9: opcodestr = "REFRESH"; break; |
810 default: opcodestr = "OPUNKNOWN"; break; |
|
809 } | 811 } |
810 strcat(des,opcodestr); | 812 printf("%s", opcodestr); |
811 if (response) { 812 if (rcode) | 813 if (response) { 814 if (rcode) |
813 strcat(des,"; NEGATIVE"); | 815 printf("; NEGATIVE"); |
814 else | 816 else |
815 strcat(des,"; POSITIVE"); | 817 printf("; POSITIVE"); |
816 } 817 818 if (response) | 818 } 819 820 if (response) |
819 strcat(des,"; RESPONSE"); | 821 printf("; RESPONSE"); |
820 else | 822 else |
821 strcat(des,"; REQUEST"); | 823 printf("; REQUEST"); |
822 823 if (nm_flags&1) | 824 825 if (nm_flags&1) |
824 strcat(des,"; BROADCAST"); | 826 printf("; BROADCAST"); |
825 else | 827 else |
826 strcat(des,"; UNICAST"); | 828 printf("; UNICAST"); |
827 | 829 |
828 printf("%s", des); 829 | |
830 if (vflag == 0) return; 831 832 printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", 833 name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount); 834 835 p = data + 12; 836 837 { --- 4 unchanged lines hidden (view full) --- 842 printf("Corrupt packet??\n"); 843 return; 844 } 845 846 if (qdcount) { 847 printf("QuestionRecords:\n"); 848 for (i=0;i<qdcount;i++) 849 p = fdata(p,"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",maxbuf); | 830 if (vflag == 0) return; 831 832 printf("\nTrnID=0x%X\nOpCode=%d\nNmFlags=0x%X\nRcode=%d\nQueryCount=%d\nAnswerCount=%d\nAuthorityCount=%d\nAddressRecCount=%d\n", 833 name_trn_id,opcode,nm_flags,rcode,qdcount,ancount,nscount,arcount); 834 835 p = data + 12; 836 837 { --- 4 unchanged lines hidden (view full) --- 842 printf("Corrupt packet??\n"); 843 return; 844 } 845 846 if (qdcount) { 847 printf("QuestionRecords:\n"); 848 for (i=0;i<qdcount;i++) 849 p = fdata(p,"|Name=[n1]\nQuestionType=[rw]\nQuestionClass=[rw]\n#",maxbuf); |
850 if (p == NULL) 851 goto out; |
|
850 } 851 852 if (total) { 853 printf("\nResourceRecords:\n"); 854 for (i=0;i<total;i++) { 855 int rdlen; 856 int restype; 857 p = fdata(p,"Name=[n1]\n#",maxbuf); | 852 } 853 854 if (total) { 855 printf("\nResourceRecords:\n"); 856 for (i=0;i<total;i++) { 857 int rdlen; 858 int restype; 859 p = fdata(p,"Name=[n1]\n#",maxbuf); |
860 if (p == NULL) 861 goto out; |
|
858 restype = RSVAL(p,0); 859 p = fdata(p,"ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n",p+8); | 862 restype = RSVAL(p,0); 863 p = fdata(p,"ResType=[rw]\nResClass=[rw]\nTTL=[rD]\n",p+8); |
864 if (p == NULL) 865 goto out; |
|
860 rdlen = RSVAL(p,0); 861 printf("ResourceLength=%d\nResourceData=\n",rdlen); 862 p += 2; 863 if (rdlen == 6) { 864 p = fdata(p,"AddrType=[rw]\nAddress=[b.b.b.b]\n",p+rdlen); | 866 rdlen = RSVAL(p,0); 867 printf("ResourceLength=%d\nResourceData=\n",rdlen); 868 p += 2; 869 if (rdlen == 6) { 870 p = fdata(p,"AddrType=[rw]\nAddress=[b.b.b.b]\n",p+rdlen); |
871 if (p == NULL) 872 goto out; |
|
865 } else { 866 if (restype == 0x21) { 867 int numnames = CVAL(p,0); 868 p = fdata(p,"NumNames=[B]\n",p+1); | 873 } else { 874 if (restype == 0x21) { 875 int numnames = CVAL(p,0); 876 p = fdata(p,"NumNames=[B]\n",p+1); |
877 if (p == NULL) 878 goto out; |
|
869 while (numnames--) { | 879 while (numnames--) { |
870 char flags[128]=""; | |
871 p = fdata(p,"Name=[n2]\t#",maxbuf); | 880 p = fdata(p,"Name=[n2]\t#",maxbuf); |
872 if (p[0] & 0x80) strcat(flags,"<GROUP> "); 873 if ((p[0] & 0x60) == 0x00) strcat(flags,"B "); 874 if ((p[0] & 0x60) == 0x20) strcat(flags,"P "); 875 if ((p[0] & 0x60) == 0x40) strcat(flags,"M "); 876 if ((p[0] & 0x60) == 0x60) strcat(flags,"_ "); 877 if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> "); 878 if (p[0] & 0x08) strcat(flags,"<CONFLICT> "); 879 if (p[0] & 0x04) strcat(flags,"<ACTIVE> "); 880 if (p[0] & 0x02) strcat(flags,"<PERMANENT> "); 881 printf("%s\n",flags); | 881 if (p[0] & 0x80) printf("<GROUP> "); 882 switch (p[0] & 0x60) { 883 case 0x00: printf("B "); break; 884 case 0x20: printf("P "); break; 885 case 0x40: printf("M "); break; 886 case 0x60: printf("_ "); break; 887 } 888 if (p[0] & 0x10) printf("<DEREGISTERING> "); 889 if (p[0] & 0x08) printf("<CONFLICT> "); 890 if (p[0] & 0x04) printf("<ACTIVE> "); 891 if (p[0] & 0x02) printf("<PERMANENT> "); 892 printf("\n"); |
882 p += 2; 883 } 884 } else { 885 print_data(p,rdlen); 886 p += rdlen; 887 } 888 } 889 } 890 } 891 } 892 893 if ((uchar*)p < maxbuf) { 894 fdata(p,"AdditionalData:\n",maxbuf); 895 } 896 | 893 p += 2; 894 } 895 } else { 896 print_data(p,rdlen); 897 p += rdlen; 898 } 899 } 900 } 901 } 902 } 903 904 if ((uchar*)p < maxbuf) { 905 fdata(p,"AdditionalData:\n",maxbuf); 906 } 907 |
908out: |
|
897 printf("\n"); 898 fflush(stdout); 899} 900 901 902 903/* 904 print a NBT packet received across udp on port 138 905*/ 906void nbt_udp138_print(const uchar *data, int length) 907{ 908 const uchar *maxbuf = data + length; 909 startbuf = data; 910 if (maxbuf <= data) return; 911 912 data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf); 913 | 909 printf("\n"); 910 fflush(stdout); 911} 912 913 914 915/* 916 print a NBT packet received across udp on port 138 917*/ 918void nbt_udp138_print(const uchar *data, int length) 919{ 920 const uchar *maxbuf = data + length; 921 startbuf = data; 922 if (maxbuf <= data) return; 923 924 data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b] Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf); 925 |
914 print_smb(data,maxbuf); | 926 if (data != NULL) 927 print_smb(data,maxbuf); |
915 916 printf("\n"); 917 fflush(stdout); 918} 919 920 921 922/* 923 print netbeui frames 924*/ | 928 929 printf("\n"); 930 fflush(stdout); 931} 932 933 934 935/* 936 print netbeui frames 937*/ |
925void netbeui_print(const uchar *data, const uchar *maxbuf) | 938void netbeui_print(u_short control, const uchar *data, const uchar *maxbuf) |
926{ | 939{ |
927 int len = SVAL(data,1); 928 int command = CVAL(data,5); 929 const uchar *data2 = data + 1 + len; | 940 int len = SVAL(data,0); 941 int command = CVAL(data,4); 942 const uchar *data2 = data + len; 943 int is_truncated = 0; |
930 | 944 |
945 if (data2 >= maxbuf) { 946 data2 = maxbuf; 947 is_truncated = 1; 948 } 949 |
|
931 startbuf = data; 932 | 950 startbuf = data; 951 |
933 data = fdata(data,"\n>>> NetBeui Packet\nType=[B] Length=[d] Signature=[w] Command=[B]\n#",maxbuf); | 952 printf("\n>>> NetBeui Packet\nType=0x%X ", control); 953 data = fdata(data,"Length=[d] Signature=[w] Command=[B]\n#",maxbuf); 954 if (data == NULL) 955 goto out; |
934 935 switch (command) { 936 case 0xA: 937 data = fdata(data,"NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2); 938 break; 939 940 case 0x8: 941 data = fdata(data,"NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n",data2); --- 18 unchanged lines hidden (view full) --- 960 case 0x14: 961 data = fdata(data,"NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 962 break; 963 964 case 0x18: 965 data = fdata(data,"SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 966 break; 967 | 956 957 switch (command) { 958 case 0xA: 959 data = fdata(data,"NameQuery:[P1]\nSessionNumber=[B]\nNameType=[B][P2]\nResponseCorrelator=[w]\nDestination=[n2]\nSource=[n2]\n",data2); 960 break; 961 962 case 0x8: 963 data = fdata(data,"NetbiosDataGram:[P7]\nDestination=[n2]\nSource=[n2]\n",data2); --- 18 unchanged lines hidden (view full) --- 982 case 0x14: 983 data = fdata(data,"NetbiosDataAck:\n[P3]TransmitCorrelator=[w][P2]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 984 break; 985 986 case 0x18: 987 data = fdata(data,"SessionEnd:\n[P1]Data2=[w][P4]\nRemoteSessionNumber=[B]\nLocalSessionNumber=[B]\n",data2); 988 break; 989 |
990 case 0x1f: 991 data = fdata(data,"SessionAlive\n",data2); 992 break; 993 |
|
968 default: 969 data = fdata(data,"Unknown Netbios Command ",data2); 970 break; 971 } | 994 default: 995 data = fdata(data,"Unknown Netbios Command ",data2); 996 break; 997 } |
998 if (data == NULL) 999 goto out; |
|
972 | 1000 |
1001 if (is_truncated) { 1002 /* data2 was past the end of the buffer */ 1003 goto out; 1004 } 1005 |
|
973 if (memcmp(data2,"\377SMB",4)==0) { 974 print_smb(data2,maxbuf); 975 } else { 976 int i; 977 for (i=0;i<128;i++) { | 1006 if (memcmp(data2,"\377SMB",4)==0) { 1007 print_smb(data2,maxbuf); 1008 } else { 1009 int i; 1010 for (i=0;i<128;i++) { |
1011 if (&data2[i] >= maxbuf) 1012 break; |
|
978 if (memcmp(&data2[i],"\377SMB",4)==0) { 979 printf("found SMB packet at %d\n", i); 980 print_smb(&data2[i],maxbuf); 981 break; 982 } 983 } 984 } 985 | 1013 if (memcmp(&data2[i],"\377SMB",4)==0) { 1014 printf("found SMB packet at %d\n", i); 1015 print_smb(&data2[i],maxbuf); 1016 break; 1017 } 1018 } 1019 } 1020 |
1021out: |
|
986 printf("\n"); 987} 988 989 990/* 991 print IPX-Netbios frames 992*/ 993void ipx_netbios_print(const uchar *data, const uchar *maxbuf) 994{ 995 /* this is a hack till I work out how to parse the rest of the IPX stuff */ 996 int i; 997 startbuf = data; 998 for (i=0;i<128;i++) 999 if (memcmp(&data[i],"\377SMB",4)==0) { 1000 fdata(data,"\n>>> IPX transport ",&data[i]); | 1022 printf("\n"); 1023} 1024 1025 1026/* 1027 print IPX-Netbios frames 1028*/ 1029void ipx_netbios_print(const uchar *data, const uchar *maxbuf) 1030{ 1031 /* this is a hack till I work out how to parse the rest of the IPX stuff */ 1032 int i; 1033 startbuf = data; 1034 for (i=0;i<128;i++) 1035 if (memcmp(&data[i],"\377SMB",4)==0) { 1036 fdata(data,"\n>>> IPX transport ",&data[i]); |
1001 print_smb(&data[i],maxbuf); | 1037 if (data != NULL) 1038 print_smb(&data[i],maxbuf); |
1002 printf("\n"); 1003 fflush(stdout); 1004 break; 1005 } 1006 if (i==128) 1007 fdata(data,"\n>>> Unknown IPX ",maxbuf); 1008} | 1039 printf("\n"); 1040 fflush(stdout); 1041 break; 1042 } 1043 if (i==128) 1044 fdata(data,"\n>>> Unknown IPX ",maxbuf); 1045} |