Rooba
/
scapy
mirror of https://github.com/secdev/scapy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- added NetBIOS, SMB & Co support (Sebastien Chenevot & Sylvain Sarmejeanne)

This commit is contained in:
pbi 2005-05-30 15:08:41 +00:00
parent 78868b21ed
commit 4adc3f4fbe
1 changed files with 542 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

547
scapy.py
View File

@ -21,6 +21,9 @@
#
# $Log: scapy.py,v $
# Revision 0.9.17.100 2005/05/30 17:08:41 pbi
# - added NetBIOS, SMB & Co support (Sébastien Chenevot & Sylvain Sarméjeanne)
#
# Revision 0.9.17.99 2005/05/28 14:28:40 pbi
# - WEP support and ICV computation
#
@ -794,7 +797,7 @@
from __future__ import generators
RCSID="$Id: scapy.py,v 0.9.17.99 2005/05/28 14:28:40 pbi Exp $"
RCSID="$Id: scapy.py,v 0.9.17.100 2005/05/30 17:08:41 pbi Exp $"
VERSION = RCSID.split()[2]+"beta"
@ -967,7 +970,7 @@ except ImportError:
LINUX=sys.platform.startswith("linux")
if LINUX:
DNET=PCAP=1
DNET=PCAP=0
else:
DNET=PCAP=1
@ -2579,7 +2582,7 @@ class StrFixedLenField(StrField):
return s+struct.pack("%ss"%self.length,self.i2m(pkt, val))
class NetBIOSNameField(StrFixedLenField):
def __init__(self, name, default, length=34):
def __init__(self, name, default, length=31):
StrFixedLenField.__init__(self, name, default, length)
def i2m(self, pkt, x):
if x is None:
@ -4469,8 +4472,8 @@ class DHCPOptionsField(StrField):
olen = ord(x[1])
left, val = f.getfield(pkt,x[2:olen+2])
# val = f.m2i(pkt,val)
if left:
print "m2i data left left=%s" % left
# if left:
# print "m2i data left left=%s" % left
opt.append((f.name, val))
x = x[olen+2:]
else:
@ -5303,6 +5306,519 @@ class IrLMP(Packet):
StrField("Device name", "") ]
#NetBIOS
# Name Query Request
# Node Status Request
class NBNSQueryRequest(Packet):
name="NBNS query request"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0x0110),
ShortField("QDCOUNT",1),
ShortField("ANCOUNT",0),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",0),
NetBIOSNameField("QUESTION_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("QUESTION_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("QUESTION_CLASS",1,{1:"INTERNET"})]
# Name Registration Request
# Name Refresh Request
# Name Release Request or Demand
class NBNSRequest(Packet):
name="NBNS request"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0x2910),
ShortField("QDCOUNT",1),
ShortField("ANCOUNT",0),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",1),
NetBIOSNameField("QUESTION_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("QUESTION_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("QUESTION_CLASS",1,{1:"INTERNET"}),
ShortEnumField("RR_NAME",0xC00C,{0xC00C:"Label String Pointer to QUESTION_NAME"}),
ShortEnumField("RR_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("RR_CLASS",1,{1:"INTERNET"}),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G",0,1,{0:"Unique name",1:"Group name"}),
BitEnumField("OWNER NODE TYPE",00,2,{00:"B node",01:"P node",02:"M node",03:"H node"}),
BitEnumField("UNUSED",0,13,{0:"Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")]
# Name Query Response
# Name Registration Response
class NBNSQueryResponse(Packet):
name="NBNS query response"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0x8500),
ShortField("QDCOUNT",0),
ShortField("ANCOUNT",1),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",0),
NetBIOSNameField("RR_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("QUESTION_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("QUESTION_CLASS",1,{1:"INTERNET"}),
IntField("TTL", 0x493e0),
ShortField("RDLENGTH", 6),
ShortField("NB_FLAGS", 0),
IPField("NB_ADDRESS", "127.0.0.1")]
# Name Query Response (negative)
# Name Release Response
class NBNSQueryResponseNegative(Packet):
name="NBNS query response (negative)"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0x8506),
ShortField("QDCOUNT",0),
ShortField("ANCOUNT",1),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",0),
NetBIOSNameField("RR_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("RR_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("RR_CLASS",1,{1:"INTERNET"}),
IntField("TTL",0),
ShortField("RDLENGTH",6),
BitEnumField("G",0,1,{0:"Unique name",1:"Group name"}),
BitEnumField("OWNER NODE TYPE",00,2,{00:"B node",01:"P node",02:"M node",03:"H node"}),
BitEnumField("UNUSED",0,13,{0:"Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")]
# Node Status Response
class NBzNSNodeStatusResponse(Packet):
name="NBNS Node Status Response"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0x8500),
ShortField("QDCOUNT",0),
ShortField("ANCOUNT",1),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",0),
NetBIOSNameField("RR_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("RR_TYPE",0x21, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("RR_CLASS",1,{1:"INTERNET"}),
IntField("TTL",0),
ShortField("RDLENGTH",83),
ByteField("NUM_NAMES",1)]
# Service for Node Status Response
class NBNSNodeStatusResponseService(Packet):
name="NBNS Node Status Response Service"
fields_desc = [StrFixedLenField("NETBIOS_NAME","WINDOWS ",15),
ByteEnumField("SUFFIX",0,{0:"workstation",0x03:"messenger service",0x20:"file server service",0x1b:"domain master browser",0x1c:"domain controller", 0x1e:"browser election service"}),
ByteField("NAME_FLAGS",0x4),
ByteEnumField("UNUSED",0,{0:"unused"})]
# End of Node Status Response packet
class NBNSNodeStatusResponseEnd(Packet):
name="NBNS Node Status Response"
fields_desc = [SourceMACField("MAC_ADDRESS"),
BitField("STATISTICS",0,57*8)]
# Wait for Acknowledgement Response
class NBNSWackResponse(Packet):
name="NBNS Wait for Acknowledgement Response"
fields_desc = [ShortField("NAME_TRN_ID",0),
ShortField("FLAGS", 0xBC07),
ShortField("QDCOUNT",0),
ShortField("ANCOUNT",1),
ShortField("NSCOUNT",0),
ShortField("ARCOUNT",0),
NetBIOSNameField("RR_NAME","windows"),
ShortEnumField("SUFFIX",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
ShortEnumField("RR_TYPE",0x20, {0x20:"NB",0x21:"NBSTAT"}),
ShortEnumField("RR_CLASS",1,{1:"INTERNET"}),
IntField("TTL", 2),
ShortField("RDLENGTH",2),
BitField("RDATA",10512,16)] #10512=0010100100010000
class NBTDatagram(Packet):
name="NBT Datagram Packet"
fields_desc= [ByteField("Type", 0x10),
ByteField("Flags", 0x02),
ShortField("ID", 0),
IPField("SourceIP", "127.0.0.1"),
ShortField("SourcePort", 138),
ShortField("Length", 272),
ShortField("Offset", 0),
NetBIOSNameField("SourceName","windows"),
ShortEnumField("SUFFIX1",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0),
NetBIOSNameField("DestinationName","windows"),
ShortEnumField("SUFFIX2",0x4141,{0x4141:"workstation",0x4141+0x03:"messenger service",0x4141+0x200:"file server service",0x4141+0x10b:"domain master browser",0x4141+0x10c:"domain controller", 0x4141+0x10e:"browser election service"}),
ByteField("NULL",0)]
class NBTSession(Packet):
name="NBT Session Packet"
fields_desc= [ByteEnumField("TYPE",0,{0x00:"Session Message",0x81:"Session Request",0x82:"Positive Session Response",0x83:"Negative Session Response",0x84:"Retarget Session Response",0x85:"Session Keepalive"}),
BitField("RESERVED",0x00,7),
BitField("LENGTH",0,17)]
# Little endian long field
class LELongField(Field):
def __init__(self, name, default):
Field.__init__(self, name, default, "@Q")
# Little endian fixed length field
class LEFieldLenField(Field):
def __init__(self, name, default, fld, fmt = "@H", shift=0):
Field.__init__(self, name, default, fmt)
self.fld = fld
self.shift = shift
def i2m(self, pkt, x):
if x is None:
x = len(getattr(pkt, self.fld))-self.shift
return x
def i2h(self, pkt, x):
if x is None:
x = len(getattr(pkt, self.fld))+self.shift
return x
# SMB NetLogon Response Header
class SMBNetlogon_Protocol_Response_Header(Packet):
name="SMBNetlogon Protocol Response Header"
fields_desc = [StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x25,{0x25:"Trans"}),
ByteField("Error_Class",0x02),
ByteField("Reserved",0),
LEShortField("Error_code",4),
ByteField("Flags",0),
LEShortField("Flags2",0x0000),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",0),
LEShortField("UID",0),
LEShortField("MID",0),
ByteField("WordCount",17),
LEShortField("TotalParamCount",0),
LEShortField("TotalDataCount",112),
LEShortField("MaxParamCount",0),
LEShortField("MaxDataCount",0),
ByteField("MaxSetupCount",0),
ByteField("unused2",0),
LEShortField("Flags3",0),
ByteField("TimeOut1",0xe8),
ByteField("TimeOut2",0x03),
LEShortField("unused3",0),
LEShortField("unused4",0),
LEShortField("ParamCount2",0),
LEShortField("ParamOffset",0),
LEShortField("DataCount",112),
LEShortField("DataOffset",92),
ByteField("SetupCount", 3),
ByteField("unused5", 0)]
# SMB MailSlot Protocol
class SMBMailSlot(Packet):
name = "SMB Mail Slot Protocol"
fields_desc = [LEShortField("opcode", 1),
LEShortField("priority", 1),
LEShortField("class", 2),
LEShortField("size", 135),
StrNullField("name","\MAILSLOT\NET\GETDC660")]
# SMB NetLogon Protocol Response Tail SAM
class SMBNetlogon_Protocol_Response_Tail_SAM(Packet):
name = "SMB Netlogon Protocol Response Tail SAM"
fields_desc = [ByteEnumField("Command", 0x17, {0x12:"SAM logon request", 0x17:"SAM Active directory Response"}),
ByteField("unused", 0),
ShortField("Data1", 0),
ShortField("Data2", 0xfd01),
ShortField("Data3", 0),
ShortField("Data4", 0xacde),
ShortField("Data5", 0x0fe5),
ShortField("Data6", 0xd10a),
ShortField("Data7", 0x374c),
ShortField("Data8", 0x83e2),
ShortField("Data9", 0x7dd9),
ShortField("Data10", 0x3a16),
ShortField("Data11", 0x73ff),
ByteField("Data12", 0x04),
StrFixedLenField("Data13", "rmff", 4),
ByteField("Data14", 0x0),
ShortField("Data16", 0xc018),
ByteField("Data18", 0x0a),
StrFixedLenField("Data20", "rmff-win2k", 10),
ByteField("Data21", 0xc0),
ShortField("Data22", 0x18c0),
ShortField("Data23", 0x180a),
StrFixedLenField("Data24", "RMFF-WIN2K", 10),
ShortField("Data25", 0),
ByteField("Data26", 0x17),
StrFixedLenField("Data27", "Default-First-Site-Name", 23),
ShortField("Data28", 0x00c0),
ShortField("Data29", 0x3c10),
ShortField("Data30", 0x00c0),
ShortField("Data31", 0x0200),
ShortField("Data32", 0x0),
ShortField("Data33", 0xac14),
ShortField("Data34", 0x0064),
ShortField("Data35", 0x0),
ShortField("Data36", 0x0),
ShortField("Data37", 0x0),
ShortField("Data38", 0x0),
ShortField("Data39", 0x0d00),
ShortField("Data40", 0x0),
ShortField("Data41", 0xffff)]
# SMB NetLogon Protocol Response Tail LM2.0
class SMBNetlogon_Protocol_Response_Tail_LM20(Packet):
name = "SMB Netlogon Protocol Response Tail LM20"
fields_desc = [ByteEnumField("Command",0x06,{0x06:"LM 2.0 Response to logon request"}),
ByteField("unused", 0),
StrFixedLenField("DblSlash", "\\\\", 2),
StrNullField("ServerName","WIN"),
LEShortField("LM20Token", 0xffff)]
# SMBNegociate Protocol Request Header
class SMBNegociate_Protocol_Request_Header(Packet):
name="SMBNegociate Protocol Request Header"
fields_desc = [StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x72,{0x72:"SMB_COM_NEGOTIATE"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_code",0),
ByteField("Flags",0x18),
LEShortField("Flags2",0x0000),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",0),
LEShortField("ByteCount",12)]
# SMB Negociate Protocol Request Tail
class SMBNegociate_Protocol_Request_Tail(Packet):
name="SMB Negociate Protocol Request Tail"
fields_desc=[ByteField("BufferFormat",0x02),
StrNullField("BufferData","NT LM 0.12")]
# SMBNegociate Protocol Response Advanced Security
class SMBNegociate_Protocol_Response_Advanced_Security(Packet):
name="SMBNegociate Protocol Response Advanced Security"
fields_desc = [StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x72,{0x72:"SMB_COM_NEGOTIATE"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_Code",0),
ByteField("Flags",0x98),
LEShortField("Flags2",0x0000),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",17),
LEShortField("DialectIndex",7),
ByteField("SecurityMode",0x03),
LEShortField("MaxMpxCount",50),
LEShortField("MaxNumberVC",1),
LEIntField("MaxBufferSize",16144),
LEIntField("MaxRawSize",65536),
LEIntField("SessionKey",0x0000),
LEShortField("ServerCapabilities",0xf3f9),
BitField("UnixExtensions",0,1),
BitField("Reserved2",0,7),
BitField("ExtendedSecurity",1,1),
BitField("CompBulk",0,2),
BitField("Reserved3",0,5),
# There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94.
LEIntField("ServerTimeHigh",0xD6228000L),
LEIntField("ServerTimeLow",0x1C4EF94),
LEShortField("ServerTimeZone",0x3c),
ByteField("EncryptionKeyLength",0),
LEFieldLenField("ByteCount", None, "SecurityBlob",shift=16),
BitField("GUID",0,128),
StrLenField("SecurityBlob", "", "ByteCount")]
# SMBNegociate Protocol Response No Security
# When using no security, with EncryptionKeyLength=8, you must have an EncryptionKey before the DomainName
class SMBNegociate_Protocol_Response_No_Security(Packet):
name="SMBNegociate Protocol Response No Security"
fields_desc = [StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x72,{0x72:"SMB_COM_NEGOTIATE"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_Code",0),
ByteField("Flags",0x98),
LEShortField("Flags2",0x0000),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",17),
LEShortField("DialectIndex",7),
ByteField("SecurityMode",0x03),
LEShortField("MaxMpxCount",50),
LEShortField("MaxNumberVC",1),
LEIntField("MaxBufferSize",16144),
LEIntField("MaxRawSize",65536),
LEIntField("SessionKey",0x0000),
LEShortField("ServerCapabilities",0xf3f9),
BitField("UnixExtensions",0,1),
BitField("Reserved2",0,7),
BitField("ExtendedSecurity",0,1),
FlagsField("CompBulk",0,2,"CB"),
BitField("Reserved3",0,5),
# There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94.
LEIntField("ServerTimeHigh",0xD6228000L),
LEIntField("ServerTimeLow",0x1C4EF94),
LEShortField("ServerTimeZone",0x3c),
ByteField("EncryptionKeyLength",8),
LEShortField("ByteCount",24),
BitField("EncryptionKey",0,64),
StrNullField("DomainName","WORKGROUP"),
StrNullField("ServerName","RMFF1")]
# SMBNegociate Protocol Response No Security No Key
class SMBNegociate_Protocol_Response_No_Security_No_Key(Packet):
namez="SMBNegociate Protocol Response No Security No Key"
fields_desc = [StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x72,{0x72:"SMB_COM_NEGOTIATE"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_Code",0),
ByteField("Flags",0x98),
LEShortField("Flags2",0x0000),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",17),
LEShortField("DialectIndex",7),
ByteField("SecurityMode",0x03),
LEShortField("MaxMpxCount",50),
LEShortField("MaxNumberVC",1),
LEIntField("MaxBufferSize",16144),
LEIntField("MaxRawSize",65536),
LEIntField("SessionKey",0x0000),
LEShortField("ServerCapabilities",0xf3f9),
BitField("UnixExtensions",0,1),
BitField("Reserved2",0,7),
BitField("ExtendedSecurity",0,1),
FlagsField("CompBulk",0,2,"CB"),
BitField("Reserved3",0,5),
# There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94.
LEIntField("ServerTimeHigh",0xD6228000L),
LEIntField("ServerTimeLow",0x1C4EF94),
LEShortField("ServerTimeZone",0x3c),
ByteField("EncryptionKeyLength",0),
LEShortField("ByteCount",16),
StrNullField("DomainName","WORKGROUP"),
StrNullField("ServerName","RMFF1")]
# Session Setup AndX Request
class SMBSession_Setup_AndX_Request(Packet):
name="Session Setup AndX Request"
fields_desc=[StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x73,{0x73:"SMB_COM_SESSION_SETUP_ANDX"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_Code",0),
ByteField("Flags",0x18),
LEShortField("Flags2",0x0001),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",13),
ByteEnumField("AndXCommand",0x75,{0x75:"SMB_COM_TREE_CONNECT_ANDX"}),
ByteField("Reserved2",0),
LEShortField("AndXOffset",96),
LEShortField("MaxBufferS",2920),
LEShortField("MaxMPXCount",50),
LEShortField("VCNumber",0),
LEIntField("SessionKey",0),
LEFieldLenField("ANSIPasswordLength",None,"ANSIPassword",shift=0),
LEShortField("UnicodePasswordLength",0),
LEIntField("Reserved3",0),
LEShortField("ServerCapabilities",0x05),
BitField("UnixExtensions",0,1),
BitField("Reserved4",0,7),
BitField("ExtendedSecurity",0,1),
BitField("CompBulk",0,2),
BitField("Reserved5",0,5),
LEShortField("ByteCount",35),
StrLenField("ANSIPassword", "Pass","ANSIPasswordLength"),
StrNullField("Account","GUEST"),
StrNullField("PrimaryDomain", ""),
StrNullField("NativeOS","Windows 4.0"),
StrNullField("NativeLanManager","Windows 4.0"),
ByteField("WordCount2",4),
ByteEnumField("AndXCommand2",0xFF,{0xFF:"SMB_COM_NONE"}),
ByteField("Reserved6",0),
LEShortField("AndXOffset2",0),
LEShortField("Flags3",0x2),
LEShortField("PasswordLength",0x1),
LEShortField("ByteCount2",18),
ByteField("Password",0),
StrNullField("Path","\\\\WIN2K\\IPC$"),
StrNullField("Service","IPC")]
# Session Setup AndX Response
class SMBSession_Setup_AndX_Response(Packet):
name="Session Setup AndX Response"
fields_desc=[StrFixedLenField("Start","\xffSMB",4),
ByteEnumField("Command",0x73,{0x73:"SMB_COM_SESSION_SETUP_ANDX"}),
ByteField("Error_Class",0),
ByteField("Reserved",0),
LEShortField("Error_Code",0),
ByteField("Flags",0x90),
LEShortField("Flags2",0x1001),
LEShortField("PIDHigh",0x0000),
LELongField("Signature",0x0),
LEShortField("Unused",0x0),
LEShortField("TID",0),
LEShortField("PID",1),
LEShortField("UID",0),
LEShortField("MID",2),
ByteField("WordCount",3),
ByteEnumField("AndXCommand",0x75,{0x75:"SMB_COM_TREE_CONNECT_ANDX"}),
ByteField("Reserved2",0),
LEShortField("AndXOffset",66),
LEShortField("Action",0),
LEShortField("ByteCount",25),
StrNullField("NativeOS","Windows 4.0"),
StrNullField("NativeLanManager","Windows 4.0"),
StrNullField("PrimaryDomain",""),
ByteField("WordCount2",3),
ByteEnumField("AndXCommand2",0xFF,{0xFF:"SMB_COM_NONE"}),
ByteField("Reserved3",0),
LEShortField("AndXOffset2",80),
LEShortField("OptionalSupport",0x01),
LEShortField("ByteCount2",5),
StrNullField("Service","IPC"),
StrNullField("NativeFileSystem","")]
#################
## Bind layers ##
@ -5403,6 +5919,27 @@ layer_bonds = [ ( Dot3, LLC, { } ),
( CookedLinux, IrLAPHead, { "proto" : 0x0017 } ),
( IrLAPHead, IrLAPCommand, { "Type" : 1} ),
( IrLAPCommand, IrLMP, {} ),
(UDP, NBNSQueryRequest, {"dport" : 137 }),
(UDP, NBNSRequest, {"dport" : 137 }),
(UDP, NBNSQueryResponse, {"sport" : 137}),
(UDP, NBNSQueryResponseNegative, {"sport" : 137}),
(UDP, NBNSNodeStatusResponse, {"sport" : 137}),
(NBNSNodeStatusResponse, NBNSNodeStatusResponseService, {}),
(NBNSNodeStatusResponse, NBNSNodeStatusResponseService, {}),
(NBNSNodeStatusResponseService, NBNSNodeStatusResponseService, {}),
(NBNSNodeStatusResponseService, NBNSNodeStatusResponseEnd, {}),
(UDP, NBNSWackResponse, {"sport" : 137}),
(UDP,NBTDatagram,{ "dport":138}),
(TCP,NBTSession,{"dport":139}),
(NBTSession, SMBNegociate_Protocol_Request_Header,{}),
(SMBNegociate_Protocol_Request_Header,SMBNegociate_Protocol_Request_Tail,{}),
(SMBNegociate_Protocol_Request_Tail,SMBNegociate_Protocol_Request_Tail,{}),
(NBTSession, SMBNegociate_Protocol_Response_Advanced_Security,{"ExtendedSecurity":1}),
(NBTSession, SMBNegociate_Protocol_Response_No_Security,{"ExtendedSecurity":0,"EncryptionKeyLength":8 }),
(NBTSession, SMBNegociate_Protocol_Response_No_Security_No_Key,{"ExtendedSecurity":0,"EncryptionKeyLength":0 }),
(NBTSession, SMBSession_Setup_AndX_Request,{}),
(NBTSession, SMBSession_Setup_AndX_Response,{})
]
for l in layer_bonds: