1
2
3 """Network Basic Input/Output System."""
4
5 import struct
6 import dpkt, dns
7
9 """Return the NetBIOS first-level encoded name."""
10 l = []
11 for c in struct.pack('16s', name):
12 c = ord(c)
13 l.append(chr((c >> 4) + 0x41))
14 l.append(chr((c & 0xf) + 0x41))
15 return ''.join(l)
16
18 """Return the NetBIOS first-level decoded nbname."""
19 if len(nbname) != 32:
20 return nbname
21 l = []
22 for i in range(0, 32, 2):
23 l.append(chr(((ord(nbname[i]) - 0x41) << 4) |
24 ((ord(nbname[i+1]) - 0x41) & 0xf)))
25 return ''.join(l).split('\x00', 1)[0]
26
27
28 NS_A = 0x01
29 NS_NS = 0x02
30 NS_NULL = 0x0A
31 NS_NB = 0x20
32 NS_NBSTAT = 0x21
33
34
35 NS_IN = 1
36
37
38 NS_NAME_G = 0x8000
39 NS_NAME_DRG = 0x1000
40 NS_NAME_CNF = 0x0800
41 NS_NAME_ACT = 0x0400
42 NS_NAME_PRM = 0x0200
43
44
45 nbstat_svcs = {
46
47 (0x00, 0):[ ('', 'Domain Name') ],
48 (0x00, 1):[ ('IS~', 'IIS'), ('', 'Workstation Service') ],
49 (0x01, 0):[ ('__MSBROWSE__', 'Master Browser') ],
50 (0x01, 1):[ ('', 'Messenger Service') ],
51 (0x03, 1):[ ('', 'Messenger Service') ],
52 (0x06, 1):[ ('', 'RAS Server Service') ],
53 (0x1B, 1):[ ('', 'Domain Master Browser') ],
54 (0x1C, 0):[ ('INet~Services', 'IIS'), ('', 'Domain Controllers') ],
55 (0x1D, 1):[ ('', 'Master Browser') ],
56 (0x1E, 0):[ ('', 'Browser Service Elections') ],
57 (0x1F, 1):[ ('', 'NetDDE Service') ],
58 (0x20, 1):[ ('Forte_$ND800ZA', 'DCA IrmaLan Gateway Server Service'),
59 ('', 'File Server Service') ],
60 (0x21, 1):[ ('', 'RAS Client Service') ],
61 (0x22, 1):[ ('', 'Microsoft Exchange Interchange(MSMail Connector)') ],
62 (0x23, 1):[ ('', 'Microsoft Exchange Store') ],
63 (0x24, 1):[ ('', 'Microsoft Exchange Directory') ],
64 (0x2B, 1):[ ('', 'Lotus Notes Server Service') ],
65 (0x2F, 0):[ ('IRISMULTICAST', 'Lotus Notes') ],
66 (0x30, 1):[ ('', 'Modem Sharing Server Service') ],
67 (0x31, 1):[ ('', 'Modem Sharing Client Service') ],
68 (0x33, 0):[ ('IRISNAMESERVER', 'Lotus Notes') ],
69 (0x43, 1):[ ('', 'SMS Clients Remote Control') ],
70 (0x44, 1):[ ('', 'SMS Administrators Remote Control Tool') ],
71 (0x45, 1):[ ('', 'SMS Clients Remote Chat') ],
72 (0x46, 1):[ ('', 'SMS Clients Remote Transfer') ],
73 (0x4C, 1):[ ('', 'DEC Pathworks TCPIP service on Windows NT') ],
74 (0x52, 1):[ ('', 'DEC Pathworks TCPIP service on Windows NT') ],
75 (0x87, 1):[ ('', 'Microsoft Exchange MTA') ],
76 (0x6A, 1):[ ('', 'Microsoft Exchange IMC') ],
77 (0xBE, 1):[ ('', 'Network Monitor Agent') ],
78 (0xBF, 1):[ ('', 'Network Monitor Application') ]
79 }
81 try:
82 unique = int(flags & NS_NAME_G == 0)
83 for namepfx, svcname in nbstat_svcs[(service, unique)]:
84 if name.startswith(namepfx):
85 return svcname
86 except KeyError:
87 pass
88 return ''
89
91 """NetBIOS Name Service."""
94
95 - class RR(dns.DNS.RR):
96 """NetBIOS resource record."""
98 if self.type == NS_A:
99 self.ip = self.rdata
100 elif self.type == NS_NBSTAT:
101 num = ord(self.rdata[0])
102 off = 1
103 l = []
104 for i in range(num):
105 name = self.rdata[off:off+15].split(None, 1)[0].split('\x00', 1)[0]
106 service = ord(self.rdata[off+15])
107 off += 16
108 flags = struct.unpack('>H', self.rdata[off:off+2])[0]
109 off += 2
110 l.append((name, service, flags))
111 self.nodenames = l
112
113
116
120
122 """NetBIOS Session Service."""
123 __hdr__ = (
124 ('type', 'B', 0),
125 ('flags', 'B', 0),
126 ('len', 'H', 0)
127 )
128
129 SSN_MESSAGE = 0
130 SSN_REQUEST = 1
131 SSN_POSITIVE = 2
132 SSN_NEGATIVE = 3
133 SSN_RETARGET = 4
134 SSN_KEEPALIVE = 5
135
137 """NetBIOS Datagram Service."""
138 __hdr__ = (
139 ('type', 'B', 0),
140 ('flags', 'B', 0),
141 ('id', 'H', 0),
142 ('src', 'I', 0),
143 ('sport', 'H', 0),
144 ('len', 'H', 0),
145 ('off', 'H', 0)
146 )
147
148 DGRAM_UNIQUE = 0x10
149 DGRAM_GROUP = 0x11
150 DGRAM_BROADCAST = 0x12
151 DGRAM_ERROR = 0x13
152 DGRAM_QUERY = 0x14
153 DGRAM_POSITIVE = 0x15
154 DGRAM_NEGATIVE = 0x16
155