class NBTDatagram(Packet):
name = "NBT Datagram Packet"
fields_desc = [
ByteField("Type", 0x10),
ByteField("Flags", 0x02),
ShortField("ID", 0),
IPField("SourceIP", "127.0.0.1"),
ShortField("SourcePort", 138),
ShortField("Length", 272),
ShortField("Offset", 0),
NetBIOSNameField("SourceName", "windows"),
ShortEnumField(
"SUFFIX1", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
NetBIOSNameField("DestinationName", "windows"),
ShortEnumField(
"SUFFIX2", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0)
]
class NBTDatagram(Packet):
name = "NBT Datagram Packet"
fields_desc = [ByteField("Type", 0x10),
ByteField("Flags", 0x02),
ShortField("ID", 0),
IPField("SourceIP", "127.0.0.1"),
ShortField("SourcePort", 138),
ShortField("Length", 272),
ShortField("Offset", 0),
NetBIOSNameField("SourceName", "windows"),
ShortEnumField("SUFFIX1", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
NetBIOSNameField("DestinationName", "windows"),
ShortEnumField("SUFFIX2", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0)]
class NBNSQueryRequest(Packet):
name = "NBNS query request"
fields_desc = [
ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x0110),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField(
"SUFFIX", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("QUESTION_CLASS", 1, {1: "INTERNET"})
]
class NBNSWackResponse(Packet):
name = "NBNS Wait for Acknowledgement Response"
fields_desc = [
ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0xBC07),
ShortField("QDCOUNT", 0),
ShortField("ANCOUNT", 1),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField(
"SUFFIX", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("RR_CLASS", 1, {1: "INTERNET"}),
IntField("TTL", 2),
ShortField("RDLENGTH", 2),
BitField("RDATA", 10512, 16)
] # 10512=0010100100010000
class NBNSNodeStatusResponse(Packet):
name = "NBNS Node Status Response"
fields_desc = [
ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x8500),
ShortField("QDCOUNT", 0),
ShortField("ANCOUNT", 1),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField(
"SUFFIX", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x21, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("RR_CLASS", 1, {1: "INTERNET"}),
IntField("TTL", 0),
ShortField("RDLENGTH", 83),
ByteField("NUM_NAMES", 1)
]
class NetBIOS_DS(Packet):
name = "NetBIOS datagram service"
fields_desc = [
ByteEnumField("type", 17, {17: "direct_group"}),
ByteField("flags", 0),
XShortField("id", 0),
IPField("src", "127.0.0.1"),
ShortField("sport", 138),
ShortField("len", None),
ShortField("ofs", 0),
NetBIOSNameField("srcname", ""),
NetBIOSNameField("dstname", ""),
]
def post_build(self, p, pay):
p += pay
if self.len is None:
tmp_len = len(p) - 14
p = p[:10] + struct.pack("!H", tmp_len) + p[12:]
return p
class NBNSWackResponse(Packet):
name = "NBNS Wait for Acknowledgement Response"
fields_desc = [
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 2),
ShortField("RDLENGTH", 2),
BitField("RDATA", 10512, 16)
] # 10512=0010100100010000
class NBNSQueryRequest(Packet):
name = "NBNS query request"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x0110),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS)]
class NBNSQueryRequest(Packet):
name = "NBNS query request"
fields_desc = [
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS)
]
def mysummary(self):
return "NBNSQueryRequest who has '\\\\%s'" % (
self.QUESTION_NAME.strip().decode())
class NBNSRequest(Packet):
name = "NBNS request"
fields_desc = [
ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x2910),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 1),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField(
"SUFFIX", 0x4141, {
0x4141: "workstation",
0x4141 + 0x03: "messenger service",
0x4141 + 0x200: "file server service",
0x4141 + 0x10b: "domain master browser",
0x4141 + 0x10c: "domain controller",
0x4141 + 0x10e: "browser election service"
}), # noqa: E501
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("QUESTION_CLASS", 1, {1: "INTERNET"}),
ShortEnumField(
"RR_NAME", 0xC00C,
{0xC00C: "Label String Pointer to QUESTION_NAME"}), # noqa: E501
ShortEnumField("RR_TYPE", 0x20, {
0x20: "NB",
0x21: "NBSTAT"
}), # noqa: E501
ShortEnumField("RR_CLASS", 1, {1: "INTERNET"}),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G", 0, 1, {
0: "Unique name",
1: "Group name"
}), # noqa: E501
BitEnumField("OWNER_NODE_TYPE", 00, 2, {
0: "B node",
1: "P node",
2: "M node",
3: "H node"
}), # noqa: E501
BitEnumField("UNUSED", 0, 13, {0: "Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")
]
class NBNSNodeStatusResponse(Packet):
name = "NBNS Node Status Response"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x8500),
ShortField("QDCOUNT", 0),
ShortField("ANCOUNT", 1),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x21, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0),
ShortField("RDLENGTH", 83),
ByteField("NUM_NAMES", 1)]
class NBNSQueryResponse(Packet):
name = "NBNS query response"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x8500),
ShortField("QDCOUNT", 0),
ShortField("ANCOUNT", 1),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0x493e0),
ShortField("RDLENGTH", 6),
ShortField("NB_FLAGS", 0),
IPField("NB_ADDRESS", "127.0.0.1")]
class NBNSNodeStatusResponse(Packet):
name = "NBNS Node Status Response"
fields_desc = [
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x21, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0),
ShortField("RDLENGTH", 83),
FieldLenField("NUM_NAMES", None, fmt="B", count_of="NODE_NAME"),
PacketListField("NODE_NAME", [NBNSNodeStatusResponseService()],
NBNSNodeStatusResponseService,
count_from=lambda pkt: pkt.NUM_NAMES),
SourceMACField("MAC_ADDRESS"),
BitField("STATISTICS", 0, 57 * 8)
]
class NBNSQueryResponseNegative(Packet):
name = "NBNS query response (negative)"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x8506),
ShortField("QDCOUNT", 0),
ShortField("ANCOUNT", 1),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 0),
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G", 0, 1, _NETBIOS_GNAMES),
BitEnumField("OWNER_NODE_TYPE", 00, 2,
_NETBIOS_OWNER_MODE_TYPES),
BitEnumField("UNUSED", 0, 13, {0: "Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")]
class NBNSQueryResponse(Packet):
name = "NBNS query response"
fields_desc = [
NetBIOSNameField("RR_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0x493e0),
FieldLenField("RDLENGTH", None, length_of="ADDR_ENTRY"),
PacketListField("ADDR_ENTRY", [NBNS_ADD_ENTRY()],
NBNS_ADD_ENTRY,
length_from=lambda pkt: pkt.RDLENGTH)
]
def mysummary(self):
if not self.ADDR_ENTRY:
return "NBNSQueryResponse"
return "NBNSQueryResponse '\\\\%s' is at %s" % (
self.RR_NAME.strip().decode(), self.ADDR_ENTRY[0].NB_ADDRESS)
class NBNSRequest(Packet):
name = "NBNS request"
fields_desc = [ShortField("NAME_TRN_ID", 0),
ShortField("FLAGS", 0x2910),
ShortField("QDCOUNT", 1),
ShortField("ANCOUNT", 0),
ShortField("NSCOUNT", 0),
ShortField("ARCOUNT", 1),
NetBIOSNameField("QUESTION_NAME", "windows"),
ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES),
ByteField("NULL", 0),
ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS),
ShortEnumField("RR_NAME", 0xC00C, _NETBIOS_RNAMES),
ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES),
ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS),
IntField("TTL", 0),
ShortField("RDLENGTH", 6),
BitEnumField("G", 0, 1, _NETBIOS_GNAMES),
BitEnumField("OWNER_NODE_TYPE", 00, 2,
_NETBIOS_OWNER_MODE_TYPES),
BitEnumField("UNUSED", 0, 13, {0: "Unused"}),
IPField("NB_ADDRESS", "127.0.0.1")]