/* packet-nbns.c * Routines for NetBIOS Name Service packet disassembly * Gilbert Ramirez * * $Id: packet-nbns.c,v 1.1 1998/10/14 04:09:11 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #include #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #include "ethereal.h" #include "packet.h" /* Packet structure taken from RFC 1002. See also RFC 1001. * The Samba source code, specifically nmblib.c, also helps a lot. */ struct nbns_header { guint16 name_tran_id; guint8 r; guint8 opcode; struct { guint8 bcast; guint8 recursion_available; guint8 recursion_desired; guint8 trunc; guint8 authoritative; } nm_flags; guint8 rcode; guint16 qdcount; guint16 ancount; guint16 nscount; guint16 arcount; }; void dissect_nbns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) { GtkWidget *nbns_tree, *ti; struct nbns_header header; int nm_flags; char *opcode[] = { "Query", "Unknown", "Unknown", "Unknown", "Unknown", "Registration", "Release", "Wait and Acknowledge", "Refresh" "Refresh(altcode)" "Unknown", "Unknown", "Unknown", "Unknown", "Unknown", "Multi-Homed Registration", }; if (fd->win_info[COL_NUM]) { /*strcpy(fd->win_info[COL_PROTOCOL], "NBNS (UDP)");*/ strcpy(fd->win_info[COL_PROTOCOL], "NBNS"); strcpy(fd->win_info[COL_INFO], "NetBIOS Name Service"); } if (tree) { ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME, "NetBIOS Name Service"); nbns_tree = gtk_tree_new(); add_subtree(ti, nbns_tree, ETT_NBNS); /* This is taken from samba/source/nmlib.c, parse_nmb() */ header.name_tran_id = pntohs(&pd[offset]); header.opcode = (pd[offset+2] >> 3) & 0xf; header.r = (pd[offset+2] >> 7) & 1; nm_flags = ((pd[offset+2] & 0x7) << 4) + (pd[offset+3] >> 4); header.nm_flags.bcast = (nm_flags & 1) ? 1 : 0; header.nm_flags.recursion_available = (nm_flags & 8) ? 1 : 0; header.nm_flags.recursion_desired = (nm_flags & 0x10) ? 1 : 0; header.nm_flags.trunc = (nm_flags & 0x20) ? 1 : 0; header.nm_flags.authoritative = (nm_flags & 0x40) ? 1 : 0; header.rcode = pd[offset+3] & 0xf; header.qdcount = pletohs(&pd[offset+4]); header.ancount = pletohs(&pd[offset+6]); header.nscount = pletohs(&pd[offset+8]); header.arcount = pletohs(&pd[offset+10]); add_item_to_tree(nbns_tree, offset, 2, "Transaction ID: 0x%04X", header.name_tran_id); add_item_to_tree(nbns_tree, offset + 2, 1, "Type: %s", header.r == 0 ? "Request" : "Response" ); if (header.opcode <= 15) { add_item_to_tree(nbns_tree, offset + 2, 1, "Operation: %s (%d)", opcode[header.opcode], header.opcode); } else { add_item_to_tree(nbns_tree, offset + 2, 1, "Operation: Unknown (%d)", header.opcode); } /* add_item_to_tree(nbns_tree, offset+2, 2, */ } }