Class: Dap::Filter::FilterDecodeNetbiosStatusReply

Inherits:
Object
  • Object
show all
Includes:
BaseDecoder
Defined in:
lib/dap/filter/udp.rb

Overview

Decode a NetBIOS status probe response ( zmap: netbios_137.pkt )

Instance Attribute Summary

Attributes included from Base

#name, #opts

Instance Method Summary collapse

Methods included from BaseDecoder

#process

Methods included from Base

#initialize, #process

Instance Method Details

#decode(data) ⇒ Object 



215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
 
# File 'lib/dap/filter/udp.rb', line 215

def decode(data)
  ret = {}
  head = data.slice!(0,12)

  xid, flags, quests, answers, auths, adds = head.unpack('n6')
  return if quests != 0
  return if answers == 0

  qname = data.slice!(0,34)
  rtype,rclass,rttl,rlen = data.slice!(0,10).unpack('nnNn')
  return if not rlen

  buff = data.slice!(0,rlen)

  names = []

  case rtype
  when 0x21
    hname = nil
    inf = ''
    rcnt = buff.slice!(0,1).unpack("C")[0]
    return unless rcnt
    1.upto(rcnt) do
      tname = buff.slice!(0,15).gsub(/\x00.*/, '').strip
      ttype = buff.slice!(0,1).unpack("C")[0]
      tflag = buff.slice!(0,2).unpack('n')[0]
      names << [ tname, ttype, tflag ]
    end

    maddr = buff.slice!(0,6).unpack("C*").map{|c| "%.2x" % c }.join(":")
    names.each do |name|
      inf << name[0]

      next unless name[1]
      inf << ":%.2x" % name[1]

      next unless name[2]
      if (name[2] & 0x8000 == 0)
        inf << ":U "
      else
        inf << ":G "
      end
    end
  end

  return unless names.length > 0

  {}.tap do |hash|
    hash['netbios_names'] = (inf)
    hash['netbios_mac']   = maddr
    hash['netbios_hname'] = names[0][0]
    unless maddr == '00:00:00:00:00:00'
      hash['netbios_mac_company']      = mac_company(maddr)
      hash['netbios_mac_company_name'] = mac_company_name(maddr)
    end
  end
end

#mac_company(address) ⇒ Object 



273
274
275
276
277
278
279
280
 
# File 'lib/dap/filter/udp.rb', line 273

def mac_company(address)
  begin
    name = Dap::Utils::Oui.lookup_oui_fullname(address)
    name.split("/").first.strip
  rescue => error
    ''
  end
end

#mac_company_name(address) ⇒ Object 



282
283
284
285
286
287
288
 
# File 'lib/dap/filter/udp.rb', line 282

def mac_company_name(address)
  begin
    Dap::Utils::Oui.lookup_oui_company_name(address)
  rescue => error
    ''
  end
end