Class: Dap::Filter::FilterDecodeNetbiosStatusReply

Inherits:
Object
  • Object
show all
Includes:
BaseDecoder
Defined in:
lib/dap/filter/udp.rb

Overview

Decode a NetBIOS status probe response ( zmap: netbios_137.pkt )

Instance Attribute Summary

Attributes included from Base

#name, #opts

Instance Method Summary collapse

Methods included from BaseDecoder

#process

Methods included from Base

#initialize, #process

Instance Method Details

#decode(data) ⇒ Object 



182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/dap/filter/udp.rb', line 182

def decode(data)
  ret = {}
  head = data.slice!(0,12)

  xid, flags, quests, answers, auths, adds = head.unpack('n6')
  return if quests != 0
  return if answers == 0

  qname = data.slice!(0,34)
  rtype,rclass,rttl,rlen = data.slice!(0,10).unpack('nnNn')
  return if not rlen

  buff = data.slice!(0,rlen)

  names = []

  case rtype
  when 0x21
    hname = nil
    inf = ''
    rcnt = buff.slice!(0,1).unpack("C")[0]
    return unless rcnt
    1.upto(rcnt) do
      tname = buff.slice!(0,15).gsub(/\x00.*/, '').strip
      ttype = buff.slice!(0,1).unpack("C")[0]
      tflag = buff.slice!(0,2).unpack('n')[0]
      names << [ tname, ttype, tflag ]
    end

    maddr = buff.slice!(0,6).unpack("C*").map{|c| "%.2x" % c }.join(":")
    names.each do |name|
      inf << name[0]

      next unless name[1]
      inf << ":%.2x" % name[1]

      next unless name[2]
      if (name[2] & 0x8000 == 0)
        inf << ":U "
      else
        inf << ":G "
      end
    end
  end

  return unless names.length > 0

  {}.tap do |hash|
    hash['netbios_names'] = (inf)
    hash['netbios_mac']   = maddr
    hash['netbios_hname'] = names[0][0]
    unless maddr == '00:00:00:00:00:00'
      hash['netbios_mac_company']      = mac_company(maddr)
      hash['netbios_mac_company_name'] = mac_company_name(maddr)
    end
  end
end

#mac_company(address) ⇒ Object 



240
241
242
243
244
245
246
247
 
# File 'lib/dap/filter/udp.rb', line 240

def mac_company(address)
  begin
    name = Dap::Utils::Oui.lookup_oui_fullname(address)
    name.split("/").first.strip
  rescue => error
    ''
  end
end

#mac_company_name(address) ⇒ Object 



249
250
251
252
253
254
255
 
# File 'lib/dap/filter/udp.rb', line 249

def mac_company_name(address)
  begin
    Dap::Utils::Oui.lookup_oui_company_name(address)
  rescue => error
    ''
  end
end