NetBiosPacket.DecodeNetBiosName, PacketParser.Packets C# (CSharp) 코드 예제들

예제 #1

0

파일 보기

파일: NetBiosDatagramServicePacket.cs 프로젝트: mammo0/networkminer-cli

        internal NetBiosDatagramServicePacket(Frame parentFrame, int packetStartIndex, int packetEndIndex)
            : base(parentFrame, packetStartIndex, packetEndIndex, "NetBIOS Datagram Service")
        {
            this.messageType = parentFrame.Data[packetStartIndex];
            this.flags       = new Flags(parentFrame.Data[packetStartIndex + 1]);
            this.datagramID  = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 2);
            this.sourceIP    = Utils.ByteConverter.ToUInt32(parentFrame.Data, packetStartIndex + 4);
            this.sourcePort  = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 8);

            //here we have to check the messageType to know the format of the rest of the packet...
            if (messageType == (byte)MessageType.DirectUniqueDatagram || messageType == (byte)MessageType.DirectGroupDatagram || messageType == (byte)MessageType.BroadcastDatagram)
            {
                this.datagramLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 10);
                this.packetOffset   = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 12);
                int index = packetStartIndex + 14;
                this.sourceName      = NetBiosPacket.DecodeNetBiosName(parentFrame, ref index);
                this.destinationName = NetBiosPacket.DecodeNetBiosName(parentFrame, ref index);
                //skip user data...for now at least
                if (index + 32 <= packetStartIndex + this.datagramLength && (messageType == (byte)MessageType.DirectUniqueDatagram || messageType == (byte)MessageType.DirectGroupDatagram))
                {
                    //parse SMB
                    smbPacketIndex = index;
                }
            }
            else if (messageType == (byte)MessageType.DatagramError)
            {
                //do nothing at this state
            }
            else if (messageType == (byte)MessageType.DatagramQueryRequest || messageType == (byte)MessageType.DatagramPositiveQueryResponse || messageType == (byte)MessageType.DatagramNegativeQueryResponse)
            {
                int index = packetStartIndex + 10;
                this.destinationName = NetBiosPacket.DecodeNetBiosName(parentFrame, ref index);
            }
        }

예제 #2

0

파일 보기

파일: NetBiosNameServicePacket.cs 프로젝트: haidragon/NetworkMiner-Filelog

        internal NetBiosNameServicePacket(Frame parentFrame, int packetStartIndex, int packetEndIndex)
            : base(parentFrame, packetStartIndex, packetEndIndex, "NetBIOS Name Service")
        {
            //header
            this.transactionID   = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex);
            this.headerFlags     = new HeaderFlags(Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 2));
            this.questionCount   = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 4);
            this.answerCount     = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 6);
            this.authorityCount  = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 8);
            this.additionalCount = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 10);

            int i = packetStartIndex + 12;

            this.questionNameDecoded = null;
            for (int q = 0; q < questionCount; q++)//I'll just assume that there is only one question... otherwise it will be overwritten

            //get a NetBIOS name label
            {
                this.questionNameDecoded = NetBiosPacket.DecodeNetBiosName(parentFrame, ref i);

                //Get Question Type
                this.questionType = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;

                //Get Question Class
                this.questionClass = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
            }

            this.answerNameDecoded = null;
            this.answerAddress     = new System.Net.IPAddress((long)0);
            //ANSWER RESOURCE RECORDS
            for (int a = 0; a < answerCount; a++)
            {
                this.answerNameDecoded = NetBiosPacket.DecodeNetBiosName(parentFrame, ref i);
                //Get Question Type
                this.answerType = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
                //Get Question Class
                this.answerClass = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
                //TTL
                this.answerTTL = Utils.ByteConverter.ToUInt32(parentFrame.Data, i);
                i += 4;
                //data length
                this.answerDataLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
                //flags
                this.answerFlags = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
                //addr
                byte[] ipBytes = new byte[4];//IP4...
                Array.Copy(parentFrame.Data, i, ipBytes, 0, ipBytes.Length);
                this.answerAddress = new System.Net.IPAddress(ipBytes);
                i += 4;
            }

            //this one is not quite finished yeat...
            //AUTHORITY RESOURCE RECORDS
        }

예제 #3

0

파일 보기

파일: NetBiosNameServicePacket.cs 프로젝트: Masih-tech/NetworkMiner_2-5_source

            internal ResourceRecord(NetBiosNameServicePacket nbnsPacket, ref int offset)
            {
                this.Name  = NetBiosPacket.DecodeNetBiosName(nbnsPacket.ParentFrame, ref offset, nbnsPacket);
                this.Type  = Utils.ByteConverter.ToUInt16(nbnsPacket.ParentFrame.Data, offset);
                offset    += 2;
                this.Class = Utils.ByteConverter.ToUInt16(nbnsPacket.ParentFrame.Data, offset);
                offset    += 2;
                this.TTL   = Utils.ByteConverter.ToUInt32(nbnsPacket.ParentFrame.Data, offset);
                offset    += 4;
                ushort dataLength = Utils.ByteConverter.ToUInt16(nbnsPacket.ParentFrame.Data, offset);

                offset   += 2;
                this.Data = new ArraySegment <byte>(nbnsPacket.ParentFrame.Data, offset, dataLength);
                offset   += dataLength;
            }

예제 #4

0

파일 보기

파일: NetBiosNameServicePacket.cs 프로젝트: Masih-tech/NetworkMiner_2-5_source

        private (string name, ushort type, ushort nbnsClass, uint ttl, byte[] data) GetResourceRecord(Frame parentFrame, ref int offset)
        {
            /**
             *                         1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
             *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             *    |                                                               |
             *    /                            RR_NAME                            /
             *    /                                                               /
             *    |                                                               |
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             *    |           RR_TYPE             |          RR_CLASS             |
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             *    |                              TTL                              |
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             *    |           RDLENGTH            |                               |
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
             *    /                                                               /
             *    /                             RDATA                             /
             *    |                                                               |
             *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             **/
            string name     = NetBiosPacket.DecodeNetBiosName(parentFrame, ref offset, this);
            ushort nbnsType = Utils.ByteConverter.ToUInt16(parentFrame.Data, offset);

            offset += 2;
            ushort nbnsClass = Utils.ByteConverter.ToUInt16(parentFrame.Data, offset);

            offset += 2;
            uint ttl = Utils.ByteConverter.ToUInt32(parentFrame.Data, offset);

            offset += 4;
            ushort dataLenght = Utils.ByteConverter.ToUInt16(parentFrame.Data, offset);

            offset += 2;
            byte[] data = new byte[dataLenght];
            Array.Copy(parentFrame.Data, offset, data, 0, dataLenght);

            offset += dataLenght;
            return(name, nbnsType, nbnsClass, ttl, data);
        }

예제 #5

0

파일 보기

파일: NetBiosNameServicePacket.cs 프로젝트: Masih-tech/NetworkMiner_2-5_source

        internal NetBiosNameServicePacket(Frame parentFrame, int packetStartIndex, int packetEndIndex)
            : base(parentFrame, packetStartIndex, packetEndIndex, "NetBIOS Name Service")
        {
            this.AnswerResourceRecords     = new List <ResourceRecord>();
            this.AuthorityResourceRecords  = new List <ResourceRecord>();
            this.AdditionalResourceRecords = new List <ResourceRecord>();

            //header
            this.transactionID   = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex);
            this.Flags           = new HeaderFlags(Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 2));
            this.questionCount   = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 4);
            this.answerCount     = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 6);
            this.authorityCount  = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 8);
            this.additionalCount = Utils.ByteConverter.ToUInt16(parentFrame.Data, packetStartIndex + 10);

            int i = packetStartIndex + 12;

            this.questionNameDecoded = null;
            for (int q = 0; q < questionCount; q++)//I'll just assume that there is only one question... otherwise it will be overwritten

            //get a NetBIOS name label
            {
                this.questionNameDecoded = NetBiosPacket.DecodeNetBiosName(parentFrame, ref i, this);

                //Get Question Type
                this.questionType = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;

                //Get Question Class
                this.questionClass = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                i += 2;
            }

            //this.answerNameDecoded=null;
            //this.answerAddress=new System.Net.IPAddress((long)0);
            //ANSWER RESOURCE RECORDS
            for (int a = 0; a < answerCount; a++)
            {
                this.AnswerResourceRecords.Add(new ResourceRecord(this, ref i));

                /*
                 * this.answerNameDecoded=NetBiosPacket.DecodeNetBiosName(parentFrame, ref i, this);
                 * //Get Question Type
                 * this.answerType = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                 * i+=2;
                 * //Get Question Class
                 * this.answerClass = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                 * i+=2;
                 * //TTL
                 * this.answerTTL = Utils.ByteConverter.ToUInt32(parentFrame.Data, i);
                 * i+=4;
                 * //data length
                 * this.answerDataLength = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                 * i+=2;
                 * //flags
                 * this.answerFlags = Utils.ByteConverter.ToUInt16(parentFrame.Data, i);
                 * i+=2;
                 * //addr
                 * byte[] ipBytes=new byte[4];//IP4...
                 * Array.Copy(parentFrame.Data, i, ipBytes, 0, ipBytes.Length);
                 * this.answerAddress=new System.Net.IPAddress(ipBytes);
                 * i+=4;
                 */
            }
            for (int a = 0; a < authorityCount; a++)
            {
                this.AuthorityResourceRecords.Add(new ResourceRecord(this, ref i));
            }
            for (int a = 0; a < this.additionalCount; a++)
            {
                this.AdditionalResourceRecords.Add(new ResourceRecord(this, ref i));
                //var rr = this.GetResourceRecord(parentFrame, ref i);
            }
        }

C# (CSharp) PacketParser.Packets NetBiosPacket.DecodeNetBiosName 예제들