I've started to figure out the difference between NetBIOS over IPX for

Netware, and NetBIOS over IPX for WinNT (NWLink). svn path=/trunk/; revision=53
1998-10-14 05:18:32 +00:00 · 1998-10-14 05:18:32 +00:00 · 5e649516c9
parent 4dbba72d17
commit 5e649516c9
4 changed files with 86 additions and 26 deletions
--- a/packet-ipx.c
+++ b/packet-ipx.c
@ -2,7 +2,7 @@
 * Routines for NetWare's IPX
 * Gilbert Ramirez <gram@verdict.uthscsa.edu>
 *
- * $Id: packet-ipx.c,v 1.10 1998/10/14 04:28:48 gram Exp $
+ * $Id: packet-ipx.c,v 1.11 1998/10/14 05:18:30 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -91,6 +91,8 @@ static struct port_info	ports[] = {
 	{ 0x0455, NULL,				"NetBIOS" },
 	{ 0x0456, NULL,				"Diagnostic" },
 	{ 0x0457, NULL,				"Serialization" },
+	{ 0x0551, NULL,				"NWLink SMB Name Query" },
+	{ 0x0553, dissect_nwlink_dg,"NWLink SMB Datagram" },
 	{ 0x055d, NULL,				"Attachmate Gateway" },
 	{ 0x0000, NULL,				NULL }
 };
@ -134,7 +136,7 @@ ipx_packet_type(u_char val)
 		return "NCP";
 	}
 	else if (val == 20) {
-		return "NetBIOS Name Packet";
+		return "NetBIOS Broadcast";
 	}
 	else if (val >= 16 && val <= 31) {
 		return "Experimental Protocol";
@ -224,8 +226,11 @@ dissect_ipx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
 			break;

 		case 20: /* NetBIOS */
-			dissect_nbipx_ns(pd, offset, fd, tree);
-			break;
+			if (dsocket == 0x0455) {
+				dissect_nbipx_ns(pd, offset, fd, tree);
+				break;
+			}
+			/* else fall through */

 		case 0: /* IPX, fall through to default */
 		default:
--- a/packet-ipx.h
+++ b/packet-ipx.h
@ -2,7 +2,7 @@
 * Routines for NetWare's IPX
 * Gilbert Ramirez <gram@verdict.uthscsa.edu>
 *
- * $Id: packet-ipx.h,v 1.1 1998/09/23 05:25:10 gram Exp $
+ * $Id: packet-ipx.h,v 1.2 1998/10/14 05:18:31 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@unicom.net>
@ -91,3 +91,5 @@ struct ipx_rip_packet
 #define IPX_NODE_LEN (6)
 #endif

+gchar*
+ipxnet_to_string(const guint8 *ad);
--- a/packet-nbipx.c
+++ b/packet-nbipx.c
@ -2,7 +2,7 @@
 * Routines for NetBIOS over IPX packet disassembly
 * Gilbert Ramirez <gram@verdict.uthscsa.edu>
 *
- * $Id: packet-nbipx.c,v 1.2 1998/10/14 04:28:49 gram Exp $
+ * $Id: packet-nbipx.c,v 1.3 1998/10/14 05:18:32 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -46,39 +46,88 @@
 #include "packet.h"
 #include "packet-ipx.h" /* for ipxnet_to_string() */

+enum nbipx_protocol {
+	NETBIOS_NETWARE,
+	NETBIOS_NWLINK
+};
+
+static void
+nbipx_ns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree,
+		enum nbipx_protocol nbipx);
+
 /* There is no RFC or public specification of Netware or Microsoft
 * NetBIOS over IPX packets. I have had to decode the protocol myself,
 * so there are holes and perhaps errors in this code. (gram)
 */
+static char
+*packet_type[] = {
+		"",
+		"Name Query"
+};

 struct nbipx_header {
+	/* Netware & NT NetBIOS over IPX */
 	guint32		router[8];
 	guint8		name_type;
 	guint8		packet_type;
+
 	char		name[17];
+
+	/* NT NetBIOS over IPX */
+	guint16		junk;
+	char		node_name[17];
+	
 };


-
+/* NetWare */
 void
 dissect_nbipx_ns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree)
+{
+	nbipx_ns(pd, offset, fd, tree, NETBIOS_NETWARE);
+}
+
+void
+dissect_nwlink_dg(const u_char *pd, int offset, frame_data *fd, GtkTree *tree)
+{
+	nbipx_ns(pd, offset, fd, tree, NETBIOS_NWLINK);
+}
+
+
+static void
+nbipx_ns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree,
+		enum nbipx_protocol nbipx)
 {
 	GtkWidget			*nbipx_tree, *ti;
 	struct nbipx_header	header;
 	int					i, rtr_offset;
+	int					name_offset;
+
+	if (nbipx == NETBIOS_NETWARE) {
+		name_offset = 34;
+	}
+	else {
+		name_offset = 36;
+	}

-	char				*packet_type[] = {
-		"",
-		"Name Query"
-	};

 	header.name_type = pd[offset+32];
 	header.packet_type = pd[offset+33];
-	memcpy(header.name, &pd[offset+34], 16);
+	memcpy(header.name, &pd[offset+name_offset], 16);
 	header.name[16] = 0; /* null-terminate the string */

+	if (nbipx == NETBIOS_NWLINK) {
+		memcpy(header.node_name, &pd[offset+52], 16);
+		header.node_name[17] = 0; /* null-terminate the string */
+	}
+
 	if (fd->win_info[COL_NUM]) {
+		if (nbipx == NETBIOS_NETWARE) {
 			strcpy(fd->win_info[COL_PROTOCOL], "NetBIOS");
+		}
+		else {
+			strcpy(fd->win_info[COL_PROTOCOL], "NWLink");
+		}

 			switch (header.packet_type) {
 				case 1:
@ -119,22 +168,25 @@ dissect_nbipx_ns(const u_char *pd, int offset, frame_data *fd, GtkTree *tree)

 		add_item_to_tree(nbipx_tree, offset+32, 1, "Name Type: %02X",
 				header.name_type);
-		add_item_to_tree(nbipx_tree, offset+34, 16, "Name String: %s",
-				header.name);
+
+		if (nbipx == NETBIOS_NETWARE) {
+			add_item_to_tree(nbipx_tree, offset+name_offset, 16,
+					"Name String: %s", header.name);
+		}
+		else {
+			add_item_to_tree(nbipx_tree, offset+name_offset, 16,
+					"Group Name String: %s", header.name);
+			add_item_to_tree(nbipx_tree, offset+52, 16,
+					"Node Name String: %s", header.node_name);
+
+		}
+	}
+
+	if (nbipx == NETBIOS_NWLINK) {
+		dissect_data(pd, offset + 68, fd, tree);
 	}
 }




-
-
-
-
-
-
-
-
-
-
-
--- a/packet.h
+++ b/packet.h
@ -1,7 +1,7 @@
 /* packet.h
 * Definitions for packet disassembly structures and routines
 *
- * $Id: packet.h,v 1.15 1998/10/14 04:28:47 gram Exp $
+ * $Id: packet.h,v 1.16 1998/10/14 05:18:32 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -521,6 +521,7 @@ void dissect_lpd(const u_char *, int, frame_data *, GtkTree *);
 void dissect_nbipx_ns(const u_char *, int, frame_data *, GtkTree *);
 void dissect_nbns(const u_char *, int, frame_data *, GtkTree *);
 void dissect_ncp(const u_char *, int, frame_data *, GtkTree *);
+void dissect_nwlink_dg(const u_char *, int, frame_data *, GtkTree *);
 void dissect_osi(const u_char *, int, frame_data *, GtkTree *);
 void dissect_ospf(const u_char *, int, frame_data *, GtkTree *);
 void dissect_ospf_hello(const u_char *, int, frame_data *, GtkTree *);