| 1 |
4ae45b10
|
Ermal Luçi
|
# NetBIOS - Network Basic Input Output System
|
| 2 |
|
|
# Pattern attributes: marginal notsofast notsofast
|
| 3 |
|
|
# Protocol groups: networking ietf_internet_standard proprietary
|
| 4 |
|
|
# Wiki: http://www.protocolinfo.org/wiki/NetBIOS
|
| 5 |
66f2dd0e
|
Ermal Lu?i
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
| 6 |
4ae45b10
|
Ermal Luçi
|
#
|
| 7 |
|
|
# As mentioned in smb.pat:
|
| 8 |
|
|
#
|
| 9 |
|
|
# "This protocol is sometimes also referred to as the Common Internet File
|
| 10 |
|
|
# System (CIFS), LanManager or NetBIOS protocol." -- "man samba"
|
| 11 |
|
|
#
|
| 12 |
|
|
# Actually, SMB is a higher level protocol than NetBIOS. However, the
|
| 13 |
|
|
# NetBIOS header is only 4 bytes: not much to match on.
|
| 14 |
|
|
#
|
| 15 |
|
|
# http://www.ubiqx.org/cifs/SMB.html
|
| 16 |
|
|
# See also RFCs 1001 and 1002.
|
| 17 |
|
|
#
|
| 18 |
|
|
# This pattern attempts to match the (Session layer) NetBIOS Session request.
|
| 19 |
|
|
# If sucessful, you may be able to match NetBIOS several packets earlier
|
| 20 |
|
|
# than if you just waited for the easier-to-match SMB header.
|
| 21 |
|
|
#
|
| 22 |
|
|
# This pattern is untested.
|
| 23 |
|
|
|
| 24 |
|
|
netbios
|
| 25 |
|
|
# session request byte, three bytes of flags and length. Then
|
| 26 |
|
|
# there should be a big mess of letters between A and P which represent
|
| 27 |
|
|
# the NetBIOS names of the involved computers (with a null between them).
|
| 28 |
|
|
# (40ish here, damn this regexp implementation and its lack of {40,})
|
| 29 |
|
|
\x81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]
|