Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Parsing Netbios and DNS Names

by NetWallah (Abbot)
on May 20, 2003 at 22:01 UTC ( #259599=perlquestion: print w/ replies, xml ) Need Help??
NetWallah has asked for the wisdom of the Perl Monks concerning the following question:

Ahoy, Monks .. Here is some working code that I'd like to make better/more efficient. It has to do with decoding DNS and Netbios names in captured packets (pcap). I freely admit that the current method uses brute-force and inefficient methods. If someone has done something in this arena, please enlighten. tia .
sub Decode_DNS_Name(){ #DNS/Netbios Name decoder # This homegrown crazy bit of code developed by packet observation + only. my $nameref = shift; my ($retval, $namelen, $b1, $b2, $lastchar); $namelen = ord(substr($$nameref,0,1)); for (my $i=1; $i <= $namelen; $i+=2){ $b1=(ord(substr($$nameref,$i,1))) - 0x41; #Don't ask me why . +. $b2=(ord(substr($$nameref,$i+1,1))) - 0x41; # It just works thi +s way!! $retval .= chr( ($b1 << 4)+$b2); } # Last byte of NB name is the "Type". chop it if it is .. if (($lastchar = chop($retval)) gt ' '){ # Ooops ... That was a real part of the name ..Need to restore i +t.. $retval .= $lastchar; }; #Trim trailing blanks $retval =~s/\s*$//; return $retval ; #. }
Yes - I know - I should post sample Input and output strings .. Will get to that soon.

Comment on Parsing Netbios and DNS Names
Download Code
Re: Parsing Netbios and DNS Names
by NetWallah (Abbot) on May 20, 2003 at 23:04 UTC
    As promised, here are the input and output strings for the Decode_DNS_Name(): Input:
    00000000 20 46 45 45 46 45 4F 45 - 4F 45 46 46 44 46 44 45 FEEFEOEO +EFFDFDE 00000010 46 45 46 43 41 43 41 43 - 41 43 41 43 41 43 41 42 FEFCACACA +CACACAB 00000020 4D 00 00 20 00 01 M.. ..
    Notice the leading 0x20 - which indicates a length of 32 bytes, that translates into a space-padded 16 bytes below:
    TENNESSEE
    Another example input:
    0000000 20 46 48 46 48 45 43 45 - 42 45 44 45 4C 46 46 46 FHFHECEBE +DELFFF 00000010 41 43 41 43 41 43 41 43 - 41 43 41 43 41 43 41 41 ACACACACA +CACACAA 00000020 41 00 00 20 00 01 A.. ..
    Translates to "WWBACKUP".
      You might wanna look at Net::NBName Might help you out with what you are trying to do
Re: Parsing Netbios and DNS Names
by benn (Priest) on May 21, 2003 at 00:02 UTC
    # Don't ask me why - it just works this way

    This is called 'first-level encoding', and is explained in RFC 1001 (and rather simpler here). This may help in your quest...personally, I'd probably go for a split'n'map solution, but I bet there's a clever 'unpack' just waiting to be written. :)

    Cheers
    Ben.

Re: Parsing Netbios and DNS Names
by BrowserUk (Pope) on May 21, 2003 at 05:24 UTC

    Try this

    sub DecodeNB { pack 'C*', map{ ( ( vec( $_[0], 2+$_*4, 4 ) -1 ) << 4 ) + ( vec( $_[0], 4+$_*4, 4 ) -1 ) } 0 .. 8; }

    Examine what is said, not who speaks.
    "Efficiency is intelligent laziness." -David Dunham
    "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://259599]
Approved by benn
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2014-09-01 13:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (12 votes), past polls