Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Parsing Netbios and DNS Names

by NetWallah (Abbot)
on May 20, 2003 at 22:01 UTC ( #259599=perlquestion: print w/replies, xml ) Need Help??
NetWallah has asked for the wisdom of the Perl Monks concerning the following question:

Ahoy, Monks .. Here is some working code that I'd like to make better/more efficient. It has to do with decoding DNS and Netbios names in captured packets (pcap). I freely admit that the current method uses brute-force and inefficient methods. If someone has done something in this arena, please enlighten. tia .
sub Decode_DNS_Name(){ #DNS/Netbios Name decoder # This homegrown crazy bit of code developed by packet observation + only. my $nameref = shift; my ($retval, $namelen, $b1, $b2, $lastchar); $namelen = ord(substr($$nameref,0,1)); for (my $i=1; $i <= $namelen; $i+=2){ $b1=(ord(substr($$nameref,$i,1))) - 0x41; #Don't ask me why . +. $b2=(ord(substr($$nameref,$i+1,1))) - 0x41; # It just works thi +s way!! $retval .= chr( ($b1 << 4)+$b2); } # Last byte of NB name is the "Type". chop it if it is .. if (($lastchar = chop($retval)) gt ' '){ # Ooops ... That was a real part of the name ..Need to restore i +t.. $retval .= $lastchar; }; #Trim trailing blanks $retval =~s/\s*$//; return $retval ; #. }
Yes - I know - I should post sample Input and output strings .. Will get to that soon.

Replies are listed 'Best First'.
Re: Parsing Netbios and DNS Names
by BrowserUk (Pope) on May 21, 2003 at 05:24 UTC

    Try this

    sub DecodeNB { pack 'C*', map{ ( ( vec( $_[0], 2+$_*4, 4 ) -1 ) << 4 ) + ( vec( $_[0], 4+$_*4, 4 ) -1 ) } 0 .. 8; }

    Examine what is said, not who speaks.
    "Efficiency is intelligent laziness." -David Dunham
    "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller
Re: Parsing Netbios and DNS Names
by benn (Vicar) on May 21, 2003 at 00:02 UTC
    # Don't ask me why - it just works this way

    This is called 'first-level encoding', and is explained in RFC 1001 (and rather simpler here). This may help in your quest...personally, I'd probably go for a split'n'map solution, but I bet there's a clever 'unpack' just waiting to be written. :)


Re: Parsing Netbios and DNS Names
by NetWallah (Abbot) on May 20, 2003 at 23:04 UTC
    As promised, here are the input and output strings for the Decode_DNS_Name(): Input:
    00000000 20 46 45 45 46 45 4F 45 - 4F 45 46 46 44 46 44 45 FEEFEOEO +EFFDFDE 00000010 46 45 46 43 41 43 41 43 - 41 43 41 43 41 43 41 42 FEFCACACA +CACACAB 00000020 4D 00 00 20 00 01 M.. ..
    Notice the leading 0x20 - which indicates a length of 32 bytes, that translates into a space-padded 16 bytes below:
    Another example input:
    0000000 20 46 48 46 48 45 43 45 - 42 45 44 45 4C 46 46 46 FHFHECEBE +DELFFF 00000010 41 43 41 43 41 43 41 43 - 41 43 41 43 41 43 41 41 ACACACACA +CACACAA 00000020 41 00 00 20 00 01 A.. ..
    Translates to "WWBACKUP".
      You might wanna look at Net::NBName Might help you out with what you are trying to do

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://259599]
Approved by benn
[LanX]: communication overhead calls for sensible management
[ambrus]: "different specialized employees in different rooms" => so, there's a cleaner guy who cleans up the vomit from the bathroom every morning?
[erix]: makes me think of MMM too (mythical man month): "adding more people to a project makes it slower"
[erix]: that should be "to an already-too-late- project" I think
[ambrus]: oh yes, we have a pretty good example of that when they reorganized the grill place in the restaurant nearby.
[ambrus]: it now has two more people working there, and they're serving slower and more expensive.
[ambrus]: It used to be just a master cook who takes the order and puts the meat and eggs on the open grill plate table, and an assistant who removes them to a plate, adds the side dish, and gives the plate to the people in the queue, plus a cashier.
[ambrus]: Now it has five people instead of three, some sort of call number ticket system where people wait a lot for their food to get ready (it's the same kinds of grilled meat and fish on the same equipment, it won't actually fry slower),
[ambrus]: it's slow as hell, and the food costs significantly more.
[ambrus]: We no longer eat there.

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (13)
As of 2017-09-22 13:49 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (264 votes). Check out past polls.