Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Parsing Netbios and DNS Names

by NetWallah (Abbot)
on May 20, 2003 at 22:01 UTC ( #259599=perlquestion: print w/ replies, xml ) Need Help??
NetWallah has asked for the wisdom of the Perl Monks concerning the following question:

Ahoy, Monks .. Here is some working code that I'd like to make better/more efficient. It has to do with decoding DNS and Netbios names in captured packets (pcap). I freely admit that the current method uses brute-force and inefficient methods. If someone has done something in this arena, please enlighten. tia .
sub Decode_DNS_Name(){ #DNS/Netbios Name decoder # This homegrown crazy bit of code developed by packet observation + only. my $nameref = shift; my ($retval, $namelen, $b1, $b2, $lastchar); $namelen = ord(substr($$nameref,0,1)); for (my $i=1; $i <= $namelen; $i+=2){ $b1=(ord(substr($$nameref,$i,1))) - 0x41; #Don't ask me why . +. $b2=(ord(substr($$nameref,$i+1,1))) - 0x41; # It just works thi +s way!! $retval .= chr( ($b1 << 4)+$b2); } # Last byte of NB name is the "Type". chop it if it is .. if (($lastchar = chop($retval)) gt ' '){ # Ooops ... That was a real part of the name ..Need to restore i +t.. $retval .= $lastchar; }; #Trim trailing blanks $retval =~s/\s*$//; return $retval ; #. }
Yes - I know - I should post sample Input and output strings .. Will get to that soon.

Comment on Parsing Netbios and DNS Names
Download Code
Re: Parsing Netbios and DNS Names
by NetWallah (Abbot) on May 20, 2003 at 23:04 UTC
    As promised, here are the input and output strings for the Decode_DNS_Name(): Input:
    00000000 20 46 45 45 46 45 4F 45 - 4F 45 46 46 44 46 44 45 FEEFEOEO +EFFDFDE 00000010 46 45 46 43 41 43 41 43 - 41 43 41 43 41 43 41 42 FEFCACACA +CACACAB 00000020 4D 00 00 20 00 01 M.. ..
    Notice the leading 0x20 - which indicates a length of 32 bytes, that translates into a space-padded 16 bytes below:
    TENNESSEE
    Another example input:
    0000000 20 46 48 46 48 45 43 45 - 42 45 44 45 4C 46 46 46 FHFHECEBE +DELFFF 00000010 41 43 41 43 41 43 41 43 - 41 43 41 43 41 43 41 41 ACACACACA +CACACAA 00000020 41 00 00 20 00 01 A.. ..
    Translates to "WWBACKUP".
      You might wanna look at Net::NBName Might help you out with what you are trying to do
Re: Parsing Netbios and DNS Names
by benn (Priest) on May 21, 2003 at 00:02 UTC
    # Don't ask me why - it just works this way

    This is called 'first-level encoding', and is explained in RFC 1001 (and rather simpler here). This may help in your quest...personally, I'd probably go for a split'n'map solution, but I bet there's a clever 'unpack' just waiting to be written. :)

    Cheers
    Ben.

Re: Parsing Netbios and DNS Names
by BrowserUk (Pope) on May 21, 2003 at 05:24 UTC

    Try this

    sub DecodeNB { pack 'C*', map{ ( ( vec( $_[0], 2+$_*4, 4 ) -1 ) << 4 ) + ( vec( $_[0], 4+$_*4, 4 ) -1 ) } 0 .. 8; }

    Examine what is said, not who speaks.
    "Efficiency is intelligent laziness." -David Dunham
    "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://259599]
Approved by benn
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2014-08-30 05:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (291 votes), past polls