摘要:本文对一个兼具综合性和灵活性的网络安全体系进行介绍,通过深入分析,对数据传输通过TCP三路握手过程、网络基本输入输出系统和SMB(服务器信息块)进行转储的过程进行阐述。
umber of bytes following the LENGTH field. One of the bits of the FLAGS field acts as an additional, high order bit for LENGTH field.
The TYPE field of NetBIOS Session services are:
0x00 - SESSION MESSAGE
0x81 - SESSION REQUEST
0x82 - POSITIVE SESSION RESPONSE
0x83 - NEGATIVE SESSION RESPONSE
0x84 - RETARGET SESSION RESPONSE
0x85 - SESSION KEEP ALIVE
Bit definition of FLAGS field can be represented as
0 1 2 3 4 5 6 7
0000000E
Symbol ‘E' represents the Length extension used as additional high order bit on the LENGTH Field. The remaining first bits 0 - 6 are reserved and must be zero (0).
The Session Request packet can be represented as:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
TYPE
FLAGS
LENGTH
CALLED NAME
CALLING NAME
The TYPE field, FLAGS field are 1 byte and LENGTH field is of 2 bytes whereas CALLED NAME and CALLING NAME are 4 bytes and can be decoded using mangle algorithm.
The POSITIVE SESSION RESPONSE packet format can be represented as:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
TYPE
FLAGS
LENGTH
The NEGATIVE SESSION RESPONSE packet can be represented as :
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
TYPE
FLAGS
LENGTH
ERROR CODE
The NEGATIVE SESSION RESPONSE packets error code values are:
0x80 - Not listening on called name
0x81 - Not listening for calling name
0x 82 - Called name not present
0x83 - Called name present, but insufficient resources
0x8F - Unspecified error
SESSION MESSAGE PACKET can be represented as:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
TYPE
FLAGS
LENGTH
USER DATA
Packet 4:
Analyzing the fourth packet it is clear that NETBIOS Session Request packet has been sent by source system with address 193.63.129.192 to the destination system with address 193.63.129.187. This indicates that a NETBIOS Session Request as it is identified by 0x81. Analyzing the packet with the above defined structure provides with the CALLED NAMES and CALLING NAMES which are mangled using M$ mangle algorithm. After decoding the result can represented as:
CALLED NAME
J4-ITRL-14
CALLING NAME
Where the CALLED NAME j4-ITRL-14 is a device with IP address 193.63.129.187 and CALLING NAME J4-ITRL-19 is device with IP address 193.63.129.192.
Packet 5:
Analyzing the fifth packet, NETBIOS POSITIVE RESPONSE Packet has been sent from source system 193.63.129.187 (J4-ITRL-14) to destination system (J4-ITRL-19) indicating that a NETBIOS POSITIVE RESPONSE Packet structure has been established successfully.
SMB:
Server Message Block is the protocol that supports the network integrated tools of the windows user interface. SMB i
本论文由英语论文网提供整理,提供论文代写,英语论文代写,代写论文,代写英语论文,代写留学生论文,代写英文论文,留学生论文代写相关核心关键词搜索。