Write SMB parser, test SMB parser, and integrate with tcpflow source code #207
Comments
|
Yes! Thanks for writing. You will need to write a SMB parser. When you have it finished, please submit it as a pull request. Thanks!
… Current Location: Stockholm, SE
Upcoming travel and conference schedule:
July 14-20 (Sun-Sat) — PETS 2019 (Stockhom, SE)
July 21 (Sun) - London
July 22 (Mon) - Bletchley
July 23 (Tue) - Cambridge
July 24 (Wed) - Travel to Arlington, VA
July 25 (Thu) - Travel to La Jolla, CA
July 26 (Fri) - La Jolla, CA
July 27 (Sat) - Travel to Arlington, VA
July 28 (Sun) - Travel to Denver, CO
July 28-Aug 1 (Sun-Thu) — Joint Statistical Meeting 2019 (Denver, CO)
July 30 (Tue), 3pm - Talk at KP
Sept. 19 (Thu) — HHS Conference (Bethesda, MD)
Oct. 16 (Wed) — 25th Anniversary (don't forget)
Oct. 26 (Fri) — Privacy workshop at Harvard
Oct. 27-28 (Sat-Sun) — Brandeis Parent’s Weekend
Nov 25-Dec 1 (Mon-Sun) — Family Thanksgiving in Barcelona, ES
On Jul 18, 2019, at 7:49 AM, chenchampion ***@***.***> wrote:
Dear Sir,
I try to resassembly networking traffic data with TCPFLOW, the tool is prefect for HTTP/FTP/SMTP/POP3 etc. but when there are some SMB protocol data transferred, the tool always dump all data in one file. For example, I copy 10 files from shared folder, but I only get one file transferred from 445 port. then I analyze that file, I can get all 10 files data in it, but the file data is confusing with many smb data. could you give some advices how to fix this problems? thank you in advance.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
thank you for your quick response. after search the source code, I just find http parser. where can I get the all parser? such as ftp/SMTP/POP3. could you give me some guide how to write a SMB parser. |
|
Hi. Well, as you know, you don't need an FTP parser because FTP sends data over its own connection. We don't have SMTP or POP3 parsers, but there is a MIME parser, which finds MIME-encoded objects. For SMB, you'll need to write a protocol decoder and then tie it in to the be13_api plug-in API. You can find an overview of the protocol here: https://docs.microsoft.com/en-us/windows/win32/fileio/microsoft-smb-protocol-and-cifs-protocol-overview . However, you will probably want to review the SAMBA source-code. |
simsong
changed the title
|
thank you, I will try to implement it. but I cannot promise when I can finish it. |
|
This is a complex project.
…----
Sent from my phone.
On Jul 18, 2019, at 11:43 AM, chenchampion <[email protected]> wrote:
thank you, I will try to implement it. but I cannot promise when I can finish it.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Dear Sir,
I try to resassembly networking traffic data with TCPFLOW, the tool is prefect for HTTP/FTP/SMTP/POP3 etc. but when there are some SMB protocol data transferred, the tool always dump all data in one file. For example, I copy 10 files from shared folder, but I only get one file transferred from 445 port. then I analyze that file, I can get all 10 files data in it, but the file data is confusing with many smb data. could you give some advices how to fix this problems? thank you in advance.
The text was updated successfully, but these errors were encountered: