[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #53626] NetBIOS Responder generates malformed packet r

From: Jason White
Subject: [lwip-devel] [bug #53626] NetBIOS Responder generates malformed packet responding to "*" name
Date: Thu, 12 Apr 2018 14:07:01 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0


                 Summary: NetBIOS Responder generates malformed packet
responding to "*" name
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: wrc_jasonw
            Submitted on: Thu 12 Apr 2018 06:07:00 PM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head



Several days ago the NetBIOS responded was updated to respond to "*" names (in
bug #53325). I eagerly tested this feature and found the following:
(1) Wireshark reports the response packet to "*" names is malformed.
(2) Attempting to query the device's hostname fails - a response is sent by
LwIP but it gets discarded (in this case using both nmap and SoftPerfect
Network scanner)

I have attached a Wireshark capture (good_bad_nbns.pcapng) containing the
(1) frame 1, from IP, an example of a valid response to the "*"
name from a networked printer.
(2) frame 2, from IP, a malformed NetBIOS response generated by
the feature implemented in bug #53325.

A preliminary comparison of the good (from the printer) and bad (from LwIP)
packets shows that the LwIP packet is missing the "Statistics" section.
Looking at RFC1002 4.2.18 also suggests that the response packet is supposed
to contain a statistics section at the end.

Based off of these observations I am lead to believe that adding the ~40 bytes
of statistics fields documented in RFC1002 to the end of the packet would
resolve this issue.

-Jason White

Disclaimer: I am no expert in the NetBIOS name service.


File Attachments:

Date: Thu 12 Apr 2018 06:07:00 PM UTC  Name: good_bad_nbns.pcapng  Size: 588B 
 By: wrc_jasonw



Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]