diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2003-03-25 09:41:42 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2003-03-25 09:41:42 +0000 |
commit | cec5c81ac3a5590cabdc28cf4d4e343ee9a8b33d (patch) | |
tree | aafa8f25a9cde7e8e34b53bd4893ac4b8ac13c79 /packet-smb-sidsnooping.h | |
parent | 2fecf91a175d91f3c2d0a202cb0acd9a94068b40 (diff) | |
download | wireshark-cec5c81ac3a5590cabdc28cf4d4e343ee9a8b33d.tar.gz |
Added SMB option : sid_name_snooping.
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
Diffstat (limited to 'packet-smb-sidsnooping.h')
-rw-r--r-- | packet-smb-sidsnooping.h | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/packet-smb-sidsnooping.h b/packet-smb-sidsnooping.h new file mode 100644 index 0000000000..3a4a3416df --- /dev/null +++ b/packet-smb-sidsnooping.h @@ -0,0 +1,31 @@ +/* packet-smb-sidsnooping.h + * Routines for snooping SID to name mappings + * Copyright 2003, Ronnie Sahlberg + * + * $Id: packet-smb-sidsnooping.h,v 1.1 2003/03/25 09:41:41 sahlberg Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef _PACKET_SMB_SID_SNOOPING_H_ +#define _PACKET_SMB_SID_SNOOPING_H_ + +char *find_sid_name(char *sid); + +#endif |