[英]Socket different response between python and java
I am sending a SMB packet, the response is different between languages, but only one byte of difference, it adds 0D
with python我正在发送一个 SMB 数据包,不同语言的响应不同,但只有一个字节的差异,它添加了
0D
和 python
00 00 00 55 FF 53 4D 42 72 00 00 00 00 98 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F 4B 00 00 C5 5E 11 03 00 03 0D 0A 00 01 00 04 11 00 00 00 00 01 00 00 00 00 00 FD E3 00 80 12 E5 E0 59 36 7A D5 01 88 FF 00 10 00 B0 44 B3 6C 20 08 11 44 A9 84 31 87 23 FC C7 45
00 00 00 55 FF 53 4D 42 72 00 00 00 00 98 01 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2F 4B 00 00 C5 5E 11 03 00 0 03 0 0D 0 0 1 0 0 0 0 0D 0 0A 1 0 00 01 00 00 00 00 00 FD E3 00 80 12 E5 E0 59 36 7A D5 01 88 FF 00 10 00 B0 44 B3 6C 20 08 11 44 A9 84 31 87 23 FC C7 45
Python: Python:
buffersize = 1024
timeout = 5.0
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.settimeout(timeout)
client.connect((ip, port))
client.send(negotiate_proto_request())
tcp_response = client.recv(buffersize)
Java: Java:
Socket s = new Socket(ip, port);
OutputStream out = s.getOutputStream();
out.write(negotiate_proto_request().getBytes());
out.flush();
InputStream input = s.getInputStream();
InputStreamReader reader = new InputStreamReader(input);
tcp_response = "";
int i = 0;
tcp_response += (char) reader.read();
tcp_response += (char) reader.read();
tcp_response += (char) reader.read();
int len = reader.read();
tcp_response += (char) len;
while (i < len) {
tcp_response += (char) reader.read();
i++;
}
out.close();
s.close();
Not quite an answer... having hand-parsed the Python response, some of the field values look a little wacky.不完全是一个答案......在手动解析了 Python 响应后,一些字段值看起来有点古怪。 And there's a byte past the logical end of the PDU.
在 PDU 的逻辑结束之后还有一个字节。 I conclude that extra byte 0d was inserted erroneously, but I can't say why.
我的结论是错误地插入了额外的字节 0d,但我不能说为什么。
This is SMB, not CIFS, based on the response format.这是基于响应格式的 SMB,而不是 CIFS。
Python response Python 响应
00 00 00 55
header
FF 53 4D 42 protocol identifier
72 negprot
00 00 00
00 status
98 flags (response + others)
01 28 flags2
00 00 pid high
00 00
00 00 00 00
00 00 security features
00 00 rsvd
00 00 tid
2F 4B pid low
00 00 uid
C5 5E mid
params
11 word count (17)
03 00 dialect index 3
03 security mode
0D 0A max mpx (2573 ?!)
00 01 max vcs (256 ?!)
00 04 11 00 max buff size (1,115,136 ?!)
00 00 00 01 max raw size (1 ?!)
00 00 00 00 session key
00 FD E3 00 capabilities
80 12 E5 E0
59 36 7A D5 server time
01 88 server tz (34817 ?!)
FF challenge len (255 ?!)
data
00
10 byte count
00 B0 44
B3 6C 20 08
11 44 A9 84
31 87 23 FC
C7 server guid
45 fell off the end
or maybe I have forgotten
the SMB alignment rules
Some of the numeric fields have completely implausible numbers;一些数字字段的数字完全不可信; marked them with '?.'.
用'?.'标记它们。
Java response Java 响应
00 00 00 55
header (same as before)
FF 53 4D 42
72 00 00 00
00 98 01 28
00 00 00 00
00 00 00 00
00 00 00 00
00 00 2F 4B
00 00 C5 5E
params
11 word count (17)
03 00 dialect index 3
03 security mode
0A 00 max mpx (10)
01 00 max vcs (1)
04 11 00 00 max buffer (4356)
00 00 01 00 max raw (64k)
00 00 00 00 session key
FD E3 00 80 capabilities
12 E5 E0 59 server time
36 7A D5 01
88 FF server tz (-120)
00 challenge len
data
10
00 byte count (16)
B0 44 B3
6C 20 08 11
44 A9 84 31
87 23 FC C7
45
The fields make much more sense in the Java version.这些字段在 Java 版本中更有意义。
So here is my attempt to actually answer the implied question - the Python version is wrong;所以这是我试图实际回答隐含问题的尝试 - Python 版本是错误的; it has for some reason decided to insert an extra byte.
由于某种原因,它决定插入一个额外的字节。 The extra byte is 0D, which can be interpreted as ASCII CR, and is before a byte that happens to have the value 0A, which can be (mis)interpreted as ASCII LF.
额外的字节是 0D,它可以被解释为 ASCII CR,并且在一个恰好具有值 0A 的字节之前,它可以被(错误)解释为 ASCII LF。 So we might guess that this is some mistaken text-conversion routine chomping on non-text data.
因此,我们可能会猜测这是一些错误的文本转换例程对非文本数据的咀嚼。
== Epilogue == == 结语 ==
Duh, there's an easier way to tell which one's wrong.呃,有一个更简单的方法来判断哪个是错的。 The length of the SMB is supposed to be 0x55 (85) from the first word of the message.
从消息的第一个字开始,SMB 的长度应该是 0x55 (85)。 There are 85 bytes in the Java version, 86 bytes in the Python version.
Java版本有85个字节,Python版本有86个字节。 QED.
QED。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.