asip-status dox
James W. Abendschan <jwa@jammed.com>
$Id: asip-status-doc.html,v 1.2 2001/04/30 08:45:26 jwa Exp $

asip-status is a simple little tool to send a DSIGetStatus / FPGetSrvrInfo request to an AppleShare File Server that supports TCP/IP (port 548) & dump the results.

It was originally written in May of 1997 from a spec entitled AppleTalk Filing Protocol v2.2 & AFP over TCP/IP, Draft 8 dated April 21 1997. Over the weekend of April 27th, 2001 I rewrote it so it did more and sucked less (which should give you a rough idea of how primitive the first version was..)

Here's what happens when I run it against 'kadath', one of my Linux machines running Netatalk:

unix% asip-status kadath
AFP reply from kadath:548
Flags: 1  Cmd: 3  ID: 57005
Reply: DSIGetStatus
Request ID: 57005
Machine type: unix
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1,AFP2.2
UAMs: DHCAST128,Cleartxt Passwrd,No User Authent
Flags: DontAllowSavePwd,SupportsServerMessages,SupportsServerSignature,SupportsTCP/IP
Server name: kadath
Signature:
02 ac 10 40 02 ac 10 40 02 ac 10 40 02 ac 10  ...@...@...@...
01 06 01 ac 10 40 02                          .....@. 
Network address: 172.16.64.2
From a security perspective, the most interesting thing is the No User Authent UAM (User Authentication Method). This means that the 'guest' user is allowed to connect (however, there may be no shares for them to access.) Also, in theory, an AFP server can return multiple network addresses, so if an AFP server was bound to multiple interfaces, they would all be returned in the 'Network Address' portion of the packet.

When I run it against afp.opendoor.com (a publically available AFP server:)

unix% asip-status afp.opendoor.com
AFP reply from afp.opendoor.com:548
Flags: 1  Cmd: 3  ID: 57005
Reply: DSIGetStatus
Request ID: 57005
Machine type: Macintosh
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1
UAMs: No User Authent,Cleartxt passwrd,Randnum exchange,2-Way Randnum exchange
Flags: SupportsCopyFile,DontAllowSavePwd,SupportsServerSignature
Server name: Open Door Shareware
Network address: 208.1.80.221:548
Network address: (no handler for packet type 255)
Here you can see the additional UAMs that a real Mac supports. Also, note the absence of a server signature. Why? I don't know.

If you run asip-status with the -i option, it will display the icon (if any) sent by the AFP server. Thus far, the only icon I've seen looks like this:


  ##            #   #########   
##  ##         # #  #       ##  
# ##  ##  ##  #   # #       # # 
#   ##  ##  ##   #####      ####
#     ##      # ########       #
#       ##    ####    ###      #
#         ##  #####   ####     #
#           # #### #  ####     #
#           # ### ##   # ##    #
#           # #####     ###    #
#           # #####    ####    #
#           # #### #   ####    #
##          # # ##      ###    #
 ###        # ## ####   ##     #
   ###      # ## ####  ###     #
   # ###    # ##  ##  ##########
  #    ###  # ############   #  
 #       ###############      # 
#          ####                #
################################
#                              #
################################
              # #               
              # #               
             #####              
             #   #              
             #   #              
             #####              
             # # #              
    #########  #  ############  
              # #               
    ##########   #############  

Please report bugs, suggestions, or cool stuff like share enumeration to jwa@jammed.com. If reporting a bug, please include the output w/ the -d (debug) and -x (hexdump) flags.

References: