From 536fa39ae862612a95c21cbe5814b8eec15553e1 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Tue, 8 May 2012 16:38:12 -0600
Subject: [PATCH] Keep the client and the server on tracked tcp sessions

---
 data/exploits/psnuffle/smb.rb         |  4 ++--
 modules/auxiliary/sniffer/psnuffle.rb | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/exploits/psnuffle/smb.rb b/data/exploits/psnuffle/smb.rb
index f50e752f86..3bcd2e083f 100755
--- a/data/exploits/psnuffle/smb.rb
+++ b/data/exploits/psnuffle/smb.rb
@@ -162,8 +162,8 @@ class SnifferSMB < BaseProtocolParser
 								"\nNTHASH:#{s[:ntlmhash]}\n"
 							print_status(logmessage)
 
-							src_ip = s[:host]
-							dst_ip = s[:session].split("-")[1].split(":")[0]
+							src_ip = s[:client_host]
+							dst_ip = s[:host]
 							# know this is ugly , last code added :-/
 							smb_db_type_hash = case ntlm_ver
 							       when "NTLMv1" 		then "smb_netv1_hash"
diff --git a/modules/auxiliary/sniffer/psnuffle.rb b/modules/auxiliary/sniffer/psnuffle.rb
index 4e0dd45231..eebcd8643d 100644
--- a/modules/auxiliary/sniffer/psnuffle.rb
+++ b/modules/auxiliary/sniffer/psnuffle.rb
@@ -177,12 +177,12 @@ class BaseProtocolParser
 			sessions[sessionid][:mtime] = Time.now
 		else
 			# Create a new session entry along with the host/port from the id
-			if (sessionid =~ /^([^:]+):([^-]+)-/s)
+			if (sessionid =~ /^([^:]+):([^-]+)-([^:]+):(\d+)$/s)
 				sessions[sessionid] = {
-					:host      => $1,
-					:target_host => $1,
-					:port      => $2,
-					:target_port => $2,
+					:client_host => $1,
+					:client_port => $2,
+					:host => $3,
+					:port => $4,
 					:session   => sessionid,
 					:ctime     => Time.now,
 					:mtime     => Time.now