home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 25
/
Cream of the Crop 25.iso
/
program
/
tcpdumpb.zip
/
README.smb
< prev
next >
Wrap
Text File
|
1996-10-07
|
1KB
|
49 lines
This is set of patches to tcpdump-3.2.1 that gives it the ability to
interpret NBT and SMB packets in a fair bit of detail.
Please send any feedback to Andrew.Tridgell@anu.edu.au
Usage:
To capture all SMB packets going to or from host "fred" try this:
tcpdump -i eth0 -s 1500 port 139 host fred
If you want name resolution or browse packets then try ports 137 and
138 respectively.
change log:
0.2: added name server and browse stuff
0.3: added IPX and Netbeui support
Example Output:
Here is a sample of a capture of a "SMBsearch" directory search. If
you don't get output that looks like this then you have patched
tcpdump incorrectly.
NBT Session Packet
Flags=0x0
Length=57
SMB PACKET: SMBsearch (REQUEST)
SMB Command = 0x81
Error class = 0x0
Error code = 0
Flags1 = 0x8
Flags2 = 0x3
Tree ID = 2048
Proc ID = 11787
UID = 2048
MID = 11887
Word Count = 2
smbvwv[]=
Count=98
Attrib=HIDDEN SYSTEM DIR
smbbuf[]=
Path=\????????.???
BlkType=0x5
BlkLen=0