samba - Oct 1997 - Q: Packet Dumping?

Sorry to bother you all... but I keep seeing references to "packet
dumping"
or "net tracing" when the Samba team (and others) are talking about
implementing new protocols...

Now I'm wondering, how do you do this? Can I just tell my Linux 2.0.31 box
to go into promiscuous mode and record all packets carrying NetBIOS data,
destined for any machine? Or is the packet dumping the Samba team are
referring to part of the debug function of samba itself?  Even worse...
would I need to buy specialist hardware to do this properly?*

If this is covered in the docs, please point me to it. I've read through
most of the docs directory already, but I probably ignored anything about
packet dumping/sniffing at the time, considering it irrelevant to my needs.

Thanks for your patience.
Alex

*My favourite experience with protocol analysers was half an hour I got to
watch a guy track down some faults in a mixed LAN using a Wandel-Goltermann
WG50 protocol analyser. Very nice stuff... but it looked like "just" a
Windows 3.11 PC with some fancy software, in a pretty box.

Windows 95: n. 32 bit extensions and a graphical shell for a 16 bit patch
to an 8 bit operating system originally coded for a 4 bit microprocessor,
written by a 2 bit company.

On Thu, 30 Oct 1997, Alex Satrapa wrote:
> Sorry to bother you all... but I keep seeing references to "packet
dumping"
> or "net tracing" when the Samba team (and others) are talking
about
> implementing new protocols...
> 
> Now I'm wondering, how do you do this? Can I just tell my Linux 2.0.31
box
> to go into promiscuous mode and record all packets carrying NetBIOS data,
> destined for any machine?
yep!

tcpdump -n -s 1500 -w dump_file
<press ctrl-c>

tcpdump -n -s 1500 -r dump_file > dump_file.txt
tcpdump -n -s 1500 -r dump_file | more
> Or is the packet dumping the Samba team are
> referring to part of the debug function of samba itself?
the log.nmb and log.smb files have limited packet parsing capabilities, 
which i am improving and developing specifically on the RPC pipe side, 
for later inclusion in tcpdump.

so, yes, we can be referring to the log files; yes, we can be referring 
to tcpdump; yes we can also be referring to "netmon.exe" which, for
the
current development underway is particularly useful: it's the only 
reference we have for the correct parsing of RPC pipe packets
> would I need to buy specialist hardware to do this properly?*
...
> If this is covered in the docs, please point me to it. I've read
through
> most of the docs directory already, but I probably ignored anything about
> packet dumping/sniffing at the time, considering it irrelevant to my needs.
DIAGNOSIS.txt.  probably.
> Thanks for your patience.
> Alex
> 
> *My favourite experience with protocol analysers was half an hour I got to
> watch a guy track down some faults in a mixed LAN using a Wandel-Goltermann
> WG50 protocol analyser. Very nice stuff... but it looked like
"just" a
> Windows 3.11 PC with some fancy software, in a pretty box.
probably was!  expensive software, too, probably.
 
> Windows 95: n. 32 bit extensions and a graphical shell for a 16 bit patch
> to an 8 bit operating system originally coded for a 4 bit microprocessor,
> written by a 2 bit company.
> 
> 
> 
<a href="mailto:lkcl@switchboard.net"  > Luke Kenneth Casson
Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home
Page   </a>
<br><b> "Apply the Laws of Nature to your environment because
your
         environment applies the Laws of Nature to you"              
</b>