I've read everything I've found on tcpdump-smb, and still can't get it to work right. I downloaded the binary from samba.org, and executed the command like so: (The command belowis directly from the README.smb that comes with tcpdump-3.4a5.tar.gz) ./tcpdump -i eth0 port 139 host 192.168.0.1 tcpdump: parse error How do I use it to get the decoded smb output? BTW: I also downloaded tcpdump-3.4a5.tar.gz and tcpdump-3.4a5-smb.patch from http://us1.samba.org/samba/ftp/tcpdump-smb/ root@host# Then I did: root@host# tar xzf tcpdump-3.4a5.tar.gz root@host# cd tcpdump-3.4a5 root@host# patch -p1 < ../tcpdump-3.4a5-smb.patch (and get the output below) patching file Makefile.in patching file README.smb patching file print-llc.c patching file print-smb.c patching file print-tcp.c Hunk #2 succeeded at 351 (offset -18 lines). can't find file to patch at input line 1161 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff -u --new-file /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig ./print-tcp.c.orig |--- /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig Mon Jun 16 06:20:28 1997 |+++ ./print-tcp.c.orig Sat Apr 17 11:15:17 1999 -------------------------- File to patch: Skip this patch? [y] Skipping patch. 4 out of 4 hunks ignored patching file print-udp.c patching file smb.h patching file smbutil.c Then I do: root@host# ./configure root@host# make (and get the output below at the end) gcc -O2 -DHAVE_FCNTL_H=1 -DHAVE_MALLOC_H=1 -DHAVE_MEMORY_H=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_NET_SLIP_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_ETHER_NTOA=1 -DHAVE_SETLINEBUF=1 -DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGSET=1 -DHAVE_FDDI -I. -Ilinux-include -c ./smbutil.c smbutil.c: In function `make_unix_date': smbutil.c:44: error: storage size of `t' isn't known smbutil.c: In function `fdata1': smbutil.c:471: warning: pointer/integer type mismatch in conditional expression make: *** [smbutil.o] Error 1 So I can't configure/compile/install, and I think this is caused by the failed patch job. Since I downloaded the binary itself, I shouldn't have to compile it to get tcpdump-smb to work , right? If I'm just typing in the command wrong, please let me know. Thanks
I finally got it working. I downloaded a different file (http://us1.samba.org/samba/ftp/tcpdump-smb/tcpdump-3.4a5.tar.gz) then just did the /configure/make/make install/ trio and now it's working. thanks Pablo Graziano wrote:> I've read everything I've found on tcpdump-smb, and still can't get it > to work right. > I downloaded the binary from samba.org, and executed the command like so: > (The command belowis directly from the README.smb that comes with > tcpdump-3.4a5.tar.gz) > > ./tcpdump -i eth0 port 139 host 192.168.0.1 > tcpdump: parse error > > How do I use it to get the decoded smb output? > > > BTW: I also downloaded tcpdump-3.4a5.tar.gz and > tcpdump-3.4a5-smb.patch from http://us1.samba.org/samba/ftp/tcpdump-smb/ > root@host# Then I did: > root@host# tar xzf tcpdump-3.4a5.tar.gz > root@host# cd tcpdump-3.4a5 > root@host# patch -p1 < ../tcpdump-3.4a5-smb.patch > (and get the output below) > patching file Makefile.in > patching file README.smb > patching file print-llc.c > patching file print-smb.c > patching file print-tcp.c > Hunk #2 succeeded at 351 (offset -18 lines). > can't find file to patch at input line 1161 > Perhaps you used the wrong -p or --strip option? > The text leading up to this was: > -------------------------- > |diff -u --new-file /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig > ./print-tcp.c.orig > |--- /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig Mon Jun 16 > 06:20:28 1997 > |+++ ./print-tcp.c.orig Sat Apr 17 11:15:17 1999 > -------------------------- > File to patch: > Skip this patch? [y] > Skipping patch. > 4 out of 4 hunks ignored > patching file print-udp.c > patching file smb.h > patching file smbutil.c > > Then I do: > root@host# ./configure > root@host# make > (and get the output below at the end) > gcc -O2 -DHAVE_FCNTL_H=1 -DHAVE_MALLOC_H=1 -DHAVE_MEMORY_H=1 > -DTIME_WITH_SYS_TIME=1 -DHAVE_NET_SLIP_H=1 -DHAVE_VFPRINTF=1 > -DHAVE_STRCASECMP=1 -DHAVE_ETHER_NTOA=1 -DHAVE_SETLINEBUF=1 > -DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGSET=1 -DHAVE_FDDI -I. > -Ilinux-include -c ./smbutil.c > smbutil.c: In function `make_unix_date': > smbutil.c:44: error: storage size of `t' isn't known > smbutil.c: In function `fdata1': > smbutil.c:471: warning: pointer/integer type mismatch in conditional > expression > make: *** [smbutil.o] Error 1 > > So I can't configure/compile/install, and I think this is caused by > the failed patch job. > > Since I downloaded the binary itself, I shouldn't have to compile it > to get tcpdump-smb to work , right? > > If I'm just typing in the command wrong, please let me know. > > Thanks > > >
On Fri, 2005-12-23 at 20:01 -0800, Pablo Graziano wrote:> I've read everything I've found on tcpdump-smb, and still can't get it > to work right. > I downloaded the binary from samba.org, and executed the command like so: > (The command belowis directly from the README.smb that comes with > tcpdump-3.4a5.tar.gz) > > ./tcpdump -i eth0 port 139 host 192.168.0.1 > tcpdump: parse error > > How do I use it to get the decoded smb output?I strongly suggest you look into ethereal. This is the main network sniffer used by Samba developers these days, because it has gone far, far further than tcpdump ever did. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20051222/f6fd160c/attachment.bin