samba - Dec 2005 - tcpdump-smb won't work

I've read everything I've found on tcpdump-smb, and still can't get
it
to work right.
 I downloaded the binary from samba.org, and executed the command like so:
(The command belowis directly from the README.smb that comes with 
tcpdump-3.4a5.tar.gz)

./tcpdump -i eth0 port 139 host 192.168.0.1
tcpdump: parse error

How do I use it to get the decoded smb output?


BTW: I also downloaded tcpdump-3.4a5.tar.gz and tcpdump-3.4a5-smb.patch 
from http://us1.samba.org/samba/ftp/tcpdump-smb/
root@host# Then I did:
root@host# tar xzf tcpdump-3.4a5.tar.gz
root@host# cd tcpdump-3.4a5
root@host# patch -p1 < ../tcpdump-3.4a5-smb.patch
(and get the output below)
patching file Makefile.in
patching file README.smb
patching file print-llc.c
patching file print-smb.c
patching file print-tcp.c
Hunk #2 succeeded at 351 (offset -18 lines).
can't find file to patch at input line 1161
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -u --new-file /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig 
./print-tcp.c.orig
|--- /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig  Mon Jun 16 
06:20:28 1997
|+++ ./print-tcp.c.orig Sat Apr 17 11:15:17 1999
--------------------------
File to patch:
Skip this patch? [y]
Skipping patch.
4 out of 4 hunks ignored
patching file print-udp.c
patching file smb.h
patching file smbutil.c

Then I do:
root@host# ./configure
root@host# make
(and get the output below at the end)
gcc -O2 -DHAVE_FCNTL_H=1 -DHAVE_MALLOC_H=1 -DHAVE_MEMORY_H=1 
-DTIME_WITH_SYS_TIME=1 -DHAVE_NET_SLIP_H=1 -DHAVE_VFPRINTF=1 
-DHAVE_STRCASECMP=1 -DHAVE_ETHER_NTOA=1 -DHAVE_SETLINEBUF=1 
-DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGSET=1  -DHAVE_FDDI -I.  
-Ilinux-include -c ./smbutil.c
smbutil.c: In function `make_unix_date':
smbutil.c:44: error: storage size of `t' isn't known
smbutil.c: In function `fdata1':
smbutil.c:471: warning: pointer/integer type mismatch in conditional 
expression
make: *** [smbutil.o] Error 1

So I can't configure/compile/install, and I think this is caused by the 
failed patch job.

Since I downloaded the binary itself, I shouldn't have to compile it to 
get tcpdump-smb to work , right?

If I'm just typing in the command wrong, please let me know.

Thanks

I finally got it working. I downloaded a different file 
(http://us1.samba.org/samba/ftp/tcpdump-smb/tcpdump-3.4a5.tar.gz)
then just did the /configure/make/make install/ trio and now it's working.

thanks

Pablo Graziano wrote:
> I've read everything I've found on tcpdump-smb, and still can't
get it
> to work right.
> I downloaded the binary from samba.org, and executed the command like so:
> (The command belowis directly from the README.smb that comes with 
> tcpdump-3.4a5.tar.gz)
>
> ./tcpdump -i eth0 port 139 host 192.168.0.1
> tcpdump: parse error
>
> How do I use it to get the decoded smb output?
>
>
> BTW: I also downloaded tcpdump-3.4a5.tar.gz and 
> tcpdump-3.4a5-smb.patch from http://us1.samba.org/samba/ftp/tcpdump-smb/
> root@host# Then I did:
> root@host# tar xzf tcpdump-3.4a5.tar.gz
> root@host# cd tcpdump-3.4a5
> root@host# patch -p1 < ../tcpdump-3.4a5-smb.patch
> (and get the output below)
> patching file Makefile.in
> patching file README.smb
> patching file print-llc.c
> patching file print-smb.c
> patching file print-tcp.c
> Hunk #2 succeeded at 351 (offset -18 lines).
> can't find file to patch at input line 1161
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |diff -u --new-file /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig 
> ./print-tcp.c.orig
> |--- /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig  Mon Jun 16 
> 06:20:28 1997
> |+++ ./print-tcp.c.orig Sat Apr 17 11:15:17 1999
> --------------------------
> File to patch:
> Skip this patch? [y]
> Skipping patch.
> 4 out of 4 hunks ignored
> patching file print-udp.c
> patching file smb.h
> patching file smbutil.c
>
> Then I do:
> root@host# ./configure
> root@host# make
> (and get the output below at the end)
> gcc -O2 -DHAVE_FCNTL_H=1 -DHAVE_MALLOC_H=1 -DHAVE_MEMORY_H=1 
> -DTIME_WITH_SYS_TIME=1 -DHAVE_NET_SLIP_H=1 -DHAVE_VFPRINTF=1 
> -DHAVE_STRCASECMP=1 -DHAVE_ETHER_NTOA=1 -DHAVE_SETLINEBUF=1 
> -DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGSET=1  -DHAVE_FDDI -I.  
> -Ilinux-include -c ./smbutil.c
> smbutil.c: In function `make_unix_date':
> smbutil.c:44: error: storage size of `t' isn't known
> smbutil.c: In function `fdata1':
> smbutil.c:471: warning: pointer/integer type mismatch in conditional 
> expression
> make: *** [smbutil.o] Error 1
>
> So I can't configure/compile/install, and I think this is caused by 
> the failed patch job.
>
> Since I downloaded the binary itself, I shouldn't have to compile it 
> to get tcpdump-smb to work , right?
>
> If I'm just typing in the command wrong, please let me know.
>
> Thanks
>
>
>

On Fri, 2005-12-23 at 20:01 -0800, Pablo Graziano wrote:
> I've read everything I've found on tcpdump-smb, and still can't
get it
> to work right.
>  I downloaded the binary from samba.org, and executed the command like so:
> (The command belowis directly from the README.smb that comes with 
> tcpdump-3.4a5.tar.gz)
> 
> ./tcpdump -i eth0 port 139 host 192.168.0.1
> tcpdump: parse error
> 
> How do I use it to get the decoded smb output?
I strongly suggest you look into ethereal.  This is the main network
sniffer used by Samba developers these days, because it has gone far,
far further than tcpdump ever did.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20051222/f6fd160c/attachment.bin