Re: [tcpdump-workers] How to extract the source name field data of
Yes I am doing live capturing, but all what I interested about is the 16 byte Source Name field (Name to Add). I want to include the tcpdump command in my perl program so that I can make further processing on the data of that field. I need your help in this matter Regards Bassam A. Al-Khaffaf R D Engineer R D Department Palette Multimedia Bhd www.palettemm.com www.yellowspots.com [EMAIL PROTECTED] Tel: +60 (3) 6253 3299 - Ext: 229 Fax: +60 (3) 6253 4399 MPhone: +60 (16) 493 1776 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jun-ichiro itojun Hagino Sent: Friday, May 28, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: Re: [tcpdump-workers] How to extract the source name field data of Hi, I am capturing the NetBeui (NBF) packets by using the following command: tcpdump -X netbuie I am getting a range of data, but, is there a way to determine which part of the packet to extract? I am interested in the 16 byte Source Name field (Name to add) as shown below. I want to extract the name SHEILA only. 15:12:21.446893 NetBeui Packet 0x f0f0 032c 00ff ef01 ..., 0x0010 0053...S 0x0020 4845 494c 4120 2020 2020 2020 2020 03 HEILA.. if you are doing live capture on network, bigger capture size like -s 2000 will help you. otherwise, binary capture file won't have enough data so you can do nothing about it. itojun - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.686 / Virus Database: 447 - Release Date: 14/05/04 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.686 / Virus Database: 447 - Release Date: 14/05/04 - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] How to extract the source name field data of
On May 27, 2004, at 11:56 PM, Jun-ichiro itojun Hagino wrote: Yes I am doing live capturing, but all what I interested about is the 16 byte Source Name field (Name to Add). I want to include the tcpdump command in my perl program so that I can make further processing on the data of that field. i would suggest you write a program using libpcap.a, rather than try to play with tcpdump output. Or that he modify an existing program using libpcap, namely tcpdump, to understand more NBF command types (such as ADD_NAME_QUERY, which his packet appears to be), and then send us the patches so we can add that to a future release. The code is in netbeui_print() in print-smb.c; the smb_fdata() routine isn't documented, but it should be possible to figure out how the format strings work (the items in square brackets describe how to format the current field in the packet). The NBF packet formats are at http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BK8P7001/ CCONTENTS tcpdump has to be run with -vv to get it to print the details of NBF packets. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.