Problems with tcpdump-smb

Stanley.Hopcroft at ipaustralia.gov.au Stanley.Hopcroft at ipaustralia.gov.au
Wed Apr 8 15:03:12 GMT 1998 


     Dear Ladies and Gentlemen,

     I am writing to ask your help using Mr Tridgells tcpdump-smb
     (ftp:samba.anu.ed.au/pub/samba/tcpdump-smb/tcpdump-3.2.1.tar.gz).

     My problem is that it appears to erroneosly report very long packets
     that it identifies as SMBError = ERROR: Unknown error (32,37233) and
     then displays a huge amount of data eg

[000] 22 BF 2B 00 00 00 00 00  00 00 00 0B 01 58 FE 2A  ".+..... .....X.*
[010] 35 EA 5F 0A 00 44 00 00  00 5B 00 00 00 12 00 00  5._..D.. .[......
[020] 00 01 01 02 82 00 E0 B0  E2 6D B9 08 00 45 00 00  ........ .m...E..
[030] 4D BA 00 00 00 FE 11 14  F9 C0 A8 6A FE C0 03 01  M....... ...j....
[040] FC 00 A1 10 47 00 39 BF  FD 30 2F 02 01 00 04 06  ....G.9. .0/.....
[050] 70 75 62 6C 69 63 A2 22  02 04 01 E9 30 91 02 01  public." ....0...
[060] 00 02 01 90 90 58 FE 2A  35 63 D4 0C 00 44 00 00  .....X.* 5c...D..
[070] 00 56 00 00 00 12 00 01  00 5E 00 00 05 00 00 0C  .V...... .^......
[080] 00 F3 4F 08 00 45 C0 00  48 00 00 00 00 01 59 17  ..O..E.. H.....Y.
[090] 94 C0 03 01 01 E0 00 00  05 02 01 00 34 C0 03 10  ........ ....4...
[0A0] C0 00 00 00 00 BA 2A 00  00 00 00 00 00 00 00 00  ......*. ........
[0B0] 00 FF FF FF 00 00 0A 02  01 00 00 55 C0 58 FE 2A  ........ ...U.X.*
[0C0] 35 97 C4 0D 00 3D 00 00  00 3D 00 00 00 12 00 03  5....=.. .=......
[0D0] 00 00 00 00 01 00 00 6F  14 B6 99 00 2F F0 F0 03  .......o ..../...
[0E0] 2C 00 FF EF 03 01 6E 01  00 00 2C F3 00 00 00 00  ,.....n. ..,.....
[0F0] 00 00 00 00 00 00 88 11  45 37 00 40 00 00 00 00  ........ E7. at ....
[100] 00 00 00 00 00 00 99 6D  28 F6 00 00 DC 58 FE 2A  .......m (....X.*
[110] 35 20 DB 0D 00 3C 00 00  00 3C 00 00 00 12 00 01  5 ...<.. .<......
[120] 80 C2 00 00 00 00 C0 1D  B4 8D FD 00 26 42 42 03  ........ ....&BB.


     This appears to contain at least some data for a UDP SNMP packet
     (protocol 0x11 and port 0xa1).

     The results are the same when tcpdump is linked with libpcap-0.2.1
     supplied with the distribution and also the pcap library supplied with
     the last tcpdump distribution (libpcap-0.4a6).

     This network contains NT servers and hence the SMB-NT commands that
     this product does not deal with.

     Thank you very much,

     Yours sincerely


     S Hopcroft

     IP Australia

     shopcroft at IPAustralia.gov.au

More information about the samba mailing list