HOWTO: get familar with the Samba source code
Tim Potter
tpot at linuxcare.com.au
Thu Sep 28 06:29:52 GMT 2000
Richard Sharpe writes:
> At 11:51 PM 9/27/00 -0500, Gerald Carter wrote:
> > o get a copy of MS network monitor (legally). Even the
> > one with the NT server is ok. We can convert
> > tcpdump format to CAP format). This is the best
> > network sniffer for decoding SMB/MS-RPC.
> > Ethereal (www.zing.org) has some code for
> > parsing SMB/NetBIOS and I think Andrew and Tim
> > are adding some MS-RPC support in it.
>
> Hmmm, in what ways is NetMon better than Ethereal? I want to make Ethereal
> the best available :-)
>
> The version of NetMon I have does not do MSRPC ... Which version does?
The netmon that comes with NT4 decodes some parts of some pipes -
the \lsarpc pipe seems to be the most fully implemented one.
Luke managed to obtain a copy of netmon that decodes a bit more
but it is still far from complete.
Tim.
More information about the samba-ntdom
mailing list