[Samba] tcpdump-smb won't work

Pablo Graziano pablo at compugenic.com
Sat Dec 24 04:01:02 GMT 2005

I've read everything I've found on tcpdump-smb, and still can't get it 
to work right.
 I downloaded the binary from samba.org, and executed the command like so:
(The command belowis directly from the README.smb that comes with 

./tcpdump -i eth0 port 139 host
tcpdump: parse error

How do I use it to get the decoded smb output?

BTW: I also downloaded tcpdump-3.4a5.tar.gz and tcpdump-3.4a5-smb.patch 
from http://us1.samba.org/samba/ftp/tcpdump-smb/
root at host# Then I did:
root at host# tar xzf tcpdump-3.4a5.tar.gz
root at host# cd tcpdump-3.4a5
root at host# patch -p1 < ../tcpdump-3.4a5-smb.patch
(and get the output below)
patching file Makefile.in
patching file README.smb
patching file print-llc.c
patching file print-smb.c
patching file print-tcp.c
Hunk #2 succeeded at 351 (offset -18 lines).
can't find file to patch at input line 1161
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
|diff -u --new-file /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig 
|--- /usr/src/redhat/tcpdump-3.4.orig/print-tcp.c.orig  Mon Jun 16 
06:20:28 1997
|+++ ./print-tcp.c.orig Sat Apr 17 11:15:17 1999
File to patch:
Skip this patch? [y]
Skipping patch.
4 out of 4 hunks ignored
patching file print-udp.c
patching file smb.h
patching file smbutil.c

Then I do:
root at host# ./configure
root at host# make
(and get the output below at the end)
-Ilinux-include -c ./smbutil.c
smbutil.c: In function `make_unix_date':
smbutil.c:44: error: storage size of `t' isn't known
smbutil.c: In function `fdata1':
smbutil.c:471: warning: pointer/integer type mismatch in conditional 
make: *** [smbutil.o] Error 1

So I can't configure/compile/install, and I think this is caused by the 
failed patch job.

Since I downloaded the binary itself, I shouldn't have to compile it to 
get tcpdump-smb to work , right?

If I'm just typing in the command wrong, please let me know.


