tcpdump mailing list archives
Re: How to extract the source name field data of
From: Guy Harris <guy () alum mit edu>
Date: Fri, 28 May 2004 11:55:53 -0700
On May 27, 2004, at 11:56 PM, Jun-ichiro itojun Hagino wrote:
Yes I am doing live capturing, but all what I interested about is the 16byte "Source Name" field (Name to Add). I want to include the tcpdumpcommand in my perl program so that I can make further processing on the dataof that field.i would suggest you write a program using libpcap.a, rather than try to play with tcpdump output.
Or that he modify an existing program using libpcap, namely tcpdump, to understand more NBF command types (such as ADD_NAME_QUERY, which his packet appears to be), and then send us the patches so we can add that to a future release. The code is in "netbeui_print()" in "print-smb.c"; the "smb_fdata()" routine isn't documented, but it should be possible to figure out how the format strings work (the items in square brackets describe how to format the current field in the packet).
The NBF packet formats are athttp://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BK8P7001/ CCONTENTS
tcpdump has to be run with "-vv" to get it to print the details of NBF packets.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: savefile.c patch, (continued)
- Re: savefile.c patch Gisle Vanem (May 26)
- Re: savefile.c patch Guy Harris (May 26)
- Re: savefile.c patch Guy Harris (May 26)
- Re: savefile.c patch Gisle Vanem (May 27)
- Re: savefile.c patch Gisle Vanem (May 27)
- Re: savefile.c patch Guy Harris (May 27)
- How to extract the source name field data of the netbeui (NBF) protocol Bassam A. Al-Khaffaf (May 27)
- Re: How to extract the source name field data of Jun-ichiro itojun Hagino (May 27)
- Re: How to extract the source name field data of Bassam A. Al-Khaffaf (May 27)
- Re: How to extract the source name field data of Jun-ichiro itojun Hagino (May 28)
- Re: How to extract the source name field data of Guy Harris (May 28)
- Re: How to extract the source name field data of Guy Harris (May 30)
- libpcap tutorial Bassam A. Al-Khaffaf (May 31)
- pcab and libpcap differences? Bassam A. Al-Khaffaf (May 31)
- Re: pcab and libpcap differences? Guy Harris (May 31)
- Re: savefile.c patch Gisle Vanem (May 26)