On May 27, 2004, at 11:56 PM, Jun-ichiro itojun Hagino wrote:
Yes I am doing live capturing, but all what I interested about is the 16
byte "Source Name" field (Name to Add). I want to include the tcpdump
command in my perl program so that I can make further processing on the data
of that field.
i would suggest you write a program using libpcap.a, rather than try to play with tcpdump output.
Or that he modify an existing program using libpcap, namely tcpdump, to understand more NBF command types (such as ADD_NAME_QUERY, which his packet appears to be), and then send us the patches so we can add that to a future release. The code is in "netbeui_print()" in "print-smb.c"; the "smb_fdata()" routine isn't documented, but it should be possible to figure out how the format strings work (the items in square brackets describe how to format the current field in the packet).
The NBF packet formats are at
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BK8P7001/ CCONTENTS
tcpdump has to be run with "-vv" to get it to print the details of NBF packets.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
