On 07/02/09 03:32, Jim Klimov wrote:
It would be useful to get a wireshark network capture of the data
(request and response) on the wire.
I think I can manage that... but need a bit of help ;)
1) Which tcp/udp ports need to be captured for MSRPC?
Ports 139 and 445 (SMB is the MSRPC a transport in this case),
although you can just capture everything on the interface
unless you have some sensitive data going over the network.
2) there seems to be no wireshark on the system, so I can do something with
snoop, ngrep or tcpdump... Would these do?
snoop is fine as long as you do a binary capture (so that I
can load it wireshark and expand the data structures).
If you want to get wireshark, its available online from
blastwave.org
sunfreeware.com
What's the best way to capture and transfer it to you (i.e.
> I can send email to your well-known Sun address ;) - if that's ok )?
That's fine. If you can limit the capture to the time around
getting the list of services and filter on smb traffic that will
help keep the file small. If there's not much traffic on your
network, don't worry about the filter.
Thanks,
Alan
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
