> Apparently Windows is unhappy with one of our network packets. We > need to see the packet which Windows 7 does not like, and the > natural source for that information is a packet trace. Are you > aware that tshark is able to split packet traces in chunks while > taking them? So you could run it arbitrarily long without filling > your disk if you delete old ones?
As a long-time Wireshark, née Ethereal, fan, that is exactly what I was going to suggest. :) and tshark makes going through huge packet traces very, very easy. For someone who knows what they're looking at and knows how to effectively use tshark's filters, the bad packet can be spotted in minutes even for very, very large traces. Also, you can filter your packet capture so you're just getting CIFS packets and not everything else. Message sent via Atmail Open - http://atmail.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
