Hi,
Is there anyone who wouldn't want to quiet down SMB printing by
default unless -v is given?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
---------- Forwarded message ----------
Date: Sat, 13 Jan 2001 19:45:34 +0200 (EET)
From: Pekka Savola <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Quiet down SMB printing unless in verbose mode
Hi,
Attached is a patch to make SMB printing a little more quiet in
non-verbose mode.
You get like:
---
19:37:15.711650 1.2.3.71.137 > 1.2.3.255.137: NBT UDP
PACKET(137): QUERY; REQUEST; BROADCAST
19:37:15.711650 host6.xxx.fi.netbios-ns > 1.2.3.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
---
(In one line, like with the traditional tcpdump)
Instead of:
---
19:43:16.235202 host6.xxx.fi.netbios-ns > 1.2.3.255.netbios-ns:
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:44:08.612934 host6.xxx.fi.netbios-dgm >
1.2.3.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x111A ID=0xDFBC IP=193 (0xc1).94 (0x5e).160
(0xa0).71 (0x47) Port=138 (0x8a) Length=187 (0xbb) Res2=0x0
SourceName=
WARNING: Short packet. Try increasing the snap length
---
Unless you're debugging SMB, you usually have zero interest in having
those messages clutter up your screen.
The patch could be smaller if e.g. ':' operator was used in printf's. If
you'd like it that way...
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--- tcpdump-3.6.1/print-smb.c Sat Jan 13 18:57:59 2001
+++ tcpdump-3.6.1.smb/print-smb.c Sat Jan 13 19:31:59 2001
@@ -624,7 +624,9 @@
fn = smbfind(command,smb_fns);
- printf("\nSMB PACKET: %s (%s)\n",fn->name,request?"REQUEST":"REPLY");
+ if (vflag > 0 ) printf("\n");
+
+ printf("SMB PACKET: %s (%s)\n",fn->name,request?"REQUEST":"REPLY");
if (vflag == 0) return;
@@ -712,8 +714,14 @@
startbuf = data;
if (maxbuf <= data) return;
- printf("\n>>> NBT Packet\n");
+ if (vflag > 0) printf ("\n>>> ");
+
+ printf("NBT Packet");
+
+ if (vflag == 0) return;
+ printf("\n");
+
switch (flags) {
case 1:
printf("flags=0x%x\n", flags);
@@ -798,7 +806,9 @@
if (maxbuf <= data) return;
- printf("\n>>> NBT UDP PACKET(137): ");
+ if (vflag > 0 ) printf("\n>>> ");
+
+ printf("NBT UDP PACKET(137): ");
switch (opcode) {
case 0: opcodestr = "QUERY"; break;
@@ -921,6 +931,11 @@
startbuf = data;
if (maxbuf <= data) return;
+ if (vflag == 0 ) {
+ printf("NBT UDP PACKET(138)");
+ return;
+ }
+
data = fdata(data,"\n>>> NBT UDP PACKET(138) Res=[rw] ID=[rw] IP=[b.b.b.b]
Port=[rd] Length=[rd] Res2=[rw]\nSourceName=[n1]\nDestName=[n1]\n#",maxbuf);
if (data != NULL)
@@ -948,6 +963,11 @@
}
startbuf = data;
+
+ if (vflag == 0) {
+ printf("NetBeui Packet");
+ return;
+ }
printf("\n>>> NetBeui Packet\nType=0x%X ", control);
data = fdata(data,"Length=[d] Signature=[w] Command=[B]\n#",maxbuf);
