But the problem here is that even if I increase the snapshot size, tcpdump
still giving me the header only of the NetBIOS.
In other words, tcpdump showing me exactly this:
(15:12:21.446893 NetBeui Packet),
while I want to read the data inside the NetBeui Packet as Ethereal doing
it.
So anyone can give me an idea of how can read the data inside the NetBEUI
packet?
Regards
Bassam A. Al-Khaffaf
R & D Engineer
R & D Department
Palette Multimedia Bhd
www.palettemm.com
www.yellowspots.com
bassam@xxxxxxxxxxxxx
Tel: +60 (3) 6253 3299 - Ext: 229
Fax: +60 (3) 6253 4399
MPhone: +60 (16) 493 1776
________________________________________
From: Martin Regner [mailto:martin.regner@xxxxxxxxx]
Sent: Sunday, May 23, 2004 6:11 PM
To: bassam@xxxxxxxxxxxxx; Ethereal user support
Subject: Re: [Ethereal-users] How to capture the NetBIOS data over 802.2
network
Bassam A. Al-Khaffaf wrote:
<I am developing a special gateway project (Linux box based).
<During my developing I got stuck on how to capture the data of the
<NetBIOS frame (NetBEUI). In fact I tried to use the tcpdump, but the
<problem here that tcpdump captures only the headers and not the
<payload (the data), so I wonder if there any program that able to
<capture the 16 byte source name field (Name to add) when the
<NetBIOS frame (NB) command is ADD_NAME_QUERY (0x01)
By default tcpdump uses a snapshot length of 68 bytes, I think.
You can set another snapshot len with the -s option.
With the recent versions it is possible to use 0 as snapshot length (-s 0)
to capture
the complete packets, but you can try with e.g. "-s 65635" if that is not
working.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.686 / Virus Database: 447 - Release Date: 14/05/04
