Wireshark · Ethereal-users: Re: [Ethereal-users] Filter Files

Ethereal-users: Re: [Ethereal-users] Filter Files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 21 Feb 2003 13:28:04 -0800

On Thu, Feb 20, 2003 at 03:43:50PM +0000, mark.haslam@xxxxxxxx wrote:
> But are there any resources that will allow me to capture data from Server
> Message Block Protocol or related ports.

Do you mean "capture *only* data from SMB or related ports"?

If so, then try, as a capture filter,

	udp port 137 or udp port 138 or tcp port 139 or tcp port 445

if you're running NetBIOS-over-TCP (or CIFS-over-TCP; that's port 445).

> The reason for this is I am trying to find a way to capture any user on my
> comp LAN sending NETSend messages across the network.

That also requires that you be able to see all the traffic on your LAN;
see

	http://www.ethereal.com/faq.html#q5.1

for some of the issues involved with doing that on, for example, a
switched network.

References:
- [Ethereal-users] Filter Files
  - From: mark . haslam

Prev by Date: Re: [Ethereal-users] Another decode bug?
Next by Date: Re: [Ethereal-users] Filter Files
Previous by thread: [Ethereal-users] Filter Files
Next by thread: RE: [Ethereal-users] Filter Files
Index(es):
- Date
- Thread