Wireshark · Ethereal-users: Re: [Ethereal-users] How to capture the NetBIOS data over 802.2 network

Ethereal-users: Re: [Ethereal-users] How to capture the NetBIOS data over 802.2 network

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Sun, 23 May 2004 12:10:48 +0200

Bassam A. Al-Khaffaf wrote:

<I am developing a special gateway project (Linux box based).

<During my developing I got stuck on how to capture the data of the

<NetBIOS frame (NetBEUI). In fact I tried to use the tcpdump, but the

<problem here that tcpdump captures only the headers and not the

<payload (the data), so I wonder if there any program that able to

<capture the 16 byte source name field (Name to add) when the

<NetBIOS frame (NB) command is “ADD_NAME_QUERY (0x01)”

By default tcpdump uses a snapshot length of 68 bytes, I think.

You can set another snapshot len with the -s option.

With the recent versions it is possible to use 0 as snapshot length (-s 0) to capture

the complete packets, but you can try with e.g. "-s 65635" if that is not working.

Follow-Ups:
- Re: [Ethereal-users] How to capture the NetBIOS data over 802.2 network
  - From: Guy Harris
- RE: [Ethereal-users] How to capture the NetBIOS data over 802.2 network
  - From: Bassam A. Al-Khaffaf

References:
- [Ethereal-users] How to capture the NetBIOS data over 802.2 network
  - From: Bassam A. Al-Khaffaf