I am trying to diagnose some WINS issues (yes, I know, WINS! ugh)
I need to do unattended captures with TSHARK and then process them with a
perl script.
normal Tshark Output is:
2008-05-15 09:25:30.037482 192.62.20.81 -> 129.224.72.22 NBNS Name query NB
USEA-NADC3<20>
2008-05-15 09:25:30.037669 129.224.72.22 -> 192.62.20.81 NBNS Name query
response NB 129.224.72.14
But since no NBNS Transaction ID is shown, I cant map the requests to the
responses.
so I tried this:
tshark -i 4 -c 50 -f "udp dst port 137" -T fields -t ad -e frame.date -e
frame.time -e ip.src -e ip.dst -e nbns.id -e nbns.flags.opcode -e
nbns.flags.rcode -e ????
and I get some of what I need, I really need to be able to see what is being
queried and what is being answered.
May 15, 2008 09:30:17.543289000 192.63.222.61 129.224.72.22
0xdad4 0 0
May 15, 2008 09:30:17.543482000 129.224.72.22 192.63.222.61
0xdad4 0 3 0
Is there any way to also get the decoded "Name query NB USEA-NADC3<20>" and
"Name query response NB 129.224.72.14" as part of the output? along with the
nbns.id value?
Is there any field for -e that will show what I need?
Thanks
Mark Starner | Applications Infrastructure-Email and Directory Services,
Infrastructure Solutions, Business Enabling Technology Team
Unisys
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
