Filewatcher File Search File Search
Catalog
Content Search
» » » » » smbsniff-0.0.1bp0.tgz » Content »
pkg://smbsniff-0.0.1bp0.tgz:11072/share/doc/smbsniff/  info  downloads

smbsniff…  more info»

README

This is version 0.0.1b of Smbsniff, a LanManager file sniffer for unix.
Smbsniff is maintained by Frederic Lavecot : Frederic.Lavecot@hsc.fr

**** Please read this file to the end as it gives important information 
**** and it's not very long
**** or a leat read section "WHAT YOU NEED TO KNOW BEFORE USING SMBSNIF"


WHAT IS SMBSNIF ?
-----------------

Smbsniff is a LanManager(SMB/CIFS) packet sniffer that will write to your 
disk all the files shared and the documents printed in a LanManager 
environnement (all the Microsoft and Samba machines using LanManager 
protocol to share data).
(Well that's what it will do when it's finished).


WHY WOULD YOU WANT TO USE SMBSNIF ?
-----------------------------------

To show people (your boss ?) how insecure this protocol is, for debugging 
purposes, for fun, ... 


WHAT YOU NEED TO KNOW BEFORE USING SMBSNIF
------------------------------------------

Smbsnif should work on *BSD and Linux and might even work on Solaris. 

You will need the libpcap in all cases : 
ftp://ftp.ee.lbl.gov/libpcap.tar.Z
or
http://www.tcpdump.org

Smbsniff can work directly on the network but the sniffing part is still wobbly
and you might (most probably will) loose data. 
Most of all, you should not use the sniffing part for SECURITY reasons : 
sniffing the network requires root privileges and smbsniff is definitely 
not secure, yet ;)

If you want to get the best out of smbsniff use a real sniffer like :
- the stable tcpdump : ftp://ftp.ee.lbl.gov/tcpdump.tar.Z 
- the new tcpdump : http://www.tcpdump.org/
- ethereal : http://www.ethereal.com/

Use  :
# tcpdump -s 1514 -w <file> port 139
$ smbsniff -f <file> 


NOTE : Smbsniff is still under developement 
       and it is FAR from working perfectly.

KNOWN BUGS
----------

Files are not the right size / structure of the file is not correct. 
(This is still an alpha version)

File size is bigger than the original file size.

09 fev 2001 : I have idetified the reason why, and will correct it as soon as 
I can. The reason is some LanManager/SMB headers are transmitted in the middle 
of some raw data packets (makes you wonder no ?).

If you get a message like : 
Read X : offset corrected file <file> will be wrong
Write X : offset corrected file <file> will be wrong 
then this means the program is dropping packets or the sniffer you used to 
capture the packets has dropped some packets. 

09 fev 2001 : It can also mean (and this is most often the case) that headers 
are present in the raw data and that the problem has not been corrected yet. 

Note : under linux (when using tcpdump or other sniffers), their is no way
to know packets have been dropped.

Note 2 : If your sniffer IS dropping packets you can easily patch le libpcap
to adjust the size of the capture buffer. To do that :
In file pcap-bpf.c change the line 
v = 32768; 
to something like 
v = 524288;
And don't forget to rebuild your pcap library.
That worked great for me.

CONTRIBUTIONS
-------------

If you want to contribute, send bug alerts or give feedback please mail me :
Frederic.Lavecot@hsc.fr.

I could also use tcpdump traces of dialogs between windows machines. This way
I can see how smbsniff reacts outside a smbclient <-> NT dialog. Thanks in
advance to anyone who can do that for me.


WEB SITE
--------

Smbsniff's primary download site is : 

              http://www.hsc.fr/ressources/outils/index.html.en


Thanks to the following peoples for their suggestions and help

Stephane Aubert <Stephane.Aubert@hsc.fr>
Denis Ducamp    <Denis.Ducamp@hsc.fr>
Jerome Bouigas
Sebastien Michaud

Also Herve Schauer (for letting me work on this), 
     ee.lbl.gov (for libpcap and tcpdump), 
     and the free software community in general. 
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017 FileWatcher.com