I've been having problems with Samba and the new 64 bit version of XP. A couple of the Samba developers have requested a dump of the raw packets between the Windows and Linux box during login.
I was thinking Ethereal on the windows box but then login would be impossible, Ethereal also has the problem of not having 64 bit capture drivers. I tried tethereal on the linux box but anything I dump is in the wrong format, I've been told text files are "worthless" when it comes to diagnostics.

So what command should I use to get the packets I need to send off to the developers? It has to dump to a file at some point since it will inevitably flood the console's buffer.

Here's the commands I've already done and were rejected so now I'm getting frustrated.
tethereal -i 3 -z smb,rtt,ip.addr==192.168.1.6 -f tcp port 137 or tcp port 137 or port 138 or tcp port 139 or tcp port 445 -s 2000

tethereal -i 3 -z smb,rtt,ip.addr==192.168.1.6 -f tcp port 137 or tcp port 137 or port 138 or tcp port 139 or tcp port 445 -w scan

This should work on the linux box ( as root ):

tcpdump -i eth0 -s 0 -w dumpFile.tcp

Substitute the appropriate interface name for "eth0" and whatever output file name you want for "dumpFile.tcp". You need the "-s 0" so that long packets don't get cut off.


This will generate a pcap format file that captures all the packets that come in on the specified interface while the tcpdump is running.

I wouldn't worry about trying to filter by port or anything else. The people who you pass the file to can process it in ethereal or tethereal or whatever and do their own filtering as a post processing step.

- Dave

Thank you!