Capture Packets: Difference between revisions

From SambaWiki
No edit summary
 
No edit summary
Line 11: Line 11:
|| ethereal || <pre>tethereal -p -w FILENAME port 445 or port 139</pre>
|| ethereal || <pre>tethereal -p -w FILENAME port 445 or port 139</pre>
|-
|-
|| tcpdump || <pre>tcpdump -p -s 512 -w FILENAME port 445 or port 139</pre>
|| tcpdump || <pre>tcpdump -p -s 1500 -w FILENAME port 445 or port 139</pre>
|}
|}

If you are sitting at your Windows workstation it might also work if you download wireshark, start the capture, do the operation that causes trouble, and stop the capture.

For many operations it is also important that we see the beginning of the SMB connection. You can cause the Windows client to reconnect if you kill the smbd process servicing your client, you do not have to restart all of Samba. You can find out the smbd responsible with the tool smbstatus.

Revision as of 10:49, 20 February 2007

When diagnosing a problem, Samba developers are likely to request a packet capture (or trace).

The best way to do this depends on the tools available on your system. If you are using a GUI-based system, you will need to run a capture tool from the command-line.

In the table below, replace FILENAME with the descriptive file name.

Tool Commandline
wireshark
tshark -p -w FILENAME port 445 or port 139
ethereal
tethereal -p -w FILENAME port 445 or port 139
tcpdump
tcpdump -p -s 1500 -w FILENAME port 445 or port 139

If you are sitting at your Windows workstation it might also work if you download wireshark, start the capture, do the operation that causes trouble, and stop the capture.

For many operations it is also important that we see the beginning of the SMB connection. You can cause the Windows client to reconnect if you kill the smbd process servicing your client, you do not have to restart all of Samba. You can find out the smbd responsible with the tool smbstatus.