| 1 | .\"Generated by db2man.xsl. Don't modify this, modify the source.
|
|---|
| 2 | .de Sh \" Subsection
|
|---|
| 3 | .br
|
|---|
| 4 | .if t .Sp
|
|---|
| 5 | .ne 5
|
|---|
| 6 | .PP
|
|---|
| 7 | \fB\\$1\fR
|
|---|
| 8 | .PP
|
|---|
| 9 | ..
|
|---|
| 10 | .de Sp \" Vertical space (when we can't use .PP)
|
|---|
| 11 | .if t .sp .5v
|
|---|
| 12 | .if n .sp
|
|---|
| 13 | ..
|
|---|
| 14 | .de Ip \" List item
|
|---|
| 15 | .br
|
|---|
| 16 | .ie \\n(.$>=3 .ne \\$3
|
|---|
| 17 | .el .ne 3
|
|---|
| 18 | .IP "\\$1" \\$2
|
|---|
| 19 | ..
|
|---|
| 20 | .TH "LOG2PCAP" 1 "" "" ""
|
|---|
| 21 | .SH NAME
|
|---|
| 22 | log2pcap \- Extract network traces from Samba log files
|
|---|
| 23 | .SH "SYNOPSIS"
|
|---|
| 24 | .ad l
|
|---|
| 25 | .hy 0
|
|---|
| 26 | .HP 9
|
|---|
| 27 | \fBlog2pcap\fR [\-h] [\-q] [logfile] [pcap_file]
|
|---|
| 28 | .ad
|
|---|
| 29 | .hy
|
|---|
| 30 |
|
|---|
| 31 | .SH "DESCRIPTION"
|
|---|
| 32 |
|
|---|
| 33 | .PP
|
|---|
| 34 | This tool is part of the \fBsamba\fR(7) suite\&.
|
|---|
| 35 |
|
|---|
| 36 | .PP
|
|---|
| 37 | \fBlog2pcap\fR reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&.
|
|---|
| 38 |
|
|---|
| 39 | .PP
|
|---|
| 40 | The log file must have a \fIlog level\fR of at least \fB5\fR to get the SMB header/parameters right, \fB10\fR to get the first 512 data bytes of the packet and \fB50\fR to get the whole packet\&.
|
|---|
| 41 |
|
|---|
| 42 | .SH "OPTIONS"
|
|---|
| 43 |
|
|---|
| 44 | .TP
|
|---|
| 45 | \-h
|
|---|
| 46 | If this parameter is specified the output file will be a hex dump, in a format that is readable by the text2pcap utility\&.
|
|---|
| 47 |
|
|---|
| 48 | .TP
|
|---|
| 49 | \-q
|
|---|
| 50 | Be quiet\&. No warning messages about missing or incomplete data will be given\&.
|
|---|
| 51 |
|
|---|
| 52 | .TP
|
|---|
| 53 | logfile
|
|---|
| 54 | Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&.
|
|---|
| 55 |
|
|---|
| 56 | .TP
|
|---|
| 57 | pcap_file
|
|---|
| 58 | Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
|
|---|
| 59 |
|
|---|
| 60 | .TP
|
|---|
| 61 | \-h|\-\-help
|
|---|
| 62 | Print a summary of command line options\&.
|
|---|
| 63 |
|
|---|
| 64 | .SH "EXAMPLES"
|
|---|
| 65 |
|
|---|
| 66 | .PP
|
|---|
| 67 | Extract all network traffic from all samba log files:
|
|---|
| 68 |
|
|---|
| 69 | .PP
|
|---|
| 70 |
|
|---|
| 71 |
|
|---|
| 72 | .nf
|
|---|
| 73 |
|
|---|
| 74 | $ log2pcap < /var/log/* > trace\&.pcap
|
|---|
| 75 |
|
|---|
| 76 | .fi
|
|---|
| 77 |
|
|---|
| 78 |
|
|---|
| 79 | .PP
|
|---|
| 80 | Convert to pcap using text2pcap:
|
|---|
| 81 |
|
|---|
| 82 | .PP
|
|---|
| 83 |
|
|---|
| 84 |
|
|---|
| 85 | .nf
|
|---|
| 86 |
|
|---|
| 87 | $ log2pcap \-h samba\&.log | text2pcap \-T 139,139 \- trace\&.pcap
|
|---|
| 88 |
|
|---|
| 89 | .fi
|
|---|
| 90 |
|
|---|
| 91 |
|
|---|
| 92 | .SH "VERSION"
|
|---|
| 93 |
|
|---|
| 94 | .PP
|
|---|
| 95 | This man page is correct for version 3\&.0 of the Samba suite\&.
|
|---|
| 96 |
|
|---|
| 97 | .SH "BUGS"
|
|---|
| 98 |
|
|---|
| 99 | .PP
|
|---|
| 100 | Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&.
|
|---|
| 101 |
|
|---|
| 102 | .PP
|
|---|
| 103 | The generated TCP and IP headers don't contain a valid checksum\&.
|
|---|
| 104 |
|
|---|
| 105 | .SH "SEE ALSO"
|
|---|
| 106 |
|
|---|
| 107 | .PP
|
|---|
| 108 | \fBtext2pcap\fR(1), \fBethereal\fR(1)
|
|---|
| 109 |
|
|---|
| 110 | .SH "AUTHOR"
|
|---|
| 111 |
|
|---|
| 112 | .PP
|
|---|
| 113 | The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
|
|---|
| 114 |
|
|---|
| 115 | .PP
|
|---|
| 116 | This manpage was written by Jelmer Vernooij\&.
|
|---|
| 117 |
|
|---|
