Ethereal: Re: [Ethereal-users] Please help me(microsoft- ds)

Ethereal-users: July 2005

Subject: Re: [Ethereal-users] Please help me(microsoft- ds)
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 05 Jul 2005 10:57:54 -0700

Manoj Kumar wrote:

My ethereal is flooded with microsft-ds and netbios packets moving across various ip’s not related to me. Please help me.

Is that a problem because you don't want that traffic on your network, or is that a problem because you don't want to see that traffic, or is that a problem because you don't want to see any traffic other than traffic to and from your machine?

In the first case, I can't really help you - the people are probably using SMB (Microsoft's file sharing protocol) for a reason, and are unlikely to stop doing so.

In the second case, try a filter of

not udp port 137 and not udp port 138 and not tcp port 139 and not tcp port 445

although that will also keep Ethereal from seeing that traffic to and from your machine.

In the third case, try turning promiscuous mode off - that way, the only traffic you'll see is traffic sent by and received by your machine (although, on Solaris, at least, you won't see any traffic sent by your machine) - or try using a filter of

	host {your host's IP address}

although that'll filter out ARP traffic and the like.

References:
- [Ethereal-users] Please help me(microsoft- ds)
  - From: Manoj Kumar

Prev by Date: Re: [Ethereal-users] how to put my wlan card in monitor mode
Next by Date: Re: [Ethereal-users] libPCAP file Format
Previous by thread: Re: [Ethereal-users] Please help me(microsoft- ds)
Next by thread: [Ethereal-users] NTOP and Ethereal
Index(es):
- Date
- Thread