Install Network Monitor
We have decided to release an SMB2 parser for Network Monitor 3.1 (released July 07) to hold people over untill the beta for Network Monitor 3.2 releases in early June.
Where can I get the SMB2 parser?
You can download SMB2.NPL parser, along with SPARSER.NPL, CER.NPL, FCCS.NPL, SCNA.NPL and SMB.NPL (all supporting parsers) on http://connect.microsoft.com under the Network Monitor 3 project. If you’ve already signed up you’ll see it as one of your active projects. If you need to sign up you will need to create a passport account and join our project. Once you are in on the Network Monitor 3 project, click on the Downloads link on the left. You will see SMB2 Parser as one of the selections.
How do I use the new SMB2 parser?
Look at the article on using the SSL parser (http://blogs.technet.com/netmon/archive/2007/10/23/new-ssl-public-parser-available-how-to-deal-with-new-parsers.aspx) in the sections “Where do I stick it?” and “Working with NPL Parser path”. The instructions for installing the SMB2 parsers are the same.
Happy SMB2 parsing!
PingBack from http://blogs.windowsecurity.com/shinder/2008/05/08/smb2-parser-now-available-for-network-monitor-31/
After saving the files contained in parsers.zip into the NPL directory for NM3.1 (3.1.485.0) I get the file not found errors for the following files:
I also had to add back includes for the following files to sparser.npl to correct other errors:
I found these by doing a "fc" between my old sparser.npl and the one that was included in sparsers.zip.
John, the release build for NM3.1 is 512. Are you still using an old version for a reason?
I didn't test anything but the 512 publically availalbe build.
Thanks Paul, I must still have a beta version installed. I'll upgrade to the released version.