This is the first release of smbcmp. Couple of new features were added since the introduction of the tool, some of which were implemented by Google Summer of Code student Mairo Paul Rufus.
New features
New diff mode
smbcmp has a new way to generate diffs based on Wireshark XML output. To try this new mode use the -m pdml option. The new mode allows for more precise diff analysis and the possibility to reliably ignore differences in certain fields.
Ignoring fields
Ability to ignore certain fields for an smbcmp session. This feature is only available in the console version of the tool using the new XML output. Pressing the key "a" will enable or disable the report of differences for the field at the current cursor position.
wxWidget GUI
Additional GUI version based on the wxwidget toolkit. The program name is smbcmp-gui.
Windows port
Windows port. Both the console and GUI version of the tool have been ported to Windows and an experimental 64 bits build is available in this release (smbcmp-x64-0.1.zip). The Windows build ships with its own python interpreter and tshark binary and is pretty much a stand-alone program. Unzip it and run smbcmp.exe to get the GUI version.
Parsing of samba-generated keys
samba-based programs (smbd, smbclient, rpcclient, ...) can dump encryption keys using --option=debugencryption=yes. smbcmp can now extract keys in that format (additionally to the linux kernel format) in log files via the -k option.
Switch to setuptools
smbcmp now has an internal python package and uses setuptools for build and install. Sample installation usage:
python3 setup.py build
sudo python3 setup.py install --prefix=/usr
If you just want to run the script without installing it, follow the new readme instructions and run it like so:
PYTHONPATH=$PWD scripts/smbcmp --help
Bug fixes
- Fix crash when smbcmp is ran without a config file
- Fix crash when capture has no SMB packets
- Fix dissection of compounded packets (previously only one of them was shown)