[Winpcap-users] windump / tcpdump question (offtopic)

[Ian]

Hey guys, I need to apologize for asking this question here since I know
this is just the winpcap lib users group and wouldn't normally deal with
questions from applications that use the lib, but I thought I'd ask in the
slight chance that someone could help point me in the right direction as I
wasn't able to find a users malling list for either windump or tcpdump.

I think my question is a easy one...  decoding SMB traffic on port 445. 
I'm able to capture traffic on port 445 and save it to disk using a command
like this:

windump -i2 -s 0 -w output.dmp port 225

if I later attempt to decode it using a command like this:

windump -r output.dmp -vv

I'm only seeing the standard IP header information:

12:57:24.392407 IP (tos 0x0, ttl 128, id 58636, offset 0, flags [DF], proto
TCP (6), length 40) x.x.x.x.1085 > x.x.x.x.445: ., cksum 0x6a37 (correct),
5166:5166(0) ack 5566 win 64198


Yet if I open up the same dump file in ethereal / wireshark it correctly
decodes the traffic.  Is there a way to force tcpdump / windump into
decoding the information in the dump file or does ethereal / wireshark
simply have more functionality at its' disposal to decode packets?  If
that's true, is there a way to call wireshark or ethereal from the cli?