I have a pcap with SMB traffic on port 80. Tried to decode it for SMB but can't find the protocol name "SMB" by using "DecodeAs". See the attached snapshot. My Wireshark has Version 1.10.6. asked 10 Dec '15, 12:50  pktUser1001 |
One Answer:
The reason is that SMB (and SMB2) are client protocols of NBSS, not directly of TCP. If you know that your packet is a SMB packet using non-standard TCP ports, set "Decode as" protocol to NBSS, and Wireshark will find SMB inside it automatically. answered 10 Dec '15, 13:24  sindy |
Thanks @sindy. It works great!