Hi. When NBSS session or session smb occurs in the middle of the TCP packet, I can not see them properly in wireshark. asked 26 May '16, 05:30  barabashka |
How do I can see the analysis of these protocols, if they are in the middle of the tcp packet? I tried to do it using the menu "Decode as...", but nothing happened.!
One Answer:
Currently, no. Wireshark would have to scan through the packet to find the beginning of the SMB2 message (which actually beings with the "NetBIOS SS" data - Wireshark really should be labeling port 445 traffic as SMB, not NBSS, as SMB-over-TCP uses something similar to, but simpler than, NBSS), show the data before it as continuation data, and show the SMB2 message. It currently doesn't do that. It'd be a lot easier to test and implement it if we had a capture file, just as Jaap suggested. answered 26 May '16, 15:40  Guy Harris ♦♦ |
Working from a screenshot is prohibitively difficult. Can you share a capture in a publicly accessible spot, e.g. CloudShark?
Sorry for the long silence;) Here is the link https://www.cloudshark.org/captures/8319b97b6296 I Thank you for your attention to this issue
@barabashka
I moved your "answer" to a comment under the question when you posted it and then deleted the 2nd "answer" as it was a duplicate.
Please read the site FAQ for more information.