Hi, As titled, do we have filed for that? I found there is a specific code number for each operation, but was not able to find that code in Microsoft smb protocol doc. For example, - Session Setup Request (0x01) - SMB2 WRITE Request (0X09) - SMB2 WRITE Request (0X08) - etc.. Is there a field like smb.<field> == <codenumber> we can use for filtering? thanks! asked 05 Mar '17, 21:39  SteveZhou |
2 Answers:
Try "smb.cmd == codenumber" or "smb2.cmd == codenumber" and also you can refer to "Display filter expression" dialog and search for "smb" in there to find available expressions:
answered 05 Mar '17, 22:13  Packet_vlad edited 05 Mar '17, 22:15 |
To determine the name of any filter field, locate the field of interest in the packet details pane, click the field and the status bar will indicate the filter field name in parentheses:
answered 06 Mar '17, 09:06  grahamb ♦ thank you! (08 Mar '17, 18:03) SteveZhou |
ah, yes, how could I not checking the SMB Header part. thanks!