This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

As titled, do we have filed for that? I found there is a specific code number for each operation, but was not able to find that code in Microsoft smb protocol doc. For example, - Session Setup Request (0x01) - SMB2 WRITE Request (0X09) - SMB2 WRITE Request (0X08) - etc..

Is there a field like smb.<field> == <codenumber> we can use for filtering? thanks!

asked 05 Mar '17, 21:39

SteveZhou's gravatar image

SteveZhou
191273034
accept rate: 0%


Try "smb.cmd == codenumber" or "smb2.cmd == codenumber"

and also you can refer to "Display filter expression" dialog and search for "smb" in there to find available expressions:

alt text

permanent link

answered 05 Mar '17, 22:13

Packet_vlad's gravatar image

Packet_vlad
4361613
accept rate: 20%

edited 05 Mar '17, 22:15

ah, yes, how could I not checking the SMB Header part. thanks!

(08 Mar '17, 18:03) SteveZhou

To determine the name of any filter field, locate the field of interest in the packet details pane, click the field and the status bar will indicate the filter field name in parentheses:

permanent link

answered 06 Mar '17, 09:06

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

thank you!

(08 Mar '17, 18:03) SteveZhou
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×27

question asked: 05 Mar '17, 21:39

question was seen: 8,739 times

last updated: 08 Mar '17, 18:03

p​o​w​e​r​e​d by O​S​Q​A