Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-01-02 23:05:36 +0000

Chuckc gravatar image

Are the share names encoded as WCHAR (for Unicode characters)?

0070   00 00 5c 00 5c 00 31 00 39 00 32 00 2e 00 31 00   ..\.\.1.9.2...1.
0080   36 00 38 00 2e 00 31 00 31 00 34 00 2e 00 31 00   6.8...1.1.4...1.
0090   32 00 39 00 5c 00 54 00 45 00 53 00 54 00 00 00   2.9.\.T.E.S.T...

Check smb.flags2.string - 1... .... .... .... = Unicode Strings: Strings are Unicode

If unicode, then each character in the filter will need a \0 in front. \0f\0o\0l\0d\0e\0r or you can filter on the smb.path field - smb.path == "\\\\192.168.114.129\\TEST"