export objects not working

asked 2020-05-26 22:58:27 +0000

ep gravatar image

I have a PCAP of SMB traffic and I want to export the SMB objects (file -> export objects -> SMB) but nothing is appearing in the pop-up windows where the SMB objects normally populate. Is there a reason for this?

edit retag flag offensive close merge delete

Comments

"normally populate" means it works for other capture files?
Can you add Wireshark version info here - wireshark -v or Help->About Wireshark

There was a bug for this in 2.2.2.

Chuckc gravatar imageChuckc ( 2020-05-27 01:14:20 +0000 )edit

Yes, it works for other files. Wireshark 3.2.3 (v3.2.3-0-gf39b50865a13)

ep gravatar imageep ( 2020-05-27 09:39:29 +0000 )edit

Maybe the capture is missing a portion of the traffic that is required to identify the complete SMB object.

grahamb gravatar imagegrahamb ( 2020-05-27 09:57:08 +0000 )edit

The capture appears to have it, as I can find the individual packets in question. The packets in question are not near the beginning or end, either.

ep gravatar imageep ( 2020-05-27 19:36:27 +0000 )edit
add a comment