Ask Your Question
0

displayed packets unmatched when trying to export

asked 2019-01-09 08:34:41 +0000

SteveZhou gravatar image

updated 2019-01-09 10:18:37 +0000

Jaap gravatar image

Hi,

I notiched that the # of displayed packets is not the same as it should be when you try to export them, please see that screenshot below:

image description

Is it a known isssue? I was using "smb || smb2" as the display filter.

i further confirmed that the smaller number contains only smb/smb2 packets, while you try to export, the larger number also contains the pure tcp packets (for smb file streaming) for the corresponding smb session. Is it expected?

edit retag flag offensive close merge delete

Comments

Could you add the version number, not just the build info? I assume it's a reasonable current 2.6 version?

Jaap gravatar imageJaap ( 2019-01-09 10:21:24 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-01-09 15:48:17 +0000

cmaynard gravatar image

The number of exported frames could be higher than the number of displayed frames because it also includes dependent frames. For example, if you applied a display filter of udp, but some UDP datagram were fragmented, the IP fragments would also be exported, despite not matching the display filter, because they're necessary to reassemble the UDP datagram.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-01-09 08:34:41 +0000

Seen: 347 times

Last updated: Jan 09 '19

Related questions

displayed packets counter differs between bottom right corner and "File -> Export Specified Packets"

Save packet data as hex string

Export capture file

How can I export my hexdump to a file that contains the data in a binary format?

Export capture log (inc. packet data) in a computer-friendly format

How can I export UDP payload without using the slow Follow UDP Stream method

Filter out TCP data and export capture

Problems while exporting to csv

Exporting RTP packets to WAV

Wireshark export PDUs for decrypted TLS data