smb or smb2 packets are all parsed to tcp

2019-05-16 09:28:18

SteveZhou


all of sudden, not sure what i did, all the smb or smb2 (tcp port 445) are now all displayed as tcp packets. I tried to Decode tcp 445 but there is no option of smb or smb2.

how do I recover this situation? A reinstallation of Wireshark doesn't get it fixed. I guess remove the (on macOS 10.14.5) can help me, but I don't want to lose the current config.

thank you!

2019-05-16 10:22:48

grahamb

Try going back to a default profile, in the bottom right of the Wireshark status bar, click the profile entry and choose "Default" from the list.

aha, the 'Default' profile does show me the SMB traffic, so it is a problem of my current profile, any idea which configuration option could lead to this?

SteveZhou ( 2019-05-17 02:44:09 +0000 )

If an answer has solved your issue, for the benefit of others who may also have the same issue, please accept the answer by clicking the checkmark icon to the left of the answer

grahamb ( 2019-05-17 07:38:00 +0000 )

No idea what could be different. but you could save the default profile to another profile and then diff the newly saved profile and your faulty profile. Profiles are held in a profiles directory in your personal configuration directory (See Wireshark -> Help -> About Wireshark, Folders tab).

grahamb ( 2019-05-17 07:40:43 +0000 )

2019-05-16 09:30:59

SYN-bit

Have you checked whether the protocols smb and smb2 are still enabled under "Analyze -> Enabled Protocols"?

I just checked that and they are all enabled. Wireshark Version 3.0.1 (v3.0.1-0-gea351cd8)

SteveZhou ( 2019-05-16 09:39:26 +0000 )

See the screenshot here.

SteveZhou ( 2019-05-16 09:39:40 +0000 )

Can't see the screenshot..

Packet_vlad ( 2019-05-16 09:50:06 +0000 )

please see the screenshot here.

image description

SteveZhou ( 2019-05-16 10:05:23 +0000 )

disable and reenable smb and smb2 does't not help.

SteveZhou ( 2019-05-16 10:08:32 +0000 )

Asked: 2019-05-16 09:28:18

Seen: 34 times

Last updated: May 16