Ask Your Question
0

smb or smb2 packets are all parsed to tcp

asked 2019-05-16 09:28:18 +0000

SteveZhou gravatar image

Hi,

all of sudden, not sure what i did, all the smb or smb2 (tcp port 445) are now all displayed as tcp packets. I tried to Decode tcp 445 but there is no option of smb or smb2.

how do I recover this situation? A reinstallation of Wireshark doesn't get it fixed. I guess remove the Wireshark.app (on macOS 10.14.5) can help me, but I don't want to lose the current config.

thank you!

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-05-16 10:22:48 +0000

grahamb gravatar image

Try going back to a default profile, in the bottom right of the Wireshark status bar, click the profile entry and choose "Default" from the list.

edit flag offensive delete link more

Comments

aha, the 'Default' profile does show me the SMB traffic, so it is a problem of my current profile, any idea which configuration option could lead to this?

SteveZhou gravatar imageSteveZhou ( 2019-05-17 02:44:09 +0000 )edit

If an answer has solved your issue, for the benefit of others who may also have the same issue, please accept the answer by clicking the checkmark icon to the left of the answer

grahamb gravatar imagegrahamb ( 2019-05-17 07:38:00 +0000 )edit

No idea what could be different. but you could save the default profile to another profile and then diff the newly saved profile and your faulty profile. Profiles are held in a profiles directory in your personal configuration directory (See Wireshark -> Help -> About Wireshark, Folders tab).

grahamb gravatar imagegrahamb ( 2019-05-17 07:40:43 +0000 )edit
0

answered 2019-05-16 09:30:59 +0000

SYN-bit gravatar image

Have you checked whether the protocols smb and smb2 are still enabled under "Analyze -> Enabled Protocols"?

edit flag offensive delete link more

Comments

Hi,

I just checked that and they are all enabled. Wireshark Version 3.0.1 (v3.0.1-0-gea351cd8)

SteveZhou gravatar imageSteveZhou ( 2019-05-16 09:39:26 +0000 )edit

See the screenshot here.

SteveZhou gravatar imageSteveZhou ( 2019-05-16 09:39:40 +0000 )edit

Can't see the screenshot..

Packet_vlad gravatar imagePacket_vlad ( 2019-05-16 09:50:06 +0000 )edit

please see the screenshot here.

image description

SteveZhou gravatar imageSteveZhou ( 2019-05-16 10:05:23 +0000 )edit

disable and reenable smb and smb2 does't not help.

SteveZhou gravatar imageSteveZhou ( 2019-05-16 10:08:32 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-05-16 09:28:18 +0000

Seen: 73 times

Last updated: May 16