Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-08-27 20:23:40 +0000

keg415 gravatar image

Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Analyzing a file of captured packets with the filter:

smb2.cmd == 9

displays many write command packets, some with filenames containing "Favorites"; similarly, the filter:

smb2.filename contains "Favorites"

displays packets. But filtering for smb2 write command packets with specific filenames, e.g. with the filter:

smb2.cmd == 9 && smb2.filename contains "Favorites"

displays no packets.

I just starting using Wireshark -- what am I doing wrong?

Thanks.

click to hide/show revision 2
retagged

updated 2020-08-27 21:20:25 +0000

Eddi gravatar image

Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Analyzing a file of captured packets with the filter:

smb2.cmd == 9

displays many write command packets, some with filenames containing "Favorites"; similarly, the filter:

smb2.filename contains "Favorites"

displays packets. But filtering for smb2 write command packets with specific filenames, e.g. with the filter:

smb2.cmd == 9 && smb2.filename contains "Favorites"

displays no packets.

I just starting using Wireshark -- what am I doing wrong?

Thanks.