Ask Your Question

keg415's profile - activity

2021-06-27 02:49:36 +0000 received badge  Notable Question (source)
2021-06-27 02:49:36 +0000 received badge  Popular Question (source)
2020-08-28 01:24:26 +0000 marked best answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Analyzing a file of captured packets with the filter:

smb2.cmd == 9

displays many write command packets, some with filenames containing "Favorites"; similarly, the filter:

smb2.filename contains "Favorites"

displays packets. But filtering for smb2 write command packets with specific filenames, e.g. with the filter:

smb2.cmd == 9 && smb2.filename contains "Favorites"

displays no packets.

I just starting using Wireshark -- what am I doing wrong?

Thanks.

2020-08-28 01:24:26 +0000 received badge  Scholar (source)
2020-08-27 23:51:19 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

OK, not being able to filter on a specific occurrence explains the problem. So if I want to filter on commands that do

2020-08-27 22:04:56 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Understood, but I thought Wireshark would figure this out to enable filtering on the filename anyway.

2020-08-27 21:59:53 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Similar problem on smb2-peter.pcap: smb2.cmd == 9 shows 34 packets but smb2.cmd == 9 && smb2.filename contains "

2020-08-27 21:49:09 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

smb2.cmd==9 && smb2.filename shows 29 packets, but they don't look correctly formatted, e.g.: 242486 471.2753

2020-08-27 21:48:53 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

smb2.cmd==9 && smb2.filename shows 29 packets, but they don't look correctly formatted, e.g.: 242486 471.2753

2020-08-27 21:48:33 +0000 commented answer Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

smb2.cmd==9 && smb2.filename shows 29 packets, but they don't look correctly formatted, e.g.: 242486 471.2753

2020-08-27 20:23:40 +0000 asked a question Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results

Analyze filter smb2.cmd == 9 && smb2.filename contains "fname" shows no results Analyzing a file of captured pac