Hello all,
Just a quick one today. I was recently in a situation whereby we had a packet capture taken from the port of a NAS where about 100 CIFS connections were made to. We needed to see packets only containing a certain file name which isnt as easy as it sounds.
After digging around and then speaking to some technical acquaintances it turns out there is a pretty decent Wireshark filter that enables you to do this:
smb.file contains “blah”
So, say for example I am on 192.168.1.42 and I am pulling a file off “NAS0123” called “blahwhatisthis.docx”, all you will need to search for is “blah” as the string and it will bring up said packets in your Wireshark session.
Just a nibble of a blog but it might be useful to some 🙂
More to come soon I promise.
Sam
