Rebuilding a file transferred via SMB Using Wireshark

One of the great Wireshark features I show people is how to rebuild a file that you downloaded via HTTP. This technique gives you a totally new angle when troubleshooting or baselining.

The last 2 versions of Wireshark has added support for SMB. So now you can rebuild a file that was opened, closed, read or written from a Microsoft or SMB server.

In this video I show you how.

Enjoy