Wireshark: Export SMB Objects (by Joke Snelders)

Wireshark can export SMB objects.

This feature is inplemented in Wireshark in version 1.6.0 and up You can download the latest stable release of Wireshark here. Download the sample file, export-objects-smb_01.pcap, here and continue reading to learn more about exporting smb objects. Note You can also export SMB objects during live capture.

Reassemble TCP streams Open the file export-objects-smb_01.pcap. You cannot export SMB objects, if "Allow subdissector to reassemble TCP streams" is not selected. Here is a way to check this: • right-click Transmission Control Protocol in the Packet Details pane • go to Protocol Preferences • select "Allow subdissector to reassemble TCP streams"

Export SMB objects To open the "Wireshark: SMB object list" go to: File | Export | Objects | SMB

SMB object list This SMB object list shows the following information: Packet num The number of the packet in which the data was found. Hostname The name of the server and the path of the folder. Content Type This field shows the type of the file and how much of the file actually was captured. It also shows you if the file was captured in read or in write operations: mode R and/or W (Read and/or Write) Bytes The size of the object in bytes. Filename The name of the file.

Note Use the display filter: smb.file_data and the packets, that contain the data are displayed: in this file the packets 36, 79, 139 and 186. Save files Select a file and hit the "Save As" button to save a single file. Hit the "Save All" button, if you want to save all files at once. Read more https://wiki.wireshark.org/SMB You can also watch Tony Fortunato's video .

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List or Ask Wireshark.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.