Imagotype-NetworkDataPedia (1)_edited.pn

NetworkDataPedia © 2018-2020  |  Editorial Team   |   Privacy Policies  |  Contact Us          Website built by DYCMarketing 

Wireshark: Export SMB Objects (by Joke Snelders)

January 1, 2015

Wireshark can export SMB objects.


This feature is inplemented in Wireshark in version 1.6.0 and up

You can download the latest stable release of Wireshark here.

Download the sample file, export-objects-smb_01.pcap, here and continue reading to learn more about exporting smb objects.

Note
You can also export SMB objects during live capture.

 

 
Reassemble TCP streams
Open the file export-objects-smb_01.pcap.

You cannot export SMB objects, if "Allow subdissector to reassemble TCP streams" is not selected.

Here is a way to check this: 
• right-click Transmission Control Protocol in the Packet Details pane
• go to Protocol Preferences
• select "Allow subdissector to reassemble TCP streams"

 

 
Export SMB objects
To open the "Wireshark: SMB object list" go to:
File | Export | Objects | SMB


SMB object list
This SMB object list shows the following information:
Packet num
The number of the packet in which the data was found.

Hostname
The name of the server and the path of the folder.

Content Type
This field shows the type of the file  and how much of the file actually was captured. It also shows you if the file was captured in read or in write operations:
mode R and/or W (Read and/or Write)

Bytes
The size of the object in bytes.

Filename
The name of the file.

 

 


Note
Use the display filter: smb.file_data and the packets, that contain the data are displayed: in this file the packets 36, 79, 139 and 186.

Save files
Select a file and hit the "Save As" button to save a single file.

Hit the "Save All" button, if you want to save all files at once.

Read more
https://wiki.wireshark.org/SMB

You can also watch Tony Fortunato's video .

 

Author Profile - My name is Joke (pronounced \yo-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List or Ask Wireshark.

What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.

Share on Facebook
Share on Twitter
Please reload

Sponsored By:

Viavi

Display_LoveMyTool_170x400.png
Recent Posts

November 12, 2019

Please reload