Wireshark-users: Re: [Wireshark-users] tshark smb,srt filter error

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Evan Huus <eapache@xxxxxxxxx>
Date: Sun, 20 Oct 2013 14:01:10 -0400
On Sun, Oct 20, 2013 at 1:59 PM, Tal Bar-Or <tbaror@xxxxxxxxx> wrote:
> Hi again Evan,
>
> Great news its works i did
>
>> C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -r
>> tracesmb_fileop2.pcap -Y "smb.time" -T fields -e ip.dst  -e ip.src -e
>> smb.file -e smb.path -e smb.time
>
>
> and i noticed that the file include the sub directory ( i used it on another
> file)
>>
>>   \\public\\WhereAreAllTheFiles.txt               0.000443000
>>   \\public\\WhereAreAllTheFiles.txt               0.000281000
>>   \\public\\WhereAreAllTheFiles.txt               0.000220000
>
> so i did
>>
>> C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -n -r
>> tracesmb_fileop2.pcap -q -z
>> "smb,srt,smb.file==\"\\public\\WhereAreAllTheFiles.txt\""
>>
>> =================================================================
>> SMB SRT Statistics:
>> Filter: smb.file=="\\public\\WhereAreAllTheFiles.txt"
>> Commands                   Calls    Min SRT    Max SRT    Avg SRT
>>
>> Transaction2 Commands      Calls    Min SRT    Max SRT    Avg SRT
>> QUERY_PATH_INFO                6   0.000220   0.000443   0.000284
>>
>> NT Transaction Commands    Calls    Min SRT    Max SRT    Avg SRT
>> =================================================================
>
>
> and now works
> Thanks
> Cheers

Great, glad you got it figured out.