The Official Wireshark Blog

Tip from Laura: SMB2 Vulnerability Wireshark Filter

· 107 words · 1 minutes to read
Categories: Security Tip

The big tech news this morning was a recently-discovered SMB2 vulnerability in Windows Vista, 2008, and 7. Laura Chappell created a Wireshark display filter for identifying offending traffic:

((smb.cmd == 0x72) && (smb.flags.response == 0)) && !(smb.pid.high == 0)

See the full report on her site for more information.

Comments 🔗

Comment by Jay on 2009-10-07 14:19:26 +0000 🔗

Hi,
I am doing some Software Performance Test(thru network environment) and Im using Wireshark to analyze it.
My Capture filter is ether host xx:xx:xx and Display filter is smb2.
What is the filter syntax should I use to remove the packet using GUID handle file:xxx under smb2 protocol.
Please help.