The big tech news this morning was a recently-discovered SMB2 vulnerability in Windows Vista, 2008, and 7. Laura Chappell created a Wireshark display filter for identifying offending traffic:
((smb.cmd == 0x72) && (smb.flags.response == 0)) && !(smb.pid.high == 0)
See the full report on her site for more information.
Comments 🔗
Comment by Jay on 2009-10-07 14:19:26 +0000 🔗
Hi,
I am doing some Software Performance Test(thru network environment) and Im using Wireshark to analyze it.
My Capture filter is ether host xx:xx:xx and Display filter is smb2.
What is the filter syntax should I use to remove the packet using GUID handle file:xxx under smb2 protocol.
Please help.