It is fairly easy to filter on CIFS traffic only - simply use a filter of "smb".
This will filter on only packets which Ethereal has determined to be CIFS-related, including TCP ACK-only frames, etc.
It WON'T filter on traffic that may related to CIFS but not CIFS itself, such as WINS, NetBIOS name service, DNS, MS-Kerberos, LDAP, etc., however, building filters for these is also fairly easy, and you can add statements together. See the Ethereal User's Guide (section http://www.ethereal.com/docs/user-guide/ch03dispfilt.html) for details on how to do this.
If you're looking to filter on specific CIFS commands or other fields, take a look at the Ethereal man page for the smb.* fields.
Ian On Saturday, March 22, 2003, at 04:09 PM, von Kuelmer, Ferdinand wrote:
Hi all,
i try to analyze a cifs trace.
Please, how can i set a special filter for cifs requests, responses, close etc. I know the filter expressions for tcp.ports, http.* and all the other normal network traffic, but CIFS seems to be a protocol with a big overhead and and a lot of undocumented procedures.
thx in advance Ferdinand
_______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
