Hi,
I would like to monitor the SMB traffic of my self written SMB server.
But Wireshark does not show SMB data. Looks like it doesn’t understand SMB.
My recherche on the internet found that Wireshark should understand SMB
So is there a package missing that teaches Wireshark how to interpret SMB Data?
wireshark-qt 4.4.9-1 [Installiert] extra
wireshark-cli 4.4.9-1 [Installiert] extra
libpcap 1.10.5-3 [Installiert] core
6.17.1-0-MANJARO
thank you
wireshark is a packet capturing tool.
Analyzing the traffic is a human task.
However - if you are trying to capture traffic on your local network interface it requires permissions to do so.
Quick tip:- The English word for “recherche” is research.
You might find something useful here:
Or, perhaps you are looking for a way to test your ports for potential security holes or leakages.
In that case, the GRC “Shields Up” site may be useful:
Regards.
Edit:-
I don’t know if this is what you are looking for but you could use tcpdump; a command-line packet analyzer which allows you to capture/display network traffic in real-time:
Install tcpdump:
sudo pacman -S tcpdump
The following examples show how to capture traffic on a specific network interface – substitute eth0 for your network interface;
(use ip link show to find the name of your device).
a) Capture all traffic on eth0:
sudo tcpdump -i eth0
b) Capture only HTTP traffic:
sudo tcpdump -i eth0 'tcp port 80'
For more usage information see:
Sure analyzing the traffic is a human task.
But wireshark usually creates a human readable form of the payload. There are examples where this works for SMB. But for me Wireshark doesn’t do that for SMB Payload.
Some acknowledgement, even as a courtesy, is always appreciated.
I haven’t touched Wireshark in decades, but you probably need to decrypt them..
I am no wireshark expert - I do occasionally utilise it - so I have it installed.
If you want to analyze the network traffic by using the local interface you need to add yourself to wireshark group.
Likewise the interface should allow you to connect in promiscuous mode - for this you may need to run the capture as root.
Then - depending on the server in question - you may need to decode the traffic as recent samba implementations may encrypt the traffic.
I don’t know what you mean by that
