Wireshark mailing list archives
Re: tshark smb,srt filter error
From: Tal Bar-Or <tbaror () gmail com>
Date: Sun, 20 Oct 2013 20:59:04 +0300
Hi again Evan, Great news its works i did C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -r
tracesmb_fileop2.pcap -Y "smb.time" -T fields -e ip.dst -e ip.src -e smb.file -e smb.path -e smb.time
and i noticed that the file include the sub directory ( i used it on another file)
\\public\\WhereAreAllTheFiles.txt 0.000443000 \\public\\WhereAreAllTheFiles.txt 0.000281000 \\public\\WhereAreAllTheFiles.txt 0.000220000
so i did
C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -n -r tracesmb_fileop2.pcap -q -z "smb,srt,smb.file==\"\\public\\WhereAreAllTheFiles.txt\"" ================================================================= SMB SRT Statistics: Filter: smb.file=="\\public\\WhereAreAllTheFiles.txt" Commands Calls Min SRT Max SRT Avg SRT Transaction2 Commands Calls Min SRT Max SRT Avg SRT QUERY_PATH_INFO 6 0.000220 0.000443 0.000284 NT Transaction Commands Calls Min SRT Max SRT Avg SRT =================================================================
and now works Thanks Cheers On Sun, Oct 20, 2013 at 8:51 PM, Tal Bar-Or <tbaror () gmail com> wrote:
Hi Evan, Thanks for the suggestion , i don't have error but i don't have any statistics :-( On Sun, Oct 20, 2013 at 8:05 PM, Evan Huus <eapache () gmail com> wrote:On Sun, Oct 20, 2013 at 1:47 AM, Tal Bar-Or <tbaror () gmail com> wrote:Hi All, i am trying to get some smb statistics for certain file using tshark for scripting propose , i think i am using the correct syntax but stillgettingerrors as follows below even if i remove the \ i get invalid - "New" was unexpected in this context. Please advice ThanksC:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -n -r tracesmb_fileop1.pcap -q -z "smb,srt,smb.file==\\New Video12_20196.xml"tshark: Couldn't register smb,srt tap: Filter "smb.file==\New Video 12_20196.xml" is invalid - "\" was unexpected in this context.-- Tal Bar-orHi Tal, Just guessing, but I think you probably need to add quotes around the file-name string. Does "smb,srt,smb.file==\"\\New Video 12_20196.xml\"" work? Evan ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe-- Tal Bar-or
-- Tal Bar-or
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark smb,srt filter error Tal Bar-Or (Oct 19)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)
- Re: tshark smb,srt filter error Tal Bar-Or (Oct 20)
- Re: tshark smb,srt filter error Tal Bar-Or (Oct 20)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)
- Re: tshark smb,srt filter error Tal Bar-Or (Oct 20)
- Re: tshark smb,srt filter error Guy Harris (Oct 20)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)
- Re: tshark smb,srt filter error Guy Harris (Oct 20)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)
- Re: tshark smb,srt filter error Jim Young (Oct 20)
- Re: tshark smb,srt filter error Kevin R. Cullimore (Oct 21)
- Re: tshark smb,srt filter error Evan Huus (Oct 20)