Wireshark mailing list archives

Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY

From: Guy other <guy.other () gmail com>
Date: Sun, 3 Oct 2010 17:44:39 +0200

Hi,
When I capture using TShark, I would like to use the "-T fields -e
<fieldname>" flag to get the different NT ACE fields in a
SMB NT Trans Request, NT SET SECURITY packet.

The thing is that there can be a different number of NT ACE fields in the
packet.
Is there some syntax to specify which one I want to access? can I somehow
iterate over all of the ACE fields?

In Wireshark you can see the different fields, My question is how to do it
from the command line with TShark.
I'm attaching an example .pcap file, the request is in packet 1824
Thanks!

Attachment: local_permissions_changes.pcap
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY Guy other (Oct 04)
- Re: Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY j.snelders (Oct 04)