Re: tshark smb,srt filter error

[Evan Huus <eapache () gmail com>]

On Sun, Oct 20, 2013 at 1:59 PM, Tal Bar-Or <tbaror () gmail com> wrote:
> Hi again Evan,
>
> Great news its works i did
>
> > C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -r
> > tracesmb_fileop2.pcap -Y "smb.time" -T fields -e ip.dst  -e ip.src -e
> > smb.file -e smb.path -e smb.time
>
>
> and i noticed that the file include the sub directory ( i used it on another
> file)
> >   \\public\\WhereAreAllTheFiles.txt               0.000443000
> >   \\public\\WhereAreAllTheFiles.txt               0.000281000
> >   \\public\\WhereAreAllTheFiles.txt               0.000220000
>
> so i did
> > C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -n -r
> > tracesmb_fileop2.pcap -q -z
> > "smb,srt,smb.file==\"\\public\\WhereAreAllTheFiles.txt\""
> >
> > =================================================================
> > SMB SRT Statistics:
> > Filter: smb.file=="\\public\\WhereAreAllTheFiles.txt"
> > Commands                   Calls    Min SRT    Max SRT    Avg SRT
> >
> > Transaction2 Commands      Calls    Min SRT    Max SRT    Avg SRT
> > QUERY_PATH_INFO                6   0.000220   0.000443   0.000284
> >
> > NT Transaction Commands    Calls    Min SRT    Max SRT    Avg SRT
> > =================================================================
>
>
> and now works
> Thanks
> Cheers

Great, glad you got it figured out.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe