Network Monitor SMB2 Filtering
Data Fields:
Field |
Description |
Example |
| SMB2.SMB2Header.Command | Filter on a specific SMB2 Command number | SMB2.SMB2Header.Command==0x2F |
| SMB2.SMB2Header.Status | Represents the error value of an SMB2 command. The example looks for any frame with an error (non zero). | SMB2.SMB2Header.Status != 0 |
Properties:
| Property | Description | Example |
| SMBFileIDPersistent | For SMB2, the file ID can be one of two types. This represents the Persistent type. | SMBFileIDPersistent ==0x4000 |
| SMBFileIDVolatile | For SMB2, the file ID can be one of two types. This represents the Volatile type. | SMBFileIDVolatile==0x8000 |
| SMBFileName | The file name for an SMB or SMB2 request. This might also be stored as conversation state information so there may not be associated frame data. | SMBFileName.Contains("xxx") |
| SMBCommand | Represents the SMB or SMB2 command for the current frame. If two SMB2 Commands exist, this will only represent the last one. | SMBCommand==0x2F |
| SMBPID | Process ID for the SMB command based on the value in the SMB header. | SMBPID==0x1234 |
| SMBStatus | SMB or SMB2 Status represented as a Numeric value. | SMBStatus != 0 |