https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14179
--- Comment #4 from Guy Harris <g...@alum.mit.edu> ---
(In reply to Gerald Combs from comment #3)
> I think it's important to maintain a neutral tone in general, but in this
> case the vendor strongly discourages SMB1 and is hoping to eliminate its use:
>
> https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
> https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-
> clearinghouse/
>
> Wireshark isn't an IDS, but I can imagine that some sort of expert info or
> display filter would be useful for server or network teams trying to track
> down devices using SMB1.
+1
An expert info might be a good idea.
A mechanism to allow packet-matching expressions (what we have been calling
"display filters" even though they're also used, for example, for specially
coloring matching packets rather than filtering out non-matching packets) to
trigger the addition of expert info items might be an interesting enhancement
for this and other cases.
If features such as this are user-configurable - i.e., if they're done by
user-editable coloring rules or "expert info rules" - it might soften some
objections to checks such as that, as they'd fall under the heading of
user-configurable policy rather than compiled-in mechanism.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
