On Apr 19, 2014, at 12:24 PM, Richard Sharpe <realrichardsha...@gmail.com> wrote:
> One think I would like to be able to do is "Show me all the SMB2 > requests where the smb2.flags.is_response == true && smb2.nt_status != > NT_STATUS_SUCCESS" Presumably you mean "show me all the SMB2 transactions (requests and matching responses) where the response returned an error". There's now a mechanism to, when saving filtered packets, save "related" packets. I think this was introduced to allow the earlier fragments/segments of a reassembled packet to be saved, along with the final packet that matched the filter, but in at least some cases somebody might want to save the requests corresponding to replies that match the filter. So perhaps there should be a way to have a display filter show related packets in addition to packets that match the packet-matching expression. However, there are multiple flavors of "related", and sometimes you might want the corresponding requests but *not* other fragments/segments, and other times you might want the other fragments/segments but *not* the corresponding requests, and sometimes you might want both. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
