On Sat, Apr 19, 2014 at 12:48 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Apr 19, 2014, at 12:24 PM, Richard Sharpe <realrichardsha...@gmail.com> > wrote: > >> One think I would like to be able to do is "Show me all the SMB2 >> requests where the smb2.flags.is_response == true && smb2.nt_status != >> NT_STATUS_SUCCESS" > > Presumably you mean "show me all the SMB2 transactions (requests and matching > responses) where the > response returned an error".
Yes, although that was just an example. In other cases I would like to see all the SMB Creates where the requested access == 0x120196 or whatever ... > There's now a mechanism to, when saving filtered packets, save "related" > packets. I think this was introduced to > allow the earlier fragments/segments of a reassembled packet to be saved, > along with the final packet that > matched the filter, but in at least some cases somebody might want to save > the requests corresponding to > replies that match the filter. Yeah, but then I want to be able to step through each of the packets found and look at the one before or after, so I am continually hitting clear and apply and so fort. It gets to be a pain, so then I thought of the concept of having a search results pane that when you click on one of the search results syncs the main pane so you can move around and inspect more etc. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
