Network Monitor SMB Filtering
Data Fields:
Field |
Description |
Example |
| SMB.Command | Filter on a specific SMB Command number | SMB.Command==0x2F |
| SMB.NTStatus | Represents the error value of an SMB command. The example looks for any frame with an error (non zero). | SMB.NTStatus != 0 |
Properties:
| Property | Description | Example |
| SMBFileID | The File ID for any kind of SMB request. | SMBFileID==0x4000 |
| SMBFileName | The file name for an SMB request. This might also be stored as conversation state information so there may not be associated frame data. | SMBFileName.Contains("xxx") |
| SMBCommand | Represents the SMB command for the current frame. If two SMB Commands exist, this will only represent the last one. | SMBCommand==0x2F |
| SMBPID | Process ID for the SMB command based on the value in the SMB header. | SMBPID==0x1234 |
| SMBStatus | SMB Status represented as a Numeric value. | SMBStatus != 0 |