smb handshake tcp connection

December 10, 2017 at 03:16:27
Specs: Windows 7
im currently connected to the home network sharing files between pc's. using wireshark, im trying to capture the 3 way handshake, but all i see are smb protocols and theyre on port 445. if i use windows media player to share the files i get the 3 way handshake on port 2869.
can i filter it somehow to view the handshake on this smb protocol, or is there another way of capturing a tcp connection on port 445?

See More: smb handshake tcp connection

Report •

#1
December 10, 2017 at 17:47:02
In the Wire-shark filter bar enter: tcp.port == 445 (or 2869).
If the bar turns green the expression is valid.

If you click on the Expression button next to the filter bar, you can create any kind of filter.
For SMB there are long lists of filter properties


Report •

#2
December 10, 2017 at 19:04:07
Yea I tried filtering on port 445 for the smb protocol and the tcp.flags.syn == 1, still can't find the handshake. I only see an ack.

Report •

#3
December 10, 2017 at 23:13:25

Report •
Related Solutions


Ask Question