Wireshark-users: [Wireshark-users] Accessing the NT ACE Information field from TShark in SMB NT T
From: Guy other <[email protected]>
Date: Sun, 3 Oct 2010 17:44:39 +0200
Hi,
When I capture using TShark, I would like to use the "-T fields -e <fieldname>" flag to get the different NT ACE fields in a
SMB NT Trans Request, NT SET SECURITY packet.

The thing is that there can be a different number of NT ACE fields in the packet.
Is there some syntax to specify which one I want to access? can I somehow iterate over all of the ACE fields?

In Wireshark you can see the different fields, My question is how to do it from the command line with TShark.
I'm attaching an example .pcap file, the request is in packet 1824
Thanks!


Attachment: local_permissions_changes.pcap
Description: Binary data