forums.meulie.net

SMB2 and Wireshark

Hello Guys, working with Wireshark 2.0.4, I’m analyzing two SMB2 file transfers from one PC to another, for whatever reason I need to be able to differentiate the two TCP streams of transfer ( say FILE A and FILE B). I do find the FILE A and FILE B by looking up with find packet>string but I’m totally unable to differentiate the two TCP streams. I checked Source port, Process ID an they are both the same in FILE A and FILE B transers , and I see nothing in the SMB header that could differentiate the two streams … Anyone expert in SMB/Wireshark has an idea ? thanks !