Wireshark · Wireshark-users: [Wireshark-users] Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET

Wireshark-users: [Wireshark-users] Accessing the NT ACE Information field from TShark in SMB NT T

From: Guy other <guy.other@xxxxxxxxx>

Date: Sun, 3 Oct 2010 17:44:39 +0200

Hi,
When I capture using TShark, I would like to use the "-T fields -e <fieldname>" flag to get the different NT ACE fields in a
SMB NT Trans Request, NT SET SECURITY packet.

The thing is that there can be a different number of NT ACE fields in the packet.
Is there some syntax to specify which one I want to access? can I somehow iterate over all of the ACE fields?

In Wireshark you can see the different fields, My question is how to do it from the command line with TShark.
I'm attaching an example .pcap file, the request is in packet 1824
Thanks!

Attachment: local_permissions_changes.pcap
Description: Binary data

Follow-Ups:
- Re: [Wireshark-users] Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY
  - From: j.snelders

Prev by Date: [Wireshark-users] DRDA not in the "Decode As" list?
Next by Date: [Wireshark-users] reply to thread: Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY From: Guy other <guy.other@xxxxxxxxx> Date: Sun, 3 Oct 2010 17:44:39 +0200
Previous by thread: [Wireshark-users] DRDA not in the "Decode As" list?
Next by thread: Re: [Wireshark-users] Accessing the NT ACE Information field from TShark in SMB NT Trans Request, NT SET SECURITY
Index(es):
- Date
- Thread