diff, compare and debug SMB traffic
smbcmp is a small tool designed to diff and compare network
captures, specifically aimed at SMB traffic. It leverages
wireshark to dissect and do deep analysis of
SMB packets and supports SMB1, SMB2 and SMB3.
Screenshots
 |
 |
 |
| in a Windows Powershell | GUI on Windows | GUI on Linux |
Features
- Compare captures side-by-side
- Ignore specific fields
- Leverages Wireshark for deep analyzing and dissecting:
- Compares decrypted SMB3 traffic (AES-128-GCM & AES-128-CCM, given keys are available)
- Compares decompressed traffic (LZ77, LZNT1, LZ77+Huff)
- Supports SMB1, SMB2, SMB3
- Supports all sorts of capture format
- Available on Linux and Windows.
- Free and open source (GPLv3)
- console version based on ncurses
- GUI version based on wxWidget
Contribute
smbcmp is actively developped on Github.
Download
Releases
- smbcmp v0.1
- Experimental packages for SUSE, RedHat, Debian and Ubuntu systems are available on OBS