One of my favorite Wireshark features is how to rebuild a file that you downloaded via SMB.
This technique gives you a totally new angle when troubleshooting or baselining.
The last 2 versions of Wireshark has added support for SMB. So now you can rebuild a file that was opened, closed, read or written from a Microsoft or SMB server.
In this video I show you how.