Ethereal-users: [Ethereal-users] PLEASE HELP WITH THIS NETWORK FAULT I JUST CAN NOT SOLVE
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "john@xxxxxxxxxxxx" <john@xxxxxxxxxxxx>
Date: Mon, 22 Aug 2005 16:38:44 +0100
HelloThanks for creating such a good program, i think ethereal has got me just a little bit closer to a very long on going network problem
that has been haunting me for almost two years. Thus any help from you will be very much appreciated.I am trying to establish whether my fault is some very nasty bug / Trojan (may be a bios virus ???)
if it is nothing seems to find it, and I can't get rid of it the poor network performance on my network
About two years ago I noticed poor network performance, and slow clicking in my computer on drives of P4 xp machines.
I had two servers (1 x file server) and (1 x mail server)I had errors where you could not browse certain machines, windows xp event forced election errors and just poor network performance
and strange things going on.I wiped every machine on the network including both servers and reinstalled everything on client and server machines
formated the drives, reinstalled up to date drivers etc.I still had funny things going on between my servers / Internet / client machines via the net work.
... I thought time to simplify my network......I now only have 1 x client machine, 1x server, 1 x watch guard X500 firewall, 1 x Netopia Router connected to my firewall
my server i.p. is 192.168.1.5 my firewall i.p. is 192.168.1.1 my client i.p is 192.168.1.100for the last two years i have suffered bad network performance locally and Internet and strange problems that I just cant solve
I came across you program which is brilliant, and has shown me all IP traffic across the network.
and I think the problem I have !! I am running the software on a client machine 192.1681.100i keep getting lots of checksum errors... i.e Checksum: 0x8450 [incorrect, should be 0xeac1]
Please see below sample packets below. this must mean something is corrupting the data (what ???) I just know the network has not been right please help what is the next step other than seeing corrupted checksums ??? these errors happen on all outgoing network data is this the cause of something nasty / Trojan i have checked & checked Please Help Regards John Corrupted network data below (from just browsing shared folders on server) >>>>>>>>>>sample dataNo. Time Source Destination Protocol Info 1 0.000000 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 1 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.599576000 Time delta from previous packet: 0.000000000 seconds Time since reference or first frame: 0.000000000 seconds Frame Number: 1 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 2 0.041832 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 2 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.641408000 Time delta from previous packet: 0.041832000 seconds Time since reference or first frame: 0.041832000 seconds Frame Number: 2 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 3 0.083662 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 3 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.683238000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 0.083662000 seconds Frame Number: 3 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 4 0.125731 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 4 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.725307000 Time delta from previous packet: 0.042069000 seconds Time since reference or first frame: 0.125731000 seconds Frame Number: 4 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 5 0.167562 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 5 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.767138000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 0.167562000 seconds Frame Number: 5 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 6 0.209634 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 6 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.809210000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 0.209634000 seconds Frame Number: 6 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 7 0.251463 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 7 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.851039000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 0.251463000 seconds Frame Number: 7 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 8 0.293535 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 8 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.893111000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 0.293535000 seconds Frame Number: 8 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 9 0.335365 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 9 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.934941000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 0.335365000 seconds Frame Number: 9 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 10 0.377438 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 10 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:06.977014000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 0.377438000 seconds Frame Number: 10 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 11 0.419266 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 11 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.018842000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 0.419266000 seconds Frame Number: 11 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 12 0.461332 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 12 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.060908000 Time delta from previous packet: 0.042066000 seconds Time since reference or first frame: 0.461332000 seconds Frame Number: 12 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 13 0.503166 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 13 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.102742000 Time delta from previous packet: 0.041834000 seconds Time since reference or first frame: 0.503166000 seconds Frame Number: 13 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 14 0.545233 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 14 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.144809000 Time delta from previous packet: 0.042067000 seconds Time since reference or first frame: 0.545233000 seconds Frame Number: 14 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 15 0.587072 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 15 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.186648000 Time delta from previous packet: 0.041839000 seconds Time since reference or first frame: 0.587072000 seconds Frame Number: 15 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 16 0.629137 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 16 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.228713000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 0.629137000 seconds Frame Number: 16 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 17 0.670966 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 17 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.270542000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 0.670966000 seconds Frame Number: 17 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 18 0.712795 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 18 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.312371000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 0.712795000 seconds Frame Number: 18 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 19 0.754868 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 19 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.354444000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 0.754868000 seconds Frame Number: 19 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 20 0.796696 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 20 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.396272000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 0.796696000 seconds Frame Number: 20 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 21 0.838769 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 21 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.438345000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 0.838769000 seconds Frame Number: 21 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 22 0.880599 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 22 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.480175000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 0.880599000 seconds Frame Number: 22 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 23 0.922672 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 23 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.522248000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 0.922672000 seconds Frame Number: 23 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 24 0.964501 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 24 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.564077000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 0.964501000 seconds Frame Number: 24 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 25 1.006574 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 25 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.606150000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 1.006574000 seconds Frame Number: 25 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 26 1.048403 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 26 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.647979000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 1.048403000 seconds Frame Number: 26 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 27 1.090478 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 27 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.690054000 Time delta from previous packet: 0.042075000 seconds Time since reference or first frame: 1.090478000 seconds Frame Number: 27 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 28 1.132313 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 28 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.731889000 Time delta from previous packet: 0.041835000 seconds Time since reference or first frame: 1.132313000 seconds Frame Number: 28 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 29 1.174378 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 29 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.773954000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 1.174378000 seconds Frame Number: 29 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 30 1.216207 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 30 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.815783000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 1.216207000 seconds Frame Number: 30 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 31 1.258279 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 31 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.857855000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 1.258279000 seconds Frame Number: 31 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 32 1.300118 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 32 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.899694000 Time delta from previous packet: 0.041839000 seconds Time since reference or first frame: 1.300118000 seconds Frame Number: 32 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 33 1.342191 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 33 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.941767000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 1.342191000 seconds Frame Number: 33 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 34 1.384015 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 34 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:07.983591000 Time delta from previous packet: 0.041824000 seconds Time since reference or first frame: 1.384015000 seconds Frame Number: 34 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 35 1.425850 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 35 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.025426000 Time delta from previous packet: 0.041835000 seconds Time since reference or first frame: 1.425850000 seconds Frame Number: 35 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 36 1.467913 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 36 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.067489000 Time delta from previous packet: 0.042063000 seconds Time since reference or first frame: 1.467913000 seconds Frame Number: 36 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 37 1.509743 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 37 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.109319000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 1.509743000 seconds Frame Number: 37 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 38 1.551816 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 38 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.151392000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 1.551816000 seconds Frame Number: 38 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 39 1.593647 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 39 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.193223000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 1.593647000 seconds Frame Number: 39 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 40 1.635718 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 40 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.235294000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 1.635718000 seconds Frame Number: 40 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 41 1.677556 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 41 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.277132000 Time delta from previous packet: 0.041838000 seconds Time since reference or first frame: 1.677556000 seconds Frame Number: 41 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 42 1.719621 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 42 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.319197000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 1.719621000 seconds Frame Number: 42 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 43 1.761450 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 43 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.361026000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 1.761450000 seconds Frame Number: 43 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 44 1.803523 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 44 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.403099000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 1.803523000 seconds Frame Number: 44 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 45 1.845360 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 45 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.444936000 Time delta from previous packet: 0.041837000 seconds Time since reference or first frame: 1.845360000 seconds Frame Number: 45 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 46 1.887425 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 46 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.487001000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 1.887425000 seconds Frame Number: 46 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 47 1.929253 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 47 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.528829000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 1.929253000 seconds Frame Number: 47 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 48 1.971329 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 48 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.570905000 Time delta from previous packet: 0.042076000 seconds Time since reference or first frame: 1.971329000 seconds Frame Number: 48 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 49 2.013156 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 49 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.612732000 Time delta from previous packet: 0.041827000 seconds Time since reference or first frame: 2.013156000 seconds Frame Number: 49 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 50 2.054986 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 50 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.654562000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 2.054986000 seconds Frame Number: 50 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 51 2.097066 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 51 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.696642000 Time delta from previous packet: 0.042080000 seconds Time since reference or first frame: 2.097066000 seconds Frame Number: 51 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 52 2.138896 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 52 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.738472000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 2.138896000 seconds Frame Number: 52 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 53 2.180960 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 53 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.780536000 Time delta from previous packet: 0.042064000 seconds Time since reference or first frame: 2.180960000 seconds Frame Number: 53 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 54 2.222789 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 54 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.822365000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 2.222789000 seconds Frame Number: 54 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 55 2.264864 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 55 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.864440000 Time delta from previous packet: 0.042075000 seconds Time since reference or first frame: 2.264864000 seconds Frame Number: 55 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 56 2.306693 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 56 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.906269000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 2.306693000 seconds Frame Number: 56 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 57 2.348766 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 57 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.948342000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 2.348766000 seconds Frame Number: 57 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 58 2.390598 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 58 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:08.990174000 Time delta from previous packet: 0.041832000 seconds Time since reference or first frame: 2.390598000 seconds Frame Number: 58 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 59 2.432667 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 59 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.032243000 Time delta from previous packet: 0.042069000 seconds Time since reference or first frame: 2.432667000 seconds Frame Number: 59 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 60 2.474496 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 60 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.074072000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 2.474496000 seconds Frame Number: 60 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 61 2.516568 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 61 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.116144000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 2.516568000 seconds Frame Number: 61 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 62 2.558398 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 62 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.157974000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 2.558398000 seconds Frame Number: 62 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 63 2.600480 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 63 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.200056000 Time delta from previous packet: 0.042082000 seconds Time since reference or first frame: 2.600480000 seconds Frame Number: 63 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 64 2.642308 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 64 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.241884000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 2.642308000 seconds Frame Number: 64 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 65 2.684138 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 65 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.283714000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 2.684138000 seconds Frame Number: 65 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 66 2.726210 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 66 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.325786000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 2.726210000 seconds Frame Number: 66 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 67 2.768039 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 67 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.367615000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 2.768039000 seconds Frame Number: 67 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 68 2.810114 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 68 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.409690000 Time delta from previous packet: 0.042075000 seconds Time since reference or first frame: 2.810114000 seconds Frame Number: 68 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 69 2.851936 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 69 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.451512000 Time delta from previous packet: 0.041822000 seconds Time since reference or first frame: 2.851936000 seconds Frame Number: 69 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 70 2.894010 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 70 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.493586000 Time delta from previous packet: 0.042074000 seconds Time since reference or first frame: 2.894010000 seconds Frame Number: 70 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 71 2.935836 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 71 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.535412000 Time delta from previous packet: 0.041826000 seconds Time since reference or first frame: 2.935836000 seconds Frame Number: 71 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 72 2.977913 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 72 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.577489000 Time delta from previous packet: 0.042077000 seconds Time since reference or first frame: 2.977913000 seconds Frame Number: 72 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 73 3.019740 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 73 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.619316000 Time delta from previous packet: 0.041827000 seconds Time since reference or first frame: 3.019740000 seconds Frame Number: 73 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 74 3.061814 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 74 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.661390000 Time delta from previous packet: 0.042074000 seconds Time since reference or first frame: 3.061814000 seconds Frame Number: 74 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 75 3.103644 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 75 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.703220000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 3.103644000 seconds Frame Number: 75 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 76 3.145721 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 76 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.745297000 Time delta from previous packet: 0.042077000 seconds Time since reference or first frame: 3.145721000 seconds Frame Number: 76 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 77 3.187544 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 77 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.787120000 Time delta from previous packet: 0.041823000 seconds Time since reference or first frame: 3.187544000 seconds Frame Number: 77 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 78 3.229616 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 78 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.829192000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 3.229616000 seconds Frame Number: 78 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 79 3.271448 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 79 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.871024000 Time delta from previous packet: 0.041832000 seconds Time since reference or first frame: 3.271448000 seconds Frame Number: 79 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 80 3.313283 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 80 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.912859000 Time delta from previous packet: 0.041835000 seconds Time since reference or first frame: 3.313283000 seconds Frame Number: 80 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 81 3.355348 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 81 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.954924000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 3.355348000 seconds Frame Number: 81 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 82 3.397179 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 82 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:09.996755000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 3.397179000 seconds Frame Number: 82 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 83 3.439251 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 83 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.038827000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 3.439251000 seconds Frame Number: 83 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 84 3.481079 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 84 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.080655000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 3.481079000 seconds Frame Number: 84 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 85 3.523151 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 85 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.122727000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 3.523151000 seconds Frame Number: 85 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 86 3.564989 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 86 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.164565000 Time delta from previous packet: 0.041838000 seconds Time since reference or first frame: 3.564989000 seconds Frame Number: 86 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 87 3.607062 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 87 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.206638000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 3.607062000 seconds Frame Number: 87 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 88 3.648885 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 88 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.248461000 Time delta from previous packet: 0.041823000 seconds Time since reference or first frame: 3.648885000 seconds Frame Number: 88 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 89 3.690956 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 89 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.290532000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 3.690956000 seconds Frame Number: 89 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 90 3.732798 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 90 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.332374000 Time delta from previous packet: 0.041842000 seconds Time since reference or first frame: 3.732798000 seconds Frame Number: 90 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 91 3.750395 192.168.1.100 192.168.1.5 SMB NT Create AndX Request, Path: \srvsvc
Frame 91 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.349971000 Time delta from previous packet: 0.017597000 seconds Time since reference or first frame: 3.750395000 seconds Frame Number: 91 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc811 (51217)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae9c [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 0, Ack: 0, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 0 (relative sequence number)
Next sequence number: 104 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64286
Checksum: 0x843c [incorrect, should be 0xb347]
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 92
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 29248
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x01
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..0. = Effective Only: ALL aspects of the client's
security context are available
Byte Count (BCC): 17
File Name: \srvsvc
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 11 40 00 80 06 ae 9c c0 a8 01 64 c0 a8 ....@........d..
0020 01 05 06 2d 00 8b 44 ed 9f b2 9e e6 91 9b 50 18 ...-..D.......P.
0030 fb 1e 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 ...<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 72 18 ff 00 de de 00 ....... @r......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 02 00 00 00 01 11 00 00 5c 00 ..@.@.........\.
0090 73 00 72 00 76 00 73 00 76 00 63 00 00 00 s.r.v.s.v.c...
No. Time Source Destination Protocol
Info
92 3.751027 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x4007
Frame 92 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.350603000 Time delta from previous packet: 0.000632000 seconds Time since reference or first frame: 3.751027000 seconds Frame Number: 92 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0f85 (3973)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6706 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 0, Ack: 104, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 0 (relative sequence number)
Next sequence number: 139 (relative sequence number)
Acknowledgement number: 104 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16820
Checksum: 0xfbee [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 91
The RTT to ACK the segment was: 0.000632000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 91
Time from request: 0.000632000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 29248
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x4007
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f 85 40 00 80 06 67 06 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 91 9b 44 ed a0 1a 50 18 .d...-....D...P.
0030 41 b4 fb ee 00 00 00 00 00 87 ff 53 4d 42 a2 00 A..........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 72 2a ff 00 87 00 00 ....... @r*.....
0060 07 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
93 3.751146 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: SRVSVC
Frame 93 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.350722000 Time delta from previous packet: 0.000119000 seconds Time since reference or first frame: 3.751146000 seconds Frame Number: 93 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc812 (51218)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae77 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 104, Ack: 139, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 104 (relative sequence number)
Next sequence number: 244 (relative sequence number)
Acknowledgement number: 139 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64147
Checksum: 0x8460 [incorrect, should be 0x549b]
SEQ/ACK analysis
This is an ACK to the segment in frame: 92
The RTT to ACK the segment was: 0.000119000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 94
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29312
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4007
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 4b324fc8-1670-01d3-1278-5a47bf6ee188
Interface Ver: 3
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 12 40 00 80 06 ae 77 c0 a8 01 64 c0 a8 ....@....w...d..
0020 01 05 06 2d 00 8b 44 ed a0 1a 9e e6 92 26 50 18 ...-..D......&P.
0030 fa 93 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 72 0e ff 00 de de 07 ....... .r......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 c8 4f 32 4b 70 16 ...........O2Kp.
00a0 d3 01 12 78 5a 47 bf 6e e1 88 03 00 00 00 04 5d ...xZG.n.......]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
94 3.751511 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x4007, 72 bytes
Frame 94 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.351087000 Time delta from previous packet: 0.000365000 seconds Time since reference or first frame: 3.751511000 seconds Frame Number: 94 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0f86 (3974)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x675d [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 139, Ack: 244, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 139 (relative sequence number)
Next sequence number: 190 (relative sequence number)
Acknowledgement number: 244 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16680
Checksum: 0xbe29 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 93
The RTT to ACK the segment was: 0.000365000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 93
Time from request: 0.000365000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29312
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x4007
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f 86 40 00 80 06 67 5d c0 a8 01 05 c0 a8 .[..@...g]......
0020 01 64 00 8b 06 2d 9e e6 92 26 44 ed a0 a6 50 18 .d...-...&D...P.
0030 41 28 be 29 00 00 00 00 00 2f ff 53 4d 42 2f 00 A(.)...../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 72 06 ff 00 2f 00 48 ....... .r.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
95 3.751592 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x4007, 1024 bytes at offset 0
Frame 95 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.351168000 Time delta from previous packet: 0.000081000 seconds Time since reference or first frame: 3.751592000 seconds Frame Number: 95 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc813 (51219)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaec3 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 244, Ack: 190, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 244 (relative sequence number)
Next sequence number: 307 (relative sequence number)
Acknowledgement number: 190 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64096
Checksum: 0x8413 [incorrect, should be 0x95b6]
SEQ/ACK analysis
This is an ACK to the segment in frame: 94
The RTT to ACK the segment was: 0.000081000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 96
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29376
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4007
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 13 40 00 80 06 ae c3 c0 a8 01 64 c0 a8 .g..@........d..
0020 01 05 06 2d 00 8b 44 ed a0 a6 9e e6 92 59 50 18 ...-..D......YP.
0030 fa 60 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .`.......;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 72 0c ff 00 de de 07 ....... .r......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
96 3.751997 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 96 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.351573000 Time delta from previous packet: 0.000405000 seconds Time since reference or first frame: 3.751997000 seconds Frame Number: 96 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0f87 (3975)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x670b [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 190, Ack: 307, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 190 (relative sequence number)
Next sequence number: 322 (relative sequence number)
Acknowledgement number: 307 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16617
Checksum: 0x6171 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 95
The RTT to ACK the segment was: 0.000405000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 95
Time from request: 0.000405000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29376
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x4007
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a5a3
Scndry Addr len: 13
Scndry Addr: \PIPE\ntsvcs
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f 87 40 00 80 06 67 0b c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 92 59 44 ed a0 e5 50 18 .d...-...YD...P.
0030 40 e9 61 71 00 00 00 00 00 80 ff 53 4d 42 2e 00 @.aq.......SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 72 0c ff 00 00 00 00 ....... .r......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 a3 a5 00 00 0d 00 ................
0090 5c 50 49 50 45 5c 6e 74 73 76 63 73 00 00 01 00 \PIPE\ntsvcs....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
97 3.752074 192.168.1.100 192.168.1.5 SRVSVC
NetrShareEnum request, SHARE_INFO_1 level
Frame 97 (230 bytes on wire, 230 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.351650000 Time delta from previous packet: 0.000077000 seconds Time since reference or first frame: 3.752074000 seconds Frame Number: 97 Packet Length: 230 bytes Capture Length: 230 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 216
Identification: 0xc814 (51220)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae51 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 307, Ack: 322, Len: 176
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 307 (relative sequence number)
Next sequence number: 483 (relative sequence number)
Acknowledgement number: 322 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x8484 [incorrect, should be 0xea89]
SEQ/ACK analysis
This is an ACK to the segment in frame: 96
The RTT to ACK the segment was: 0.000077000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 172
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 98
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 29440
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 88
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 88
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 105
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4007
DCE RPC Request, Fragment: Single, FragLen: 88, Call: 1 Ctx: 0
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 88
Auth Length: 0
Call ID: 1
Alloc hint: 64
Context ID: 0
Opnum: 15
Microsoft Server Service, NetrShareEnum
Operation: NetrShareEnum (15)
Server: \\Dell-s1
Referent ID: 0x0003f914
Max Count: 10
Offset: 0
Actual Count: 10
Server: \\Dell-s1
Info Level: 1
Shares
Info Level: 1
SHARE_INFO_1_CONTAINER:
Referent ID: 0x0113d880
Number of entries: 0
(NULL pointer) SHARE_INFO_1 array:
Preferred length: 4294967295
(NULL pointer) Enum Handle
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 d8 c8 14 40 00 80 06 ae 51 c0 a8 01 64 c0 a8 ....@....Q...d..
0020 01 05 06 2d 00 8b 44 ed a0 e5 9e e6 92 dd 50 18 ...-..D.......P.
0030 ff ff 84 84 00 00 00 00 00 ac ff 53 4d 42 25 00 ...........SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 73 10 00 00 58 00 00 ....... .s...X..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 58 00 54 00 02 00 26 00 07 40 69 00 00 5c 00 .X.T...&..@i..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 58 00 00 00 01 00 00 00 40 00 ......X.......@.
00a0 00 00 00 00 0f 00 14 f9 03 00 0a 00 00 00 00 00 ................
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 01 00 00 00 01 00 l.-.s.1.........
00d0 00 00 80 d8 13 01 00 00 00 00 00 00 00 00 ff ff ................
00e0 ff ff 00 00 00 00 ......
No. Time Source Destination Protocol
Info
98 3.752970 192.168.1.5 192.168.1.100 DCERPC
Response: call_id: 1[Unreassembled Packet]
Frame 98 (1138 bytes on wire, 1138 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.352546000 Time delta from previous packet: 0.000896000 seconds Time since reference or first frame: 3.752970000 seconds Frame Number: 98 Packet Length: 1138 bytes Capture Length: 1138 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dataEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1124
Identification: 0x0f88 (3976)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6352 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 322, Ack: 483, Len: 1084
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 322 (relative sequence number)
Next sequence number: 1406 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16441
Checksum: 0x4e72 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 97
The RTT to ACK the segment was: 0.000896000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 1080
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 97
Time from request: 0.000896000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_BUFFER_OVERFLOW (0x80000005)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 29440
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 1024
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 1024
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 1025
Padding: 58
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4007
[Unreassembled Packet: DCERPC]
Data (1024 bytes)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 04 64 0f 88 40 00 80 06 63 52 c0 a8 01 05 c0 a8 .d..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 92 dd 44 ed a1 95 50 18 .d...-....D...P.
0030 40 39 4e 72 00 00 00 00 04 38 ff 53 4d 42 25 05 @9Nr.....8.SMB%.
0040 00 00 80 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 73 0a 00 00 00 04 00 ....... .s......
0060 00 00 00 38 00 00 00 00 04 38 00 00 00 00 00 01 ...8.....8......
0070 04 58 05 00 02 03 10 00 00 00 0c 07 00 00 01 00 .X..............
0080 00 00 f4 06 00 00 00 00 00 00 01 00 00 00 01 00 ................
0090 00 00 90 f9 0e 00 17 00 00 00 90 17 11 00 17 00 ................
00a0 00 00 74 37 11 00 00 00 00 00 8e 37 11 00 52 37 ..t7.......7..R7
00b0 11 00 00 00 00 80 58 37 11 00 2c 37 11 00 00 00 ......X7..,7....
00c0 00 00 50 37 11 00 18 37 11 00 00 00 00 00 2a 37 ..P7...7......*7
00d0 11 00 f8 36 11 00 03 00 00 80 02 37 11 00 d6 36 ...6.......7...6
00e0 11 00 00 00 00 80 dc 36 11 00 a8 36 11 00 00 00 .......6...6....
00f0 00 00 b6 36 11 00 92 36 11 00 00 00 00 00 a6 36 ...6...6.......6
0100 11 00 44 36 11 00 01 00 00 00 5c 36 11 00 fa 35 ..D6......\6...5
0110 11 00 01 00 00 00 10 36 11 00 e6 35 11 00 00 00 .......6...5....
0120 00 00 f8 35 11 00 c4 35 11 00 00 00 00 80 ca 35 ...5...5.......5
0130 11 00 b0 35 11 00 00 00 00 00 c2 35 11 00 96 35 ...5.......5...5
0140 11 00 00 00 00 00 ae 35 11 00 80 35 11 00 00 00 .......5...5....
0150 00 00 94 35 11 00 34 35 11 00 01 00 00 00 4c 35 ...5..45......L5
0160 11 00 12 35 11 00 00 00 00 80 18 35 11 00 fc 34 ...5.......5...4
0170 11 00 00 00 00 00 10 35 11 00 e4 34 11 00 00 00 .......5...4....
0180 00 00 fa 34 11 00 bc 34 11 00 00 00 00 80 ca 34 ...4...4.......4
0190 11 00 9a 34 11 00 00 00 00 80 a0 34 11 00 80 34 ...4.......4...4
01a0 11 00 00 00 00 00 98 34 11 00 34 34 11 00 01 00 .......4..44....
01b0 00 00 4c 34 11 00 0d 00 00 00 00 00 00 00 0d 00 ..L4............
01c0 00 00 4d 00 41 00 49 00 4c 00 20 00 42 00 41 00 ..M.A.I.L. .B.A.
01d0 43 00 4b 00 55 00 50 00 53 00 00 00 00 00 01 00 C.K.U.P.S.......
01e0 00 00 00 00 00 00 01 00 00 00 00 00 00 00 03 00 ................
01f0 00 00 00 00 00 00 03 00 00 00 45 00 24 00 00 00 ..........E.$...
0200 00 00 0e 00 00 00 00 00 00 00 0e 00 00 00 44 00 ..............D.
0210 65 00 66 00 61 00 75 00 6c 00 74 00 20 00 73 00 e.f.a.u.l.t. .s.
0220 68 00 61 00 72 00 65 00 00 00 12 00 00 00 00 00 h.a.r.e.........
0230 00 00 12 00 00 00 4c 00 4f 00 54 00 55 00 53 00 ......L.O.T.U.S.
0240 20 00 4f 00 52 00 47 00 41 00 4e 00 49 00 53 00 .O.R.G.A.N.I.S.
0250 45 00 52 00 20 00 36 00 00 00 01 00 00 00 00 00 E.R. .6.........
0260 00 00 01 00 00 00 00 00 00 00 09 00 00 00 00 00 ................
0270 00 00 09 00 00 00 49 00 4e 00 53 00 54 00 41 00 ......I.N.S.T.A.
0280 4c 00 4c 00 53 00 00 00 00 00 01 00 00 00 00 00 L.L.S...........
0290 00 00 01 00 00 00 00 00 00 00 05 00 00 00 00 00 ................
02a0 00 00 05 00 00 00 49 00 50 00 43 00 24 00 00 00 ......I.P.C.$...
02b0 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 52 00 ..............R.
02c0 65 00 6d 00 6f 00 74 00 65 00 20 00 49 00 50 00 e.m.o.t.e. .I.P.
02d0 43 00 00 00 00 00 03 00 00 00 00 00 00 00 03 00 C...............
02e0 00 00 44 00 24 00 00 00 00 00 0e 00 00 00 00 00 ..D.$...........
02f0 00 00 0e 00 00 00 44 00 65 00 66 00 61 00 75 00 ......D.e.f.a.u.
0300 6c 00 74 00 20 00 73 00 68 00 61 00 72 00 65 00 l.t. .s.h.a.r.e.
0310 00 00 07 00 00 00 00 00 00 00 07 00 00 00 70 00 ..............p.
0320 72 00 69 00 6e 00 74 00 24 00 00 00 00 00 10 00 r.i.n.t.$.......
0330 00 00 00 00 00 00 10 00 00 00 50 00 72 00 69 00 ..........P.r.i.
0340 6e 00 74 00 65 00 72 00 20 00 44 00 72 00 69 00 n.t.e.r. .D.r.i.
0350 76 00 65 00 72 00 73 00 00 00 0a 00 00 00 00 00 v.e.r.s.........
0360 00 00 0a 00 00 00 44 00 4f 00 43 00 55 00 4d 00 ......D.O.C.U.M.
0370 45 00 4e 00 54 00 53 00 00 00 01 00 00 00 00 00 E.N.T.S.........
0380 00 00 01 00 00 00 00 00 00 00 0c 00 00 00 00 00 ................
0390 00 00 0c 00 00 00 78 00 5f 00 48 00 50 00 34 00 ......x._.H.P.4.
03a0 30 00 30 00 30 00 5f 00 54 00 4e 00 00 00 1b 00 0.0.0._.T.N.....
03b0 00 00 00 00 00 00 1b 00 00 00 48 00 50 00 20 00 ..........H.P. .
03c0 4c 00 61 00 73 00 65 00 72 00 4a 00 65 00 74 00 L.a.s.e.r.J.e.t.
03d0 20 00 34 00 30 00 30 00 30 00 20 00 53 00 65 00 .4.0.0.0. .S.e.
03e0 72 00 69 00 65 00 73 00 20 00 54 00 4e 00 00 00 r.i.e.s. .T.N...
03f0 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 78 00 ..............x.
0400 5f 00 48 00 50 00 34 00 30 00 30 00 30 00 5f 00 _.H.P.4.0.0.0._.
0410 4e 00 00 00 00 00 1a 00 00 00 00 00 00 00 1a 00 N...............
0420 00 00 48 00 50 00 20 00 4c 00 61 00 73 00 65 00 ..H.P. .L.a.s.e.
0430 72 00 4a 00 65 00 74 00 20 00 34 00 30 00 30 00 r.J.e.t. .4.0.0.
0440 30 00 20 00 53 00 65 00 72 00 69 00 65 00 73 00 0. .S.e.r.i.e.s.
0450 20 00 4e 00 00 00 09 00 00 00 00 00 00 00 09 00 .N.............
0460 00 00 54 00 49 00 4d 00 42 00 55 00 4b 00 54 00 ..T.I.M.B.U.K.T.
0470 55 00 U.
No. Time Source Destination Protocol
Info
99 3.753035 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x4007, 780 bytes at offset 0
Frame 99 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.352611000 Time delta from previous packet: 0.000065000 seconds Time since reference or first frame: 3.753035000 seconds Frame Number: 99 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc815 (51221)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaec1 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 483, Ack: 1406, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 483 (relative sequence number)
Next sequence number: 546 (relative sequence number)
Acknowledgement number: 1406 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64451
Checksum: 0x8413 [incorrect, should be 0x1180]
SEQ/ACK analysis
This is an ACK to the segment in frame: 98
The RTT to ACK the segment was: 0.000065000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 100
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29504
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4007
Offset: 0
Max Count Low: 780
Min Count: 780
Remaining: 780
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 15 40 00 80 06 ae c1 c0 a8 01 64 c0 a8 .g..@........d..
0020 01 05 06 2d 00 8b 44 ed a1 95 9e e6 97 19 50 18 ...-..D.......P.
0030 fb c3 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .........;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 73 0c ff 00 de de 07 ....... @s......
0060 40 00 00 00 00 0c 03 0c 03 ff ff ff ff 0c 03 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
100 3.753456 192.168.1.5 192.168.1.100 SMB
Read AndX Response, FID: 0x4007, 780 bytes
Frame 100 (898 bytes on wire, 898 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.353032000 Time delta from previous packet: 0.000421000 seconds Time since reference or first frame: 3.753456000 seconds Frame Number: 100 Packet Length: 898 bytes Capture Length: 898 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dataEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 884
Identification: 0x0f89 (3977)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6441 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 1406, Ack: 546, Len: 844
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 1406 (relative sequence number)
Next sequence number: 2250 (relative sequence number)
Acknowledgement number: 546 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16378
Checksum: 0xf5e7 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 99
The RTT to ACK the segment was: 0.000421000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 840
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 99
Time from request: 0.000421000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29504
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x4007
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 780
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 781
Padding: 00
Data (780 bytes)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 03 74 0f 89 40 00 80 06 64 41 c0 a8 01 05 c0 a8 .t..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 97 19 44 ed a1 d4 50 18 .d...-....D...P.
0030 3f fa f5 e7 00 00 00 00 03 48 ff 53 4d 42 2e 00 ?........H.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 73 0c ff 00 00 00 00 ....... @s......
0060 00 00 00 00 00 0c 03 3c 00 00 00 00 00 00 00 00 .......<........
0070 00 00 00 0d 03 00 00 00 00 00 01 00 00 00 00 00 ................
0080 00 00 01 00 00 00 00 00 00 00 03 00 00 00 00 00 ................
0090 00 00 03 00 00 00 47 00 24 00 00 00 00 00 0e 00 ......G.$.......
00a0 00 00 00 00 00 00 0e 00 00 00 44 00 65 00 66 00 ..........D.e.f.
00b0 61 00 75 00 6c 00 74 00 20 00 73 00 68 00 61 00 a.u.l.t. .s.h.a.
00c0 72 00 65 00 00 00 09 00 00 00 00 00 00 00 09 00 r.e.............
00d0 00 00 47 00 52 00 41 00 50 00 48 00 49 00 43 00 ..G.R.A.P.H.I.C.
00e0 53 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 S...............
00f0 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 0c 00 ................
0100 00 00 45 00 5a 00 59 00 20 00 49 00 4e 00 56 00 ..E.Z.Y. .I.N.V.
0110 4f 00 49 00 43 00 45 00 00 00 01 00 00 00 00 00 O.I.C.E.........
0120 00 00 01 00 00 00 00 00 00 00 0a 00 00 00 00 00 ................
0130 00 00 0a 00 00 00 46 00 4c 00 41 00 53 00 48 00 ......F.L.A.S.H.
0140 20 00 46 00 58 00 50 00 00 00 01 00 00 00 00 00 .F.X.P.........
0150 00 00 01 00 00 00 00 00 00 00 0c 00 00 00 00 00 ................
0160 00 00 0c 00 00 00 78 00 5f 00 48 00 50 00 31 00 ......x._.H.P.1.
0170 37 00 30 00 30 00 5f 00 4f 00 46 00 00 00 1a 00 7.0.0._.O.F.....
0180 00 00 00 00 00 00 1a 00 00 00 48 00 50 00 20 00 ..........H.P. .
0190 43 00 6f 00 6c 00 6f 00 72 00 20 00 49 00 6e 00 C.o.l.o.r. .I.n.
01a0 6b 00 6a 00 65 00 74 00 20 00 43 00 50 00 31 00 k.j.e.t. .C.P.1.
01b0 37 00 30 00 30 00 20 00 4f 00 46 00 00 00 03 00 7.0.0. .O.F.....
01c0 00 00 00 00 00 00 03 00 00 00 46 00 24 00 00 00 ..........F.$...
01d0 00 00 0e 00 00 00 00 00 00 00 0e 00 00 00 44 00 ..............D.
01e0 65 00 66 00 61 00 75 00 6c 00 74 00 20 00 73 00 e.f.a.u.l.t. .s.
01f0 68 00 61 00 72 00 65 00 00 00 0a 00 00 00 00 00 h.a.r.e.........
0200 00 00 0a 00 00 00 46 00 41 00 56 00 4f 00 52 00 ......F.A.V.O.R.
0210 49 00 54 00 45 00 53 00 00 00 01 00 00 00 00 00 I.T.E.S.........
0220 00 00 01 00 00 00 00 00 00 00 0b 00 00 00 00 00 ................
0230 00 00 0b 00 00 00 52 00 45 00 5a 00 4f 00 56 00 ......R.E.Z.O.V.
0240 41 00 54 00 49 00 4f 00 4e 00 00 00 00 00 01 00 A.T.I.O.N.......
0250 00 00 00 00 00 00 01 00 00 00 00 00 00 00 07 00 ................
0260 00 00 00 00 00 00 07 00 00 00 41 00 44 00 4d 00 ..........A.D.M.
0270 49 00 4e 00 24 00 00 00 00 00 0d 00 00 00 00 00 I.N.$...........
0280 00 00 0d 00 00 00 52 00 65 00 6d 00 6f 00 74 00 ......R.e.m.o.t.
0290 65 00 20 00 41 00 64 00 6d 00 69 00 6e 00 00 00 e. .A.d.m.i.n...
02a0 00 00 03 00 00 00 00 00 00 00 03 00 00 00 43 00 ..............C.
02b0 24 00 00 00 00 00 0e 00 00 00 00 00 00 00 0e 00 $...............
02c0 00 00 44 00 65 00 66 00 61 00 75 00 6c 00 74 00 ..D.e.f.a.u.l.t.
02d0 20 00 73 00 68 00 61 00 72 00 65 00 00 00 0c 00 .s.h.a.r.e.....
02e0 00 00 00 00 00 00 0c 00 00 00 4f 00 46 00 46 00 ..........O.F.F.
02f0 49 00 43 00 45 00 2d 00 44 00 41 00 54 00 41 00 I.C.E.-.D.A.T.A.
0300 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 ................
0310 00 00 0c 00 00 00 00 00 00 00 0c 00 00 00 78 00 ..............x.
0320 5f 00 48 00 50 00 31 00 37 00 30 00 30 00 5f 00 _.H.P.1.7.0.0._.
0330 57 00 53 00 00 00 1a 00 00 00 00 00 00 00 1a 00 W.S.............
0340 00 00 48 00 50 00 20 00 43 00 6f 00 6c 00 6f 00 ..H.P. .C.o.l.o.
0350 72 00 20 00 49 00 6e 00 6b 00 6a 00 65 00 74 00 r. .I.n.k.j.e.t.
0360 20 00 43 00 50 00 31 00 37 00 30 00 30 00 20 00 .C.P.1.7.0.0. .
0370 57 00 53 00 00 00 17 00 00 00 00 00 00 00 00 00 W.S.............
0380 00 00 ..
No. Time Source Destination Protocol
Info
101 3.753560 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x4007
Frame 101 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.353136000 Time delta from previous packet: 0.000104000 seconds Time since reference or first frame: 3.753560000 seconds Frame Number: 101 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc816 (51222)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaed2 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 546, Ack: 2250, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 546 (relative sequence number)
Next sequence number: 591 (relative sequence number)
Acknowledgement number: 2250 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x8401 [incorrect, should be 0xe5de]
SEQ/ACK analysis
This is an ACK to the segment in frame: 100
The RTT to ACK the segment was: 0.000104000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 102
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29568
Close Request (0x04)
Word Count (WCT): 3
FID: 0x4007
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 16 40 00 80 06 ae d2 c0 a8 01 64 c0 a8 .U..@........d..
0020 01 05 06 2d 00 8b 44 ed a1 d4 9e e6 9a 65 50 18 ...-..D......eP.
0030 ff ff 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .........).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 73 03 07 40 ff ff ff ....... .s..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
102 3.753943 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 102 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.353519000 Time delta from previous packet: 0.000383000 seconds Time since reference or first frame: 3.753943000 seconds Frame Number: 102 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0f8a (3978)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6765 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2250, Ack: 591, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2250 (relative sequence number)
Next sequence number: 2289 (relative sequence number)
Acknowledgement number: 591 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16333
Checksum: 0xe877 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 101
The RTT to ACK the segment was: 0.000383000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 101
Time from request: 0.000383000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29568
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f 8a 40 00 80 06 67 65 c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 9a 65 44 ed a2 01 50 18 .d...-...eD...P.
0030 3f cd e8 77 00 00 00 00 00 23 ff 53 4d 42 04 00 ?..w.....#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 73 00 00 00 ....... .s...
No. Time Source Destination Protocol
Info
103 3.754862 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \spoolss
Frame 103 (160 bytes on wire, 160 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.354438000 Time delta from previous packet: 0.000919000 seconds Time since reference or first frame: 3.754862000 seconds Frame Number: 103 Packet Length: 160 bytes Capture Length: 160 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 146
Identification: 0xc817 (51223)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae94 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 591, Ack: 2289, Len: 106
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 591 (relative sequence number)
Next sequence number: 697 (relative sequence number)
Acknowledgement number: 2289 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65496
Checksum: 0x843e [incorrect, should be 0x8340]
SEQ/ACK analysis
This is an ACK to the segment in frame: 102
The RTT to ACK the segment was: 0.000919000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 102
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 104
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29632
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 16
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x03
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..1. = Effective Only: ONLY ENABLED aspects of the
client's security context are available
Byte Count (BCC): 19
File Name: \spoolss
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 92 c8 17 40 00 80 06 ae 94 c0 a8 01 64 c0 a8 ....@........d..
0020 01 05 06 2d 00 8b 44 ed a2 01 9e e6 9a 8c 50 18 ...-..D.......P.
0030 ff d8 84 3e 00 00 00 00 00 66 ff 53 4d 42 a2 00 ...>.....f.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 c0 73 18 ff 00 de de 00 ....... .s......
0060 10 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 02 00 00 00 03 13 00 00 5c 00 ..@.@.........\.
0090 73 00 70 00 6f 00 6f 00 6c 00 73 00 73 00 00 00 s.p.o.o.l.s.s...
No. Time Source Destination Protocol
Info
104 3.755405 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x4008
Frame 104 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.354981000 Time delta from previous packet: 0.000543000 seconds Time since reference or first frame: 3.755405000 seconds Frame Number: 104 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0f8b (3979)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6700 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2289, Ack: 697, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2289 (relative sequence number)
Next sequence number: 2428 (relative sequence number)
Acknowledgement number: 697 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16227
Checksum: 0x4197 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 103
The RTT to ACK the segment was: 0.000543000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 103
Time from request: 0.000543000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29632
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x4008
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f 8b 40 00 80 06 67 00 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 9a 8c 44 ed a2 6b 50 18 .d...-....D..kP.
0030 3f 63 41 97 00 00 00 00 00 87 ff 53 4d 42 a2 00 ?cA........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 c0 73 2a ff 00 87 00 00 ....... .s*.....
0060 08 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 fb 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
105 3.755525 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: SPOOLSS
Frame 105 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.355101000 Time delta from previous packet: 0.000120000 seconds Time since reference or first frame: 3.755525000 seconds Frame Number: 105 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc818 (51224)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae71 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 697, Ack: 2428, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 697 (relative sequence number)
Next sequence number: 837 (relative sequence number)
Acknowledgement number: 2428 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65357
Checksum: 0x8460 [incorrect, should be 0xa4a9]
SEQ/ACK analysis
This is an ACK to the segment in frame: 104
The RTT to ACK the segment was: 0.000120000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 106
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29696
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4008
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 12345678-1234-abcd-ef00-0123456789ab
Interface Ver: 1
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 18 40 00 80 06 ae 71 c0 a8 01 64 c0 a8 ....@....q...d..
0020 01 05 06 2d 00 8b 44 ed a2 6b 9e e6 9b 17 50 18 ...-..D..k....P.
0030 ff 4d 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 .M.`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 74 0e ff 00 de de 08 ....... .t......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 78 56 34 12 34 12 ..........xV4.4.
00a0 cd ab ef 00 01 23 45 67 89 ab 01 00 00 00 04 5d .....#Eg.......]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
106 3.755888 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x4008, 72 bytes
Frame 106 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.355464000 Time delta from previous packet: 0.000363000 seconds Time since reference or first frame: 3.755888000 seconds Frame Number: 106 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0f8c (3980)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6757 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2428, Ack: 837, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2428 (relative sequence number)
Next sequence number: 2479 (relative sequence number)
Acknowledgement number: 837 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16087
Checksum: 0x3537 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 105
The RTT to ACK the segment was: 0.000363000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 105
Time from request: 0.000363000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29696
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x4008
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f 8c 40 00 80 06 67 57 c0 a8 01 05 c0 a8 .[..@...gW......
0020 01 64 00 8b 06 2d 9e e6 9b 17 44 ed a2 f7 50 18 .d...-....D...P.
0030 3e d7 35 37 00 00 00 00 00 2f ff 53 4d 42 2f 00 >.57...../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 74 06 ff 00 2f 00 48 ....... .t.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
107 3.755971 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x4008, 1024 bytes at offset 0
Frame 107 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.355547000 Time delta from previous packet: 0.000083000 seconds Time since reference or first frame: 3.755971000 seconds Frame Number: 107 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc819 (51225)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaebd [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 837, Ack: 2479, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 837 (relative sequence number)
Next sequence number: 900 (relative sequence number)
Acknowledgement number: 2479 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65306
Checksum: 0x8413 [incorrect, should be 0x05b8]
SEQ/ACK analysis
This is an ACK to the segment in frame: 106
The RTT to ACK the segment was: 0.000083000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 108
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29760
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4008
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 19 40 00 80 06 ae bd c0 a8 01 64 c0 a8 .g..@........d..
0020 01 05 06 2d 00 8b 44 ed a2 f7 9e e6 9b 4a 50 18 ...-..D......JP.
0030 ff 1a 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .........;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 74 0c ff 00 de de 08 ....... @t......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
108 3.756132 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 108 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.355708000 Time delta from previous packet: 0.000161000 seconds Time since reference or first frame: 3.756132000 seconds Frame Number: 108 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0f8d (3981)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6705 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2479, Ack: 900, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2479 (relative sequence number)
Next sequence number: 2611 (relative sequence number)
Acknowledgement number: 900 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17520
Checksum: 0xac6f [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 107
The RTT to ACK the segment was: 0.000161000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 107
Time from request: 0.000161000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29760
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x4008
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a70b
Scndry Addr len: 14
Scndry Addr: \pipe\spoolss
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f 8d 40 00 80 06 67 05 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 9b 4a 44 ed a3 36 50 18 .d...-...JD..6P.
0030 44 70 ac 6f 00 00 00 00 00 80 ff 53 4d 42 2e 00 Dp.o.......SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 74 0c ff 00 00 00 00 ....... @t......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 0b a7 00 00 0e 00 ................
0090 5c 70 69 70 65 5c 73 70 6f 6f 6c 73 73 00 01 00 \pipe\spoolss...
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
109 3.756203 192.168.1.100 192.168.1.5 SPOOLSS
OpenPrinterEx request, \\Dell-s1
Frame 109 (310 bytes on wire, 310 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.355779000 Time delta from previous packet: 0.000071000 seconds Time since reference or first frame: 3.756203000 seconds Frame Number: 109 Packet Length: 310 bytes Capture Length: 310 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 296
Identification: 0xc81a (51226)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xadfb [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 900, Ack: 2611, Len: 256
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 900 (relative sequence number)
Next sequence number: 1156 (relative sequence number)
Acknowledgement number: 2611 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65174
Checksum: 0x84d4 [incorrect, should be 0x9b17]
SEQ/ACK analysis
This is an ACK to the segment in frame: 108
The RTT to ACK the segment was: 0.000071000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 252
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 110
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29824
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 168
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 168
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 185
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4008
DCE RPC Request, Fragment: Single, FragLen: 168, Call: 1 Ctx: 0, [Resp:
#110]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 168
Auth Length: 0
Call ID: 1
Alloc hint: 144
Context ID: 0
Opnum: 69
Response in frame: 110
Microsoft Spool Subsystem, OpenPrinterEx
Operation: OpenPrinterEx (69)
Printer name: \\Dell-s1
Referent ID: 0x0039f438
Max Count: 10
Offset: 0
Actual Count: 10
Printer name: \\Dell-s1
(NULL pointer) Printer datatype
Devicemode container
Devicemode ctr size: 0
(NULL pointer) Devicemode
Access required: 0x00000000
Generic rights: 0x00000000
0... .... .... .... .... .... .... .... = Generic read: Not set
.0.. .... .... .... .... .... .... .... = Generic write: Not set
..0. .... .... .... .... .... .... .... = Generic execute:
Not set
...0 .... .... .... .... .... .... .... = Generic all: Not set
.... ..0. .... .... .... .... .... .... = Maximum allowed: Not set
.... .... 0... .... .... .... .... .... = Access SACL: Not set
Standard rights: 0x00000000
.... .... ...0 .... .... .... .... .... = Synchronise: Not set
.... .... .... 0... .... .... .... .... = Write owner: Not set
.... .... .... .0.. .... .... .... .... = Write DAC: Not set
.... .... .... ..0. .... .... .... .... = Read control: Not set
.... .... .... ...0 .... .... .... .... = Delete: Not set
SPOOLSS print server specific rights: 0x00000000
.... .... .... .... .... .... .... ..0. = Server enum: Not set
.... .... .... .... .... .... .... ...0 = Server admin: Not set
User level container
Info level: 1
User level 1
Referent ID: 0x00000001
Info level: 10614088
Size: 28
Client: \\DVD-PC
Referent ID: 0x0039e4f0
Max Count: 9
Offset: 0
Actual Count: 9
Client: \\DVD-PC
User: DVD
Referent ID: 0x00a1f5a4
Max Count: 4
Offset: 0
Actual Count: 4
User: DVD
Build: 2600
Major: 3
Minor: 0
Processor: 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 01 28 c8 1a 40 00 80 06 ad fb c0 a8 01 64 c0 a8 .(..@........d..
0020 01 05 06 2d 00 8b 44 ed a3 36 9e e6 9b ce 50 18 ...-..D..6....P.
0030 fe 96 84 d4 00 00 00 00 00 fc ff 53 4d 42 25 00 ...........SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 80 74 10 00 00 a8 00 00 ....... .t......
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 a8 00 54 00 02 00 26 00 08 40 b9 00 00 5c 00 ...T...&..@...\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 a8 00 00 00 01 00 00 00 90 00 ................
00a0 00 00 00 00 45 00 38 f4 39 00 0a 00 00 00 00 00 ....E.8.9.......
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 00 00 00 00 00 00 l.-.s.1.........
00d0 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 ................
00e0 00 00 48 f5 a1 00 1c 00 00 00 f0 e4 39 00 a4 f5 ..H.........9...
00f0 a1 00 28 0a 00 00 03 00 00 00 00 00 00 00 00 00 ..(.............
0100 00 00 09 00 00 00 00 00 00 00 09 00 00 00 5c 00 ..............\.
0110 5c 00 44 00 56 00 44 00 2d 00 50 00 43 00 00 00 \.D.V.D.-.P.C...
0120 09 00 04 00 00 00 00 00 00 00 04 00 00 00 44 00 ..............D.
0130 56 00 44 00 00 00 V.D...
No. Time Source Destination Protocol
Info
110 3.756861 192.168.1.5 192.168.1.100 SPOOLSS
OpenPrinterEx response
Frame 110 (162 bytes on wire, 162 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.356437000 Time delta from previous packet: 0.000658000 seconds Time since reference or first frame: 3.756861000 seconds Frame Number: 110 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 148
Identification: 0x0f8e (3982)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x671c [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2611, Ack: 1156, Len: 108
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2611 (relative sequence number)
Next sequence number: 2719 (relative sequence number)
Acknowledgement number: 1156 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17264
Checksum: 0xdcd2 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 109
The RTT to ACK the segment was: 0.000658000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 104
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 109
Time from request: 0.000658000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29824
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 48
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 48
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 49
Padding: A8
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4008
DCE RPC Response, Fragment: Single, FragLen: 48, Call: 1 Ctx: 0, [Req: #109]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 48
Auth Length: 0
Call ID: 1
Alloc hint: 24
Context ID: 0
Cancel count: 0
Opnum: 69
Request in frame: 109
Time from request: 0.000658000 seconds
Microsoft Spool Subsystem, OpenPrinterEx
Operation: OpenPrinterEx (69)
Policy Handle: OpenPrinterEx(\\Dell-s1)
Context handle: 00000000617988424C7766409AA117135D3ABBC2
Frame handle opened: 110
Frame handle closed: 111
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 94 0f 8e 40 00 80 06 67 1c c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 9b ce 44 ed a4 36 50 18 .d...-....D..6P.
0030 43 70 dc d2 00 00 00 00 00 68 ff 53 4d 42 25 00 Cp.......h.SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 80 74 0a 00 00 30 00 00 ....... .t...0..
0060 00 00 00 38 00 00 00 30 00 38 00 00 00 00 00 31 ...8...0.8.....1
0070 00 a8 05 00 02 03 10 00 00 00 30 00 00 00 01 00 ..........0.....
0080 00 00 18 00 00 00 00 00 00 00 00 00 00 00 61 79 ..............ay
0090 88 42 4c 77 66 40 9a a1 17 13 5d 3a bb c2 00 00 .BLwf@....]:....
00a0 00 00 ..
No. Time Source Destination Protocol
Info
111 3.757010 192.168.1.100 192.168.1.5 SPOOLSS
ClosePrinter request, OpenPrinterEx(\\Dell-s1)
Frame 111 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.356586000 Time delta from previous packet: 0.000149000 seconds Time since reference or first frame: 3.757010000 seconds Frame Number: 111 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0xc81b (51227)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae76 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1156, Ack: 2719, Len: 132
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1156 (relative sequence number)
Next sequence number: 1288 (relative sequence number)
Acknowledgement number: 2719 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65066
Checksum: 0x8458 [incorrect, should be 0x9e35]
SEQ/ACK analysis
This is an ACK to the segment in frame: 110
The RTT to ACK the segment was: 0.000149000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 112
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29888
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 44
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 44
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 61
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4008
DCE RPC Request, Fragment: Single, FragLen: 44, Call: 2 Ctx: 0, [Resp: #112]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 44
Auth Length: 0
Call ID: 2
Alloc hint: 20
Context ID: 0
Opnum: 29
Response in frame: 112
Microsoft Spool Subsystem, ClosePrinter
Operation: ClosePrinter (29)
Policy Handle: OpenPrinterEx(\\Dell-s1)
Context handle: 00000000617988424C7766409AA117135D3ABBC2
Frame handle opened: 110
Frame handle closed: 111
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 ac c8 1b 40 00 80 06 ae 76 c0 a8 01 64 c0 a8 ....@....v...d..
0020 01 05 06 2d 00 8b 44 ed a4 36 9e e6 9c 3a 50 18 ...-..D..6...:P.
0030 fe 2a 84 58 00 00 00 00 00 80 ff 53 4d 42 25 00 .*.X.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 c0 74 10 00 00 2c 00 00 ....... .t...,..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 2c 00 54 00 02 00 26 00 08 40 3d 00 00 5c 00 .,.T...&..@=..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 2c 00 00 00 02 00 00 00 14 00 ......,.........
00a0 00 00 00 00 1d 00 00 00 00 00 61 79 88 42 4c 77 ..........ay.BLw
00b0 66 40 9a a1 17 13 5d 3a bb c2 f@....]:..
No. Time Source Destination Protocol
Info
112 3.757347 192.168.1.5 192.168.1.100 SPOOLSS
ClosePrinter response
Frame 112 (162 bytes on wire, 162 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.356923000 Time delta from previous packet: 0.000337000 seconds Time since reference or first frame: 3.757347000 seconds Frame Number: 112 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 148
Identification: 0x0f8f (3983)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x671b [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2719, Ack: 1288, Len: 108
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2719 (relative sequence number)
Next sequence number: 2827 (relative sequence number)
Acknowledgement number: 1288 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17132
Checksum: 0x0308 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 111
The RTT to ACK the segment was: 0.000337000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 104
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 111
Time from request: 0.000337000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 1552
User ID: 8195
Multiplex ID: 29888
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 48
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 48
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 49
Padding: 2C
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4008
DCE RPC Response, Fragment: Single, FragLen: 48, Call: 2 Ctx: 0, [Req: #111]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 48
Auth Length: 0
Call ID: 2
Alloc hint: 24
Context ID: 0
Cancel count: 0
Opnum: 29
Request in frame: 111
Time from request: 0.000337000 seconds
Microsoft Spool Subsystem, ClosePrinter
Operation: ClosePrinter (29)
Policy Handle
Context handle: 0000000000000000000000000000000000000000
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 94 0f 8f 40 00 80 06 67 1b c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 9c 3a 44 ed a4 ba 50 18 .d...-...:D...P.
0030 42 ec 03 08 00 00 00 00 00 68 ff 53 4d 42 25 00 B........h.SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 10 06 03 20 c0 74 0a 00 00 30 00 00 ....... .t...0..
0060 00 00 00 38 00 00 00 30 00 38 00 00 00 00 00 31 ...8...0.8.....1
0070 00 2c 05 00 02 03 10 00 00 00 30 00 00 00 02 00 .,........0.....
0080 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 ..
No. Time Source Destination Protocol
Info
113 3.757421 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x4008
Frame 113 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.356997000 Time delta from previous packet: 0.000074000 seconds Time since reference or first frame: 3.757421000 seconds Frame Number: 113 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc81c (51228)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaecc [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1288, Ack: 2827, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1288 (relative sequence number)
Next sequence number: 1333 (relative sequence number)
Acknowledgement number: 2827 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64958
Checksum: 0x8401 [incorrect, should be 0x62f6]
SEQ/ACK analysis
This is an ACK to the segment in frame: 112
The RTT to ACK the segment was: 0.000074000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 114
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29952
Close Request (0x04)
Word Count (WCT): 3
FID: 0x4008
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 1c 40 00 80 06 ae cc c0 a8 01 64 c0 a8 .U..@........d..
0020 01 05 06 2d 00 8b 44 ed a4 ba 9e e6 9c a6 50 18 ...-..D.......P.
0030 fd be 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .........).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 75 03 08 40 ff ff ff ....... .u..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
114 3.757591 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 114 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.357167000 Time delta from previous packet: 0.000170000 seconds Time since reference or first frame: 3.757591000 seconds Frame Number: 114 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0f90 (3984)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x675f [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2827, Ack: 1333, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2827 (relative sequence number)
Next sequence number: 2866 (relative sequence number)
Acknowledgement number: 1333 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17087
Checksum: 0x605d [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 113
The RTT to ACK the segment was: 0.000170000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 113
Time from request: 0.000170000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 29952
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f 90 40 00 80 06 67 5f c0 a8 01 05 c0 a8 .O..@...g_......
0020 01 64 00 8b 06 2d 9e e6 9c a6 44 ed a4 e7 50 18 .d...-....D...P.
0030 42 bf 60 5d 00 00 00 00 00 23 ff 53 4d 42 04 00 B.`].....#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 75 00 00 00 ....... .u...
No. Time Source Destination Protocol
Info
115 3.759029 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \wkssvc
Frame 115 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.358605000 Time delta from previous packet: 0.001438000 seconds Time since reference or first frame: 3.759029000 seconds Frame Number: 115 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc81d (51229)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae90 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1333, Ack: 2866, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1333 (relative sequence number)
Next sequence number: 1437 (relative sequence number)
Acknowledgement number: 2866 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64919
Checksum: 0x843c [incorrect, should be 0xa764]
SEQ/ACK analysis
This is an ACK to the segment in frame: 114
The RTT to ACK the segment was: 0.001438000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 116
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30016
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Identification (1)
Security Flags: 0x01
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..0. = Effective Only: ALL aspects of the client's
security context are available
Byte Count (BCC): 17
File Name: \wkssvc
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 1d 40 00 80 06 ae 90 c0 a8 01 64 c0 a8 ....@........d..
0020 01 05 06 2d 00 8b 44 ed a4 e7 9e e6 9c cd 50 18 ...-..D.......P.
0030 fd 97 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 ...<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 75 18 ff 00 de de 00 ....... @u......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 01 00 00 00 01 11 00 00 5c 00 ..@.@.........\.
0090 77 00 6b 00 73 00 73 00 76 00 63 00 00 00 w.k.s.s.v.c...
No. Time Source Destination Protocol
Info
116 3.759539 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x4009
Frame 116 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359115000 Time delta from previous packet: 0.000510000 seconds Time since reference or first frame: 3.759539000 seconds Frame Number: 116 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0f91 (3985)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66fa [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 2866, Ack: 1437, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 2866 (relative sequence number)
Next sequence number: 3005 (relative sequence number)
Acknowledgement number: 1437 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16983
Checksum: 0xe8e1 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 115
The RTT to ACK the segment was: 0.000510000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 115
Time from request: 0.000510000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30016
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x4009
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f 91 40 00 80 06 66 fa c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 9c cd 44 ed a5 4f 50 18 .d...-....D..OP.
0030 42 57 e8 e1 00 00 00 00 00 87 ff 53 4d 42 a2 00 BW.........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 75 2a ff 00 87 00 00 ....... @u*.....
0060 09 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
117 3.759655 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: WKSSVC
Frame 117 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359231000 Time delta from previous packet: 0.000116000 seconds Time since reference or first frame: 3.759655000 seconds Frame Number: 117 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc81e (51230)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae6b [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1437, Ack: 3005, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1437 (relative sequence number)
Next sequence number: 1577 (relative sequence number)
Acknowledgement number: 3005 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64780
Checksum: 0x8460 [incorrect, should be 0xc83c]
SEQ/ACK analysis
This is an ACK to the segment in frame: 116
The RTT to ACK the segment was: 0.000116000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 118
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30080
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4009
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 6bffd098-a112-3610-9833-46c3f87e345a
Interface Ver: 1
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 1e 40 00 80 06 ae 6b c0 a8 01 64 c0 a8 ....@....k...d..
0020 01 05 06 2d 00 8b 44 ed a5 4f 9e e6 9d 58 50 18 ...-..D..O...XP.
0030 fd 0c 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 75 0e ff 00 de de 09 ....... .u......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 98 d0 ff 6b 12 a1 .............k..
00a0 10 36 98 33 46 c3 f8 7e 34 5a 01 00 00 00 04 5d .6.3F..~4Z.....]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
118 3.760023 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x4009, 72 bytes
Frame 118 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359599000 Time delta from previous packet: 0.000368000 seconds Time since reference or first frame: 3.760023000 seconds Frame Number: 118 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0f92 (3986)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6751 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3005, Ack: 1577, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3005 (relative sequence number)
Next sequence number: 3056 (relative sequence number)
Acknowledgement number: 1577 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16843
Checksum: 0xad1c [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 117
The RTT to ACK the segment was: 0.000368000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 117
Time from request: 0.000368000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30080
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x4009
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f 92 40 00 80 06 67 51 c0 a8 01 05 c0 a8 .[..@...gQ......
0020 01 64 00 8b 06 2d 9e e6 9d 58 44 ed a5 db 50 18 .d...-...XD...P.
0030 41 cb ad 1c 00 00 00 00 00 2f ff 53 4d 42 2f 00 A......../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 75 06 ff 00 2f 00 48 ....... .u.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
119 3.760105 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x4009, 1024 bytes at offset 0
Frame 119 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359681000 Time delta from previous packet: 0.000082000 seconds Time since reference or first frame: 3.760105000 seconds Frame Number: 119 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc81f (51231)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaeb7 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1577, Ack: 3056, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1577 (relative sequence number)
Next sequence number: 1640 (relative sequence number)
Acknowledgement number: 3056 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64729
Checksum: 0x8413 [incorrect, should be 0x82d1]
SEQ/ACK analysis
This is an ACK to the segment in frame: 118
The RTT to ACK the segment was: 0.000082000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 120
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30144
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x4009
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 1f 40 00 80 06 ae b7 c0 a8 01 64 c0 a8 .g..@........d..
0020 01 05 06 2d 00 8b 44 ed a5 db 9e e6 9d 8b 50 18 ...-..D.......P.
0030 fc d9 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .........;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 75 0c ff 00 de de 09 ....... .u......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
120 3.760266 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 120 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359842000 Time delta from previous packet: 0.000161000 seconds Time since reference or first frame: 3.760266000 seconds Frame Number: 120 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0f93 (3987)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66ff [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3056, Ack: 1640, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3056 (relative sequence number)
Next sequence number: 3188 (relative sequence number)
Acknowledgement number: 1640 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16780
Checksum: 0x4f64 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 119
The RTT to ACK the segment was: 0.000161000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 119
Time from request: 0.000161000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30144
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x4009
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a5a4
Scndry Addr len: 13
Scndry Addr: \PIPE\ntsvcs
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f 93 40 00 80 06 66 ff c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 9d 8b 44 ed a6 1a 50 18 .d...-....D...P.
0030 41 8c 4f 64 00 00 00 00 00 80 ff 53 4d 42 2e 00 A.Od.......SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 75 0c ff 00 00 00 00 ....... .u......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 a4 a5 00 00 0d 00 ................
0090 5c 50 49 50 45 5c 6e 74 73 76 63 73 00 00 01 00 \PIPE\ntsvcs....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
121 3.760336 192.168.1.100 192.168.1.5 WKSSVC
NetrWkstaGetInfo request, WKS_INFO_100 level
Frame 121 (206 bytes on wire, 206 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.359912000 Time delta from previous packet: 0.000070000 seconds Time since reference or first frame: 3.760336000 seconds Frame Number: 121 Packet Length: 206 bytes Capture Length: 206 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0xc820 (51232)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae5d [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1640, Ack: 3188, Len: 152
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1640 (relative sequence number)
Next sequence number: 1792 (relative sequence number)
Acknowledgement number: 3188 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64597
Checksum: 0x846c [incorrect, should be 0x4f3a]
SEQ/ACK analysis
This is an ACK to the segment in frame: 120
The RTT to ACK the segment was: 0.000070000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 148
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 122
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30208
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 64
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 64
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 81
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4009
DCE RPC Request, Fragment: Single, FragLen: 64, Call: 1 Ctx: 0, [Resp: #122]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 64
Auth Length: 0
Call ID: 1
Alloc hint: 40
Context ID: 0
Opnum: 0
Response in frame: 122
Microsoft Workstation Service, NetrWkstaGetInfo
Operation: NetrWkstaGetInfo (0)
Server: \\Dell-s1
Referent ID: 0x0113d704
Max Count: 10
Offset: 0
Actual Count: 10
Server: \\Dell-s1
Info Level: 100
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 c0 c8 20 40 00 80 06 ae 5d c0 a8 01 64 c0 a8 ... @....]...d..
0020 01 05 06 2d 00 8b 44 ed a6 1a 9e e6 9e 0f 50 18 ...-..D.......P.
0030 fc 55 84 6c 00 00 00 00 00 94 ff 53 4d 42 25 00 .U.l.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 76 10 00 00 40 00 00 ....... .v...@..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 40 00 54 00 02 00 26 00 09 40 51 00 00 5c 00 .@.T...&..@Q..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 40 00 00 00 01 00 00 00 28 00 ......@.......(.
00a0 00 00 00 00 00 00 04 d7 13 01 0a 00 00 00 00 00 ................
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 64 00 00 00 l.-.s.1...d...
No. Time Source Destination Protocol
Info
122 3.760752 192.168.1.5 192.168.1.100 WKSSVC
NetrWkstaGetInfo response
Frame 122 (230 bytes on wire, 230 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.360328000 Time delta from previous packet: 0.000416000 seconds Time since reference or first frame: 3.760752000 seconds Frame Number: 122 Packet Length: 230 bytes Capture Length: 230 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 216
Identification: 0x0f94 (3988)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66d2 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3188, Ack: 1792, Len: 176
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3188 (relative sequence number)
Next sequence number: 3364 (relative sequence number)
Acknowledgement number: 1792 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16628
Checksum: 0xf280 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 121
The RTT to ACK the segment was: 0.000416000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 172
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 121
Time from request: 0.000416000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30208
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 116
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 116
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 117
Padding: 40
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x4009
DCE RPC Response, Fragment: Single, FragLen: 116, Call: 1 Ctx: 0, [Req:
#121]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 116
Auth Length: 0
Call ID: 1
Alloc hint: 92
Context ID: 0
Cancel count: 0
Opnum: 0
Request in frame: 121
Time from request: 0.000416000 seconds
Microsoft Workstation Service, NetrWkstaGetInfo
Operation: NetrWkstaGetInfo (0)
Server Info
Info Level: 100
WKS_INFO_100:
Referent ID: 0x00111748
Platform ID: Windows NT (500)
Server: DELL-S1
Referent ID: 0x00111776
Max Count: 8
Offset: 0
Actual Count: 8
Server: DELL-S1
Net Group: WORKGROUP
Referent ID: 0x00111762
Max Count: 10
Offset: 0
Actual Count: 10
Net Group: WORKGROUP
Major Version: 5
Minor Version: 0
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 d8 0f 94 40 00 80 06 66 d2 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 9e 0f 44 ed a6 b2 50 18 .d...-....D...P.
0030 40 f4 f2 80 00 00 00 00 00 ac ff 53 4d 42 25 00 @..........SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 76 0a 00 00 74 00 00 ....... .v...t..
0060 00 00 00 38 00 00 00 74 00 38 00 00 00 00 00 75 ...8...t.8.....u
0070 00 40 05 00 02 03 10 00 00 00 74 00 00 00 01 00 .@........t.....
0080 00 00 5c 00 00 00 00 00 00 00 64 00 00 00 48 17 ..\.......d...H.
0090 11 00 f4 01 00 00 76 17 11 00 62 17 11 00 05 00 ......v...b.....
00a0 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 ................
00b0 00 00 44 00 45 00 4c 00 4c 00 2d 00 53 00 31 00 ..D.E.L.L.-.S.1.
00c0 00 00 0a 00 00 00 00 00 00 00 0a 00 00 00 57 00 ..............W.
00d0 4f 00 52 00 4b 00 47 00 52 00 4f 00 55 00 50 00 O.R.K.G.R.O.U.P.
00e0 00 00 00 00 00 00 ......
No. Time Source Destination Protocol
Info
123 3.760829 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x4009
Frame 123 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.360405000 Time delta from previous packet: 0.000077000 seconds Time since reference or first frame: 3.760829000 seconds Frame Number: 123 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc821 (51233)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaec7 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1792, Ack: 3364, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1792 (relative sequence number)
Next sequence number: 1837 (relative sequence number)
Acknowledgement number: 3364 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64421
Checksum: 0x8401 [incorrect, should be 0x20fc]
SEQ/ACK analysis
This is an ACK to the segment in frame: 122
The RTT to ACK the segment was: 0.000077000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 124
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30272
Close Request (0x04)
Word Count (WCT): 3
FID: 0x4009
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 21 40 00 80 06 ae c7 c0 a8 01 64 c0 a8 .U.!@........d..
0020 01 05 06 2d 00 8b 44 ed a6 b2 9e e6 9e bf 50 18 ...-..D.......P.
0030 fb a5 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .........).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 76 03 09 40 ff ff ff ....... @v..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
124 3.760995 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 124 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.360571000 Time delta from previous packet: 0.000166000 seconds Time since reference or first frame: 3.760995000 seconds Frame Number: 124 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0f95 (3989)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x675a [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3364, Ack: 1837, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3364 (relative sequence number)
Next sequence number: 3403 (relative sequence number)
Acknowledgement number: 1837 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16583
Checksum: 0x1e43 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 123
The RTT to ACK the segment was: 0.000166000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 123
Time from request: 0.000166000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30272
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f 95 40 00 80 06 67 5a c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 9e bf 44 ed a6 df 50 18 .d...-....D...P.
0030 40 c7 1e 43 00 00 00 00 00 23 ff 53 4d 42 04 00 @..C.....#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 76 00 00 00 ....... @v...
No. Time Source Destination Protocol
Info
125 3.761365 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \srvsvc
Frame 125 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.360941000 Time delta from previous packet: 0.000370000 seconds Time since reference or first frame: 3.761365000 seconds Frame Number: 125 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc822 (51234)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae8b [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1837, Ack: 3403, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1837 (relative sequence number)
Next sequence number: 1941 (relative sequence number)
Acknowledgement number: 3403 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64382
Checksum: 0x843c [incorrect, should be 0x5e6b]
SEQ/ACK analysis
This is an ACK to the segment in frame: 124
The RTT to ACK the segment was: 0.000370000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 126
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30336
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x01
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..0. = Effective Only: ALL aspects of the client's
security context are available
Byte Count (BCC): 17
File Name: \srvsvc
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 22 40 00 80 06 ae 8b c0 a8 01 64 c0 a8 ..."@........d..
0020 01 05 06 2d 00 8b 44 ed a6 df 9e e6 9e e6 50 18 ...-..D.......P.
0030 fb 7e 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 .~.<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 76 18 ff 00 de de 00 ....... .v......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 02 00 00 00 01 11 00 00 5c 00 ..@.@.........\.
0090 73 00 72 00 76 00 73 00 76 00 63 00 00 00 s.r.v.s.v.c...
No. Time Source Destination Protocol
Info
126 3.761726 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x400a
Frame 126 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.361302000 Time delta from previous packet: 0.000361000 seconds Time since reference or first frame: 3.761726000 seconds Frame Number: 126 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0f96 (3990)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66f5 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3403, Ack: 1941, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3403 (relative sequence number)
Next sequence number: 3542 (relative sequence number)
Acknowledgement number: 1941 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16479
Checksum: 0xa5c7 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 125
The RTT to ACK the segment was: 0.000361000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 125
Time from request: 0.000361000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30336
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x400a
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f 96 40 00 80 06 66 f5 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 9e e6 44 ed a7 47 50 18 .d...-....D..GP.
0030 40 5f a5 c7 00 00 00 00 00 87 ff 53 4d 42 a2 00 @_.........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 76 2a ff 00 87 00 00 ....... .v*.....
0060 0a 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
127 3.761895 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: SRVSVC
Frame 127 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.361471000 Time delta from previous packet: 0.000169000 seconds Time since reference or first frame: 3.761895000 seconds Frame Number: 127 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc823 (51235)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae66 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 1941, Ack: 3542, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 1941 (relative sequence number)
Next sequence number: 2081 (relative sequence number)
Acknowledgement number: 3542 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64243
Checksum: 0x8460 [incorrect, should be 0xffbb]
SEQ/ACK analysis
This is an ACK to the segment in frame: 126
The RTT to ACK the segment was: 0.000169000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 128
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30400
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400a
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 4b324fc8-1670-01d3-1278-5a47bf6ee188
Interface Ver: 3
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 23 40 00 80 06 ae 66 c0 a8 01 64 c0 a8 ...#@....f...d..
0020 01 05 06 2d 00 8b 44 ed a7 47 9e e6 9f 71 50 18 ...-..D..G...qP.
0030 fa f3 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 76 0e ff 00 de de 0a ....... .v......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 c8 4f 32 4b 70 16 ...........O2Kp.
00a0 d3 01 12 78 5a 47 bf 6e e1 88 03 00 00 00 04 5d ...xZG.n.......]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
128 3.762214 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x400a, 72 bytes
Frame 128 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.361790000 Time delta from previous packet: 0.000319000 seconds Time since reference or first frame: 3.762214000 seconds Frame Number: 128 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0f97 (3991)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x674c [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3542, Ack: 2081, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3542 (relative sequence number)
Next sequence number: 3593 (relative sequence number)
Acknowledgement number: 2081 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16339
Checksum: 0x6b02 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 127
The RTT to ACK the segment was: 0.000319000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 127
Time from request: 0.000319000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30400
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x400a
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f 97 40 00 80 06 67 4c c0 a8 01 05 c0 a8 .[..@...gL......
0020 01 64 00 8b 06 2d 9e e6 9f 71 44 ed a7 d3 50 18 .d...-...qD...P.
0030 3f d3 6b 02 00 00 00 00 00 2f ff 53 4d 42 2f 00 ?.k....../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 76 06 ff 00 2f 00 48 ....... .v.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
129 3.762314 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x400a, 1024 bytes at offset 0
Frame 129 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.361890000 Time delta from previous packet: 0.000100000 seconds Time since reference or first frame: 3.762314000 seconds Frame Number: 129 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc824 (51236)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaeb2 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2081, Ack: 3593, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2081 (relative sequence number)
Next sequence number: 2144 (relative sequence number)
Acknowledgement number: 3593 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64192
Checksum: 0x8413 [incorrect, should be 0x40d7]
SEQ/ACK analysis
This is an ACK to the segment in frame: 128
The RTT to ACK the segment was: 0.000100000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 130
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30464
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400a
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 24 40 00 80 06 ae b2 c0 a8 01 64 c0 a8 .g.$@........d..
0020 01 05 06 2d 00 8b 44 ed a7 d3 9e e6 9f a4 50 18 ...-..D.......P.
0030 fa c0 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .........;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 77 0c ff 00 de de 0a ....... .w......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
130 3.762699 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 130 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.362275000 Time delta from previous packet: 0.000385000 seconds Time since reference or first frame: 3.762699000 seconds Frame Number: 130 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0f98 (3992)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66fa [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3593, Ack: 2144, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3593 (relative sequence number)
Next sequence number: 3725 (relative sequence number)
Acknowledgement number: 2144 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16276
Checksum: 0x0c4a [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 129
The RTT to ACK the segment was: 0.000385000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 129
Time from request: 0.000385000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30464
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x400a
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a5a5
Scndry Addr len: 13
Scndry Addr: \PIPE\ntsvcs
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f 98 40 00 80 06 66 fa c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 9f a4 44 ed a8 12 50 18 .d...-....D...P.
0030 3f 94 0c 4a 00 00 00 00 00 80 ff 53 4d 42 2e 00 ?..J.......SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 77 0c ff 00 00 00 00 ....... .w......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 a5 a5 00 00 0d 00 ................
0090 5c 50 49 50 45 5c 6e 74 73 76 63 73 00 00 01 00 \PIPE\ntsvcs....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
131 3.762770 192.168.1.100 192.168.1.5 SRVSVC
NetrServerGetInfo request, \\Dell-s1
Frame 131 (206 bytes on wire, 206 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.362346000 Time delta from previous packet: 0.000071000 seconds Time since reference or first frame: 3.762770000 seconds Frame Number: 131 Packet Length: 206 bytes Capture Length: 206 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0xc825 (51237)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae58 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2144, Ack: 3725, Len: 152
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2144 (relative sequence number)
Next sequence number: 2296 (relative sequence number)
Acknowledgement number: 3725 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x846c [incorrect, should be 0xf17c]
SEQ/ACK analysis
This is an ACK to the segment in frame: 130
The RTT to ACK the segment was: 0.000071000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 148
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 132
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30528
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 64
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 64
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 81
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400a
DCE RPC Request, Fragment: Single, FragLen: 64, Call: 1 Ctx: 0, [Resp: #132]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 64
Auth Length: 0
Call ID: 1
Alloc hint: 40
Context ID: 0
Opnum: 21
Response in frame: 132
Microsoft Server Service, NetrServerGetInfo
Operation: NetrServerGetInfo (21)
Server: \\Dell-s1
Referent ID: 0x0113d704
Max Count: 10
Offset: 0
Actual Count: 10
Server: \\Dell-s1
Info Level: 101
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 c0 c8 25 40 00 80 06 ae 58 c0 a8 01 64 c0 a8 ...%@....X...d..
0020 01 05 06 2d 00 8b 44 ed a8 12 9e e6 a0 28 50 18 ...-..D......(P.
0030 ff ff 84 6c 00 00 00 00 00 94 ff 53 4d 42 25 00 ...l.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 77 10 00 00 40 00 00 ....... @w...@..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 40 00 54 00 02 00 26 00 0a 40 51 00 00 5c 00 .@.T...&..@Q..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 40 00 00 00 01 00 00 00 28 00 ......@.......(.
00a0 00 00 00 00 15 00 04 d7 13 01 0a 00 00 00 00 00 ................
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 65 00 00 00 l.-.s.1...e...
No. Time Source Destination Protocol
Info
132 3.763184 192.168.1.5 192.168.1.100 SRVSVC
NetrServerGetInfo response, Domain Controller, Apple Server, Novell
Server, Print Queue Server, NT Workstation, Unknown server type:14, NT
Server, Potential Browser, OSF, Workstation, Server, Print Queue Server,
NT Workstation, NT Server, Backup Browser, Master Browser
Frame 132 (218 bytes on wire, 218 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.362760000 Time delta from previous packet: 0.000414000 seconds Time since reference or first frame: 3.763184000 seconds Frame Number: 132 Packet Length: 218 bytes Capture Length: 218 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 204
Identification: 0x0f99 (3993)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66d9 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3725, Ack: 2296, Len: 164
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3725 (relative sequence number)
Next sequence number: 3889 (relative sequence number)
Acknowledgement number: 2296 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16124
Checksum: 0xb15f [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 131
The RTT to ACK the segment was: 0.000414000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 160
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 131
Time from request: 0.000414000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30528
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 104
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 104
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 105
Padding: 40
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400a
DCE RPC Response, Fragment: Single, FragLen: 104, Call: 1 Ctx: 0, [Req:
#131]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 104
Auth Length: 0
Call ID: 1
Alloc hint: 80
Context ID: 0
Cancel count: 0
Opnum: 21
Request in frame: 131
Time from request: 0.000414000 seconds
Microsoft Server Service, NetrServerGetInfo
Operation: NetrServerGetInfo (21)
Server Info
Info Level: 101
SERVER_INFO_101:
Referent ID: 0x000b5320
Platform ID: Windows NT (500)
Server: Dell-s1
Referent ID: 0x000b5338
Max Count: 8
Offset: 0
Actual Count: 8
Server: Dell-s1
Major Version: 5
Minor Version: 0
Server Type: 0x00069203
.... .... .... .... .... .... .... ...1 = Workstation:
This is a Workstation
.... .... .... .... .... .... .... ..1. = Server: This
is a Server
.... .... .... .... .... .... .... .0.. = SQL: This is
NOT an SQL server
.... .... .... .... .... .... .... 0... = Domain
Controller: This is NOT a Domain Controller
.... .... .... .... .... .... ...0 .... = Backup
Controller: This is NOT a Backup Controller
.... .... .... .... .... .... ..0. .... = Time Source:
This is NOT a Time Source
.... .... .... .... .... .... .0.. .... = Apple: This is
NOT an Apple host
.... .... .... .... .... .... 0... .... = Novell: This
is NOT a Novell server
.... .... .... .... .... ...0 .... .... = Member: This
is NOT a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is
a Print Queue server
.... .... .... .... .... .0.. .... .... = Dialin: This
is NOT a Dialin server
.... .... .... .... .... 0... .... .... = Xenix: This is
NOT a Xenix server
.... .... .... .... ...1 .... .... .... = NT
Workstation: This is an NT Workstation
.... .... .... .... ..0. .... .... .... = WfW: This is
NOT a WfW host
.... .... .... .... 1... .... .... .... = NT Server:
This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential
Browser: This is NOT a Potential Browser
.... .... .... ..1. .... .... .... .... = Backup
Browser: This is a Backup Browser
.... .... .... .1.. .... .... .... .... = Master
Browser: This is a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master
Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is
NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is
NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+:
This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is
NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum:
This is NOT a Domain Enum request
Comment
Referent ID: 0x000b5348
Max Count: 1
Offset: 0
Actual Count: 1
Comment:
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 cc 0f 99 40 00 80 06 66 d9 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a0 28 44 ed a8 aa 50 18 .d...-...(D...P.
0030 3e fc b1 5f 00 00 00 00 00 a0 ff 53 4d 42 25 00 >.._.......SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 77 0a 00 00 68 00 00 ....... @w...h..
0060 00 00 00 38 00 00 00 68 00 38 00 00 00 00 00 69 ...8...h.8.....i
0070 00 40 05 00 02 03 10 00 00 00 68 00 00 00 01 00 .@........h.....
0080 00 00 50 00 00 00 00 00 00 00 65 00 00 00 20 53 ..P.......e... S
0090 0b 00 f4 01 00 00 38 53 0b 00 05 00 00 00 00 00 ......8S........
00a0 00 00 03 92 06 00 48 53 0b 00 08 00 00 00 00 00 ......HS........
00b0 00 00 08 00 00 00 44 00 65 00 6c 00 6c 00 2d 00 ......D.e.l.l.-.
00c0 73 00 31 00 00 00 01 00 00 00 00 00 00 00 01 00 s.1.............
00d0 00 00 00 00 00 00 00 00 00 00 ..........
No. Time Source Destination Protocol
Info
133 3.763262 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x400a
Frame 133 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.362838000 Time delta from previous packet: 0.000078000 seconds Time since reference or first frame: 3.763262000 seconds Frame Number: 133 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc826 (51238)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaec2 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2296, Ack: 3889, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2296 (relative sequence number)
Next sequence number: 2341 (relative sequence number)
Acknowledgement number: 3889 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65371
Checksum: 0x8401 [incorrect, should be 0xd93e]
SEQ/ACK analysis
This is an ACK to the segment in frame: 132
The RTT to ACK the segment was: 0.000078000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 134
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30592
Close Request (0x04)
Word Count (WCT): 3
FID: 0x400a
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 26 40 00 80 06 ae c2 c0 a8 01 64 c0 a8 .U.&@........d..
0020 01 05 06 2d 00 8b 44 ed a8 aa 9e e6 a0 cc 50 18 ...-..D.......P.
0030 ff 5b 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .[.......).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 77 03 0a 40 ff ff ff ....... .w..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
134 3.763427 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 134 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.363003000 Time delta from previous packet: 0.000165000 seconds Time since reference or first frame: 3.763427000 seconds Frame Number: 134 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0f9a (3994)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6755 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3889, Ack: 2341, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3889 (relative sequence number)
Next sequence number: 3928 (relative sequence number)
Acknowledgement number: 2341 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16079
Checksum: 0xdc34 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 133
The RTT to ACK the segment was: 0.000165000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 133
Time from request: 0.000165000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30592
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f 9a 40 00 80 06 67 55 c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 a0 cc 44 ed a8 d7 50 18 .d...-....D...P.
0030 3e cf dc 34 00 00 00 00 00 23 ff 53 4d 42 04 00 >..4.....#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 77 00 00 00 ....... .w...
No. Time Source Destination Protocol
Info
135 3.763796 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \wkssvc
Frame 135 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.363372000 Time delta from previous packet: 0.000369000 seconds Time since reference or first frame: 3.763796000 seconds Frame Number: 135 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc827 (51239)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae86 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2341, Ack: 3928, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2341 (relative sequence number)
Next sequence number: 2445 (relative sequence number)
Acknowledgement number: 3928 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65332
Checksum: 0x843c [incorrect, should be 0x1daf]
SEQ/ACK analysis
This is an ACK to the segment in frame: 134
The RTT to ACK the segment was: 0.000369000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 136
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30656
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Identification (1)
Security Flags: 0x01
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..0. = Effective Only: ALL aspects of the client's
security context are available
Byte Count (BCC): 17
File Name: \wkssvc
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 27 40 00 80 06 ae 86 c0 a8 01 64 c0 a8 ...'@........d..
0020 01 05 06 2d 00 8b 44 ed a8 d7 9e e6 a0 f3 50 18 ...-..D.......P.
0030 ff 34 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 .4.<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 c0 77 18 ff 00 de de 00 ....... .w......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 01 00 00 00 01 11 00 00 5c 00 ..@.@.........\.
0090 77 00 6b 00 73 00 73 00 76 00 63 00 00 00 w.k.s.s.v.c...
No. Time Source Destination Protocol
Info
136 3.764158 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x400b
Frame 136 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.363734000 Time delta from previous packet: 0.000362000 seconds Time since reference or first frame: 3.764158000 seconds Frame Number: 136 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0f9b (3995)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66f0 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 3928, Ack: 2445, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 3928 (relative sequence number)
Next sequence number: 4067 (relative sequence number)
Acknowledgement number: 2445 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17520
Checksum: 0x5cb0 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 135
The RTT to ACK the segment was: 0.000362000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 135
Time from request: 0.000362000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30656
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x400b
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f 9b 40 00 80 06 66 f0 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a0 f3 44 ed a9 3f 50 18 .d...-....D..?P.
0030 44 70 5c b0 00 00 00 00 00 87 ff 53 4d 42 a2 00 Dp\........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 c0 77 2a ff 00 87 00 00 ....... .w*.....
0060 0b 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
137 3.764263 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: WKSSVC
Frame 137 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.363839000 Time delta from previous packet: 0.000105000 seconds Time since reference or first frame: 3.764263000 seconds Frame Number: 137 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc828 (51240)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae61 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2445, Ack: 4067, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2445 (relative sequence number)
Next sequence number: 2585 (relative sequence number)
Acknowledgement number: 4067 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65193
Checksum: 0x8460 [incorrect, should be 0x3e85]
SEQ/ACK analysis
This is an ACK to the segment in frame: 136
The RTT to ACK the segment was: 0.000105000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 138
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30720
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400b
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 6bffd098-a112-3610-9833-46c3f87e345a
Interface Ver: 1
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 28 40 00 80 06 ae 61 c0 a8 01 64 c0 a8 ...(@....a...d..
0020 01 05 06 2d 00 8b 44 ed a9 3f 9e e6 a1 7e 50 18 ...-..D..?...~P.
0030 fe a9 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 78 0e ff 00 de de 0b ....... .x......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 98 d0 ff 6b 12 a1 .............k..
00a0 10 36 98 33 46 c3 f8 7e 34 5a 01 00 00 00 04 5d .6.3F..~4Z.....]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
138 3.764643 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x400b, 72 bytes
Frame 138 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.364219000 Time delta from previous packet: 0.000380000 seconds Time since reference or first frame: 3.764643000 seconds Frame Number: 138 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0f9c (3996)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6747 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4067, Ack: 2585, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4067 (relative sequence number)
Next sequence number: 4118 (relative sequence number)
Acknowledgement number: 2585 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17380
Checksum: 0x22eb [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 137
The RTT to ACK the segment was: 0.000380000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 137
Time from request: 0.000380000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30720
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x400b
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f 9c 40 00 80 06 67 47 c0 a8 01 05 c0 a8 .[..@...gG......
0020 01 64 00 8b 06 2d 9e e6 a1 7e 44 ed a9 cb 50 18 .d...-...~D...P.
0030 43 e4 22 eb 00 00 00 00 00 2f ff 53 4d 42 2f 00 C."....../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 78 06 ff 00 2f 00 48 ....... .x.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
139 3.764721 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x400b, 1024 bytes at offset 0
Frame 139 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.364297000 Time delta from previous packet: 0.000078000 seconds Time since reference or first frame: 3.764721000 seconds Frame Number: 139 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc829 (51241)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaead [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2585, Ack: 4118, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2585 (relative sequence number)
Next sequence number: 2648 (relative sequence number)
Acknowledgement number: 4118 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65142
Checksum: 0x8413 [incorrect, should be 0xf919]
SEQ/ACK analysis
This is an ACK to the segment in frame: 138
The RTT to ACK the segment was: 0.000078000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 140
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30784
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400b
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 29 40 00 80 06 ae ad c0 a8 01 64 c0 a8 .g.)@........d..
0020 01 05 06 2d 00 8b 44 ed a9 cb 9e e6 a1 b1 50 18 ...-..D.......P.
0030 fe 76 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .v.......;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 78 0c ff 00 de de 0b ....... @x......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
140 3.764887 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 140 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.364463000 Time delta from previous packet: 0.000166000 seconds Time since reference or first frame: 3.764887000 seconds Frame Number: 140 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0f9d (3997)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66f5 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4118, Ack: 2648, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4118 (relative sequence number)
Next sequence number: 4250 (relative sequence number)
Acknowledgement number: 2648 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17317
Checksum: 0xc332 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 139
The RTT to ACK the segment was: 0.000166000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 139
Time from request: 0.000166000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30784
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x400b
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a5a6
Scndry Addr len: 13
Scndry Addr: \PIPE\ntsvcs
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f 9d 40 00 80 06 66 f5 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a1 b1 44 ed aa 0a 50 18 .d...-....D...P.
0030 43 a5 c3 32 00 00 00 00 00 80 ff 53 4d 42 2e 00 C..2.......SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 78 0c ff 00 00 00 00 ....... @x......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 a6 a5 00 00 0d 00 ................
0090 5c 50 49 50 45 5c 6e 74 73 76 63 73 00 00 01 00 \PIPE\ntsvcs....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
141 3.764954 192.168.1.100 192.168.1.5 WKSSVC
NetrWkstaGetInfo request, WKS_INFO_100 level
Frame 141 (206 bytes on wire, 206 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.364530000 Time delta from previous packet: 0.000067000 seconds Time since reference or first frame: 3.764954000 seconds Frame Number: 141 Packet Length: 206 bytes Capture Length: 206 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0xc82a (51242)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae53 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2648, Ack: 4250, Len: 152
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2648 (relative sequence number)
Next sequence number: 2800 (relative sequence number)
Acknowledgement number: 4250 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65010
Checksum: 0x846c [incorrect, should be 0xc582]
SEQ/ACK analysis
This is an ACK to the segment in frame: 140
The RTT to ACK the segment was: 0.000067000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 148
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 142
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30848
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 64
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 64
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 81
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400b
DCE RPC Request, Fragment: Single, FragLen: 64, Call: 1 Ctx: 0, [Resp: #142]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 64
Auth Length: 0
Call ID: 1
Alloc hint: 40
Context ID: 0
Opnum: 0
Response in frame: 142
Microsoft Workstation Service, NetrWkstaGetInfo
Operation: NetrWkstaGetInfo (0)
Server: \\Dell-s1
Referent ID: 0x0113d704
Max Count: 10
Offset: 0
Actual Count: 10
Server: \\Dell-s1
Info Level: 100
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 c0 c8 2a 40 00 80 06 ae 53 c0 a8 01 64 c0 a8 ...*@....S...d..
0020 01 05 06 2d 00 8b 44 ed aa 0a 9e e6 a2 35 50 18 ...-..D......5P.
0030 fd f2 84 6c 00 00 00 00 00 94 ff 53 4d 42 25 00 ...l.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 78 10 00 00 40 00 00 ....... .x...@..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 40 00 54 00 02 00 26 00 0b 40 51 00 00 5c 00 .@.T...&..@Q..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 40 00 00 00 01 00 00 00 28 00 ......@.......(.
00a0 00 00 00 00 00 00 04 d7 13 01 0a 00 00 00 00 00 ................
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 64 00 00 00 l.-.s.1...d...
No. Time Source Destination Protocol
Info
142 3.765373 192.168.1.5 192.168.1.100 WKSSVC
NetrWkstaGetInfo response
Frame 142 (230 bytes on wire, 230 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.364949000 Time delta from previous packet: 0.000419000 seconds Time since reference or first frame: 3.765373000 seconds Frame Number: 142 Packet Length: 230 bytes Capture Length: 230 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 216
Identification: 0x0f9e (3998)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66c8 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4250, Ack: 2800, Len: 176
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4250 (relative sequence number)
Next sequence number: 4426 (relative sequence number)
Acknowledgement number: 2800 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17165
Checksum: 0x684f [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 141
The RTT to ACK the segment was: 0.000419000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 172
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 141
Time from request: 0.000419000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30848
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 116
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 116
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 117
Padding: 40
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400b
DCE RPC Response, Fragment: Single, FragLen: 116, Call: 1 Ctx: 0, [Req:
#141]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 116
Auth Length: 0
Call ID: 1
Alloc hint: 92
Context ID: 0
Cancel count: 0
Opnum: 0
Request in frame: 141
Time from request: 0.000419000 seconds
Microsoft Workstation Service, NetrWkstaGetInfo
Operation: NetrWkstaGetInfo (0)
Server Info
Info Level: 100
WKS_INFO_100:
Referent ID: 0x00111748
Platform ID: Windows NT (500)
Server: DELL-S1
Referent ID: 0x00111776
Max Count: 8
Offset: 0
Actual Count: 8
Server: DELL-S1
Net Group: WORKGROUP
Referent ID: 0x00111762
Max Count: 10
Offset: 0
Actual Count: 10
Net Group: WORKGROUP
Major Version: 5
Minor Version: 0
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 d8 0f 9e 40 00 80 06 66 c8 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a2 35 44 ed aa a2 50 18 .d...-...5D...P.
0030 43 0d 68 4f 00 00 00 00 00 ac ff 53 4d 42 25 00 C.hO.......SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 78 0a 00 00 74 00 00 ....... .x...t..
0060 00 00 00 38 00 00 00 74 00 38 00 00 00 00 00 75 ...8...t.8.....u
0070 00 40 05 00 02 03 10 00 00 00 74 00 00 00 01 00 .@........t.....
0080 00 00 5c 00 00 00 00 00 00 00 64 00 00 00 48 17 ..\.......d...H.
0090 11 00 f4 01 00 00 76 17 11 00 62 17 11 00 05 00 ......v...b.....
00a0 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 ................
00b0 00 00 44 00 45 00 4c 00 4c 00 2d 00 53 00 31 00 ..D.E.L.L.-.S.1.
00c0 00 00 0a 00 00 00 00 00 00 00 0a 00 00 00 57 00 ..............W.
00d0 4f 00 52 00 4b 00 47 00 52 00 4f 00 55 00 50 00 O.R.K.G.R.O.U.P.
00e0 00 00 00 00 00 00 ......
No. Time Source Destination Protocol
Info
143 3.765446 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x400b
Frame 143 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.365022000 Time delta from previous packet: 0.000073000 seconds Time since reference or first frame: 3.765446000 seconds Frame Number: 143 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc82b (51243)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaebd [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2800, Ack: 4426, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2800 (relative sequence number)
Next sequence number: 2845 (relative sequence number)
Acknowledgement number: 4426 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64834
Checksum: 0x8401 [incorrect, should be 0x9744]
SEQ/ACK analysis
This is an ACK to the segment in frame: 142
The RTT to ACK the segment was: 0.000073000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 144
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30912
Close Request (0x04)
Word Count (WCT): 3
FID: 0x400b
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 2b 40 00 80 06 ae bd c0 a8 01 64 c0 a8 .U.+@........d..
0020 01 05 06 2d 00 8b 44 ed aa a2 9e e6 a2 e5 50 18 ...-..D.......P.
0030 fd 42 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .B.......).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 78 03 0b 40 ff ff ff ....... .x..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
144 3.765616 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 144 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.365192000 Time delta from previous packet: 0.000170000 seconds Time since reference or first frame: 3.765616000 seconds Frame Number: 144 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0f9f (3999)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6750 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4426, Ack: 2845, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4426 (relative sequence number)
Next sequence number: 4465 (relative sequence number)
Acknowledgement number: 2845 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17120
Checksum: 0x9411 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 143
The RTT to ACK the segment was: 0.000170000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 143
Time from request: 0.000170000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 30912
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f 9f 40 00 80 06 67 50 c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 a2 e5 44 ed aa cf 50 18 .d...-....D...P.
0030 42 e0 94 11 00 00 00 00 00 23 ff 53 4d 42 04 00 B........#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 78 00 00 00 ....... .x...
No. Time Source Destination Protocol
Info
145 3.765905 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \srvsvc
Frame 145 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.365481000 Time delta from previous packet: 0.000289000 seconds Time since reference or first frame: 3.765905000 seconds Frame Number: 145 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc82c (51244)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae81 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2845, Ack: 4465, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2845 (relative sequence number)
Next sequence number: 2949 (relative sequence number)
Acknowledgement number: 4465 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64795
Checksum: 0x843c [incorrect, should be 0xd4b5]
SEQ/ACK analysis
This is an ACK to the segment in frame: 144
The RTT to ACK the segment was: 0.000289000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 146
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30976
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00400040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x01
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..0. = Effective Only: ALL aspects of the client's
security context are available
Byte Count (BCC): 17
File Name: \srvsvc
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 2c 40 00 80 06 ae 81 c0 a8 01 64 c0 a8 ...,@........d..
0020 01 05 06 2d 00 8b 44 ed aa cf 9e e6 a3 0c 50 18 ...-..D.......P.
0030 fd 1b 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 ...<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 79 18 ff 00 de de 00 ....... .y......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 40 00 02 00 00 00 01 11 00 00 5c 00 ..@.@.........\.
0090 73 00 72 00 76 00 73 00 76 00 63 00 00 00 s.r.v.s.v.c...
No. Time Source Destination Protocol
Info
146 3.766347 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x400c
Frame 146 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.365923000 Time delta from previous packet: 0.000442000 seconds Time since reference or first frame: 3.766347000 seconds Frame Number: 146 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0fa0 (4000)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66eb [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4465, Ack: 2949, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4465 (relative sequence number)
Next sequence number: 4604 (relative sequence number)
Acknowledgement number: 2949 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17016
Checksum: 0x1996 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 145
The RTT to ACK the segment was: 0.000442000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 145
Time from request: 0.000442000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 30976
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x400c
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f a0 40 00 80 06 66 eb c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a3 0c 44 ed ab 37 50 18 .d...-....D..7P.
0030 42 78 19 96 00 00 00 00 00 87 ff 53 4d 42 a2 00 Bx.........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 79 2a ff 00 87 00 00 ....... .y*.....
0060 0c 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
147 3.766453 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: SRVSVC
Frame 147 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.366029000 Time delta from previous packet: 0.000106000 seconds Time since reference or first frame: 3.766453000 seconds Frame Number: 147 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc82d (51245)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae5c [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 2949, Ack: 4604, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 2949 (relative sequence number)
Next sequence number: 3089 (relative sequence number)
Acknowledgement number: 4604 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64656
Checksum: 0x8460 [incorrect, should be 0x7604]
SEQ/ACK analysis
This is an ACK to the segment in frame: 146
The RTT to ACK the segment was: 0.000106000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 148
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31040
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400c
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 4b324fc8-1670-01d3-1278-5a47bf6ee188
Interface Ver: 3
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 2d 40 00 80 06 ae 5c c0 a8 01 64 c0 a8 ...-@....\...d..
0020 01 05 06 2d 00 8b 44 ed ab 37 9e e6 a3 97 50 18 ...-..D..7....P.
0030 fc 90 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 79 0e ff 00 de de 0c ....... @y......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 c8 4f 32 4b 70 16 ...........O2Kp.
00a0 d3 01 12 78 5a 47 bf 6e e1 88 03 00 00 00 04 5d ...xZG.n.......]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
148 3.766832 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x400c, 72 bytes
Frame 148 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.366408000 Time delta from previous packet: 0.000379000 seconds Time since reference or first frame: 3.766832000 seconds Frame Number: 148 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0fa1 (4001)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6742 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4604, Ack: 3089, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4604 (relative sequence number)
Next sequence number: 4655 (relative sequence number)
Acknowledgement number: 3089 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16876
Checksum: 0xe0d0 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 147
The RTT to ACK the segment was: 0.000379000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 147
Time from request: 0.000379000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31040
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x400c
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f a1 40 00 80 06 67 42 c0 a8 01 05 c0 a8 .[..@...gB......
0020 01 64 00 8b 06 2d 9e e6 a3 97 44 ed ab c3 50 18 .d...-....D...P.
0030 41 ec e0 d0 00 00 00 00 00 2f ff 53 4d 42 2f 00 A......../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 40 79 06 ff 00 2f 00 48 ....... @y.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
149 3.766911 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x400c, 1024 bytes at offset 0
Frame 149 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.366487000 Time delta from previous packet: 0.000079000 seconds Time since reference or first frame: 3.766911000 seconds Frame Number: 149 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc82e (51246)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaea8 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3089, Ack: 4655, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3089 (relative sequence number)
Next sequence number: 3152 (relative sequence number)
Acknowledgement number: 4655 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64605
Checksum: 0x8413 [incorrect, should be 0xb71f]
SEQ/ACK analysis
This is an ACK to the segment in frame: 148
The RTT to ACK the segment was: 0.000079000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 150
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31104
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400c
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 2e 40 00 80 06 ae a8 c0 a8 01 64 c0 a8 .g..@........d..
0020 01 05 06 2d 00 8b 44 ed ab c3 9e e6 a3 ca 50 18 ...-..D.......P.
0030 fc 5d 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .].......;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 79 0c ff 00 de de 0c ....... .y......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
150 3.767076 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 150 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.366652000 Time delta from previous packet: 0.000165000 seconds Time since reference or first frame: 3.767076000 seconds Frame Number: 150 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0fa2 (4002)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66f0 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4655, Ack: 3152, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4655 (relative sequence number)
Next sequence number: 4787 (relative sequence number)
Acknowledgement number: 3152 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16813
Checksum: 0x8018 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 149
The RTT to ACK the segment was: 0.000165000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 149
Time from request: 0.000165000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31104
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x400c
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000a5a7
Scndry Addr len: 13
Scndry Addr: \PIPE\ntsvcs
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f a2 40 00 80 06 66 f0 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a3 ca 44 ed ac 02 50 18 .d...-....D...P.
0030 41 ad 80 18 00 00 00 00 00 80 ff 53 4d 42 2e 00 A..........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 79 0c ff 00 00 00 00 ....... .y......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 a7 a5 00 00 0d 00 ................
0090 5c 50 49 50 45 5c 6e 74 73 76 63 73 00 00 01 00 \PIPE\ntsvcs....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
151 3.767143 192.168.1.100 192.168.1.5 SRVSVC
NetrServerGetInfo request, \\Dell-s1
Frame 151 (206 bytes on wire, 206 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.366719000 Time delta from previous packet: 0.000067000 seconds Time since reference or first frame: 3.767143000 seconds Frame Number: 151 Packet Length: 206 bytes Capture Length: 206 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0xc82f (51247)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae4e [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3152, Ack: 4787, Len: 152
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3152 (relative sequence number)
Next sequence number: 3304 (relative sequence number)
Acknowledgement number: 4787 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64473
Checksum: 0x846c [incorrect, should be 0x6d88]
SEQ/ACK analysis
This is an ACK to the segment in frame: 150
The RTT to ACK the segment was: 0.000067000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 148
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 152
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31168
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 64
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 64
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 81
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400c
DCE RPC Request, Fragment: Single, FragLen: 64, Call: 1 Ctx: 0, [Resp: #152]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 64
Auth Length: 0
Call ID: 1
Alloc hint: 40
Context ID: 0
Opnum: 21
Response in frame: 152
Microsoft Server Service, NetrServerGetInfo
Operation: NetrServerGetInfo (21)
Server: \\Dell-s1
Referent ID: 0x0113d704
Max Count: 10
Offset: 0
Actual Count: 10
Server: \\Dell-s1
Info Level: 101
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 c0 c8 2f 40 00 80 06 ae 4e c0 a8 01 64 c0 a8 .../@....N...d..
0020 01 05 06 2d 00 8b 44 ed ac 02 9e e6 a4 4e 50 18 ...-..D......NP.
0030 fb d9 84 6c 00 00 00 00 00 94 ff 53 4d 42 25 00 ...l.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 c0 79 10 00 00 40 00 00 ....... .y...@..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 40 00 54 00 02 00 26 00 0c 40 51 00 00 5c 00 .@.T...&..@Q..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 40 00 00 00 01 00 00 00 28 00 ......@.......(.
00a0 00 00 00 00 15 00 04 d7 13 01 0a 00 00 00 00 00 ................
00b0 00 00 0a 00 00 00 5c 00 5c 00 44 00 65 00 6c 00 ......\.\.D.e.l.
00c0 6c 00 2d 00 73 00 31 00 00 00 65 00 00 00 l.-.s.1...e...
No. Time Source Destination Protocol
Info
152 3.767561 192.168.1.5 192.168.1.100 SRVSVC
NetrServerGetInfo response, Domain Controller, Apple Server, Novell
Server, Print Queue Server, NT Workstation, Unknown server type:14, NT
Server, Potential Browser, OSF, Workstation, Server, Print Queue Server,
NT Workstation, NT Server, Backup Browser, Master Browser
Frame 152 (218 bytes on wire, 218 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.367137000 Time delta from previous packet: 0.000418000 seconds Time since reference or first frame: 3.767561000 seconds Frame Number: 152 Packet Length: 218 bytes Capture Length: 218 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 204
Identification: 0x0fa3 (4003)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66cf [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4787, Ack: 3304, Len: 164
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4787 (relative sequence number)
Next sequence number: 4951 (relative sequence number)
Acknowledgement number: 3304 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16661
Checksum: 0x272e [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 151
The RTT to ACK the segment was: 0.000418000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 160
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 151
Time from request: 0.000418000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31168
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 104
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 104
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 105
Padding: 40
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400c
DCE RPC Response, Fragment: Single, FragLen: 104, Call: 1 Ctx: 0, [Req:
#151]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 104
Auth Length: 0
Call ID: 1
Alloc hint: 80
Context ID: 0
Cancel count: 0
Opnum: 21
Request in frame: 151
Time from request: 0.000418000 seconds
Microsoft Server Service, NetrServerGetInfo
Operation: NetrServerGetInfo (21)
Server Info
Info Level: 101
SERVER_INFO_101:
Referent ID: 0x000b5320
Platform ID: Windows NT (500)
Server: Dell-s1
Referent ID: 0x000b5338
Max Count: 8
Offset: 0
Actual Count: 8
Server: Dell-s1
Major Version: 5
Minor Version: 0
Server Type: 0x00069203
.... .... .... .... .... .... .... ...1 = Workstation:
This is a Workstation
.... .... .... .... .... .... .... ..1. = Server: This
is a Server
.... .... .... .... .... .... .... .0.. = SQL: This is
NOT an SQL server
.... .... .... .... .... .... .... 0... = Domain
Controller: This is NOT a Domain Controller
.... .... .... .... .... .... ...0 .... = Backup
Controller: This is NOT a Backup Controller
.... .... .... .... .... .... ..0. .... = Time Source:
This is NOT a Time Source
.... .... .... .... .... .... .0.. .... = Apple: This is
NOT an Apple host
.... .... .... .... .... .... 0... .... = Novell: This
is NOT a Novell server
.... .... .... .... .... ...0 .... .... = Member: This
is NOT a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is
a Print Queue server
.... .... .... .... .... .0.. .... .... = Dialin: This
is NOT a Dialin server
.... .... .... .... .... 0... .... .... = Xenix: This is
NOT a Xenix server
.... .... .... .... ...1 .... .... .... = NT
Workstation: This is an NT Workstation
.... .... .... .... ..0. .... .... .... = WfW: This is
NOT a WfW host
.... .... .... .... 1... .... .... .... = NT Server:
This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential
Browser: This is NOT a Potential Browser
.... .... .... ..1. .... .... .... .... = Backup
Browser: This is a Backup Browser
.... .... .... .1.. .... .... .... .... = Master
Browser: This is a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master
Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is
NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is
NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+:
This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is
NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum:
This is NOT a Domain Enum request
Comment
Referent ID: 0x000b5348
Max Count: 1
Offset: 0
Actual Count: 1
Comment:
Return code: Success (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 cc 0f a3 40 00 80 06 66 cf c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a4 4e 44 ed ac 9a 50 18 .d...-...ND...P.
0030 41 15 27 2e 00 00 00 00 00 a0 ff 53 4d 42 25 00 A.'........SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 c0 79 0a 00 00 68 00 00 ....... .y...h..
0060 00 00 00 38 00 00 00 68 00 38 00 00 00 00 00 69 ...8...h.8.....i
0070 00 40 05 00 02 03 10 00 00 00 68 00 00 00 01 00 .@........h.....
0080 00 00 50 00 00 00 00 00 00 00 65 00 00 00 20 53 ..P.......e... S
0090 0b 00 f4 01 00 00 38 53 0b 00 05 00 00 00 00 00 ......8S........
00a0 00 00 03 92 06 00 48 53 0b 00 08 00 00 00 00 00 ......HS........
00b0 00 00 08 00 00 00 44 00 65 00 6c 00 6c 00 2d 00 ......D.e.l.l.-.
00c0 73 00 31 00 00 00 01 00 00 00 00 00 00 00 01 00 s.1.............
00d0 00 00 00 00 00 00 00 00 00 00 ..........
No. Time Source Destination Protocol
Info
153 3.767635 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x400c
Frame 153 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.367211000 Time delta from previous packet: 0.000074000 seconds Time since reference or first frame: 3.767635000 seconds Frame Number: 153 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc830 (51248)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaeb8 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3304, Ack: 4951, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3304 (relative sequence number)
Next sequence number: 3349 (relative sequence number)
Acknowledgement number: 4951 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64309
Checksum: 0x8401 [incorrect, should be 0x554a]
SEQ/ACK analysis
This is an ACK to the segment in frame: 152
The RTT to ACK the segment was: 0.000074000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 154
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31232
Close Request (0x04)
Word Count (WCT): 3
FID: 0x400c
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 30 40 00 80 06 ae b8 c0 a8 01 64 c0 a8 .U.0@........d..
0020 01 05 06 2d 00 8b 44 ed ac 9a 9e e6 a4 f2 50 18 ...-..D.......P.
0030 fb 35 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .5.......).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 7a 03 0c 40 ff ff ff ....... .z..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
154 3.767804 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 154 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.367380000 Time delta from previous packet: 0.000169000 seconds Time since reference or first frame: 3.767804000 seconds Frame Number: 154 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0fa4 (4004)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x674b [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4951, Ack: 3349, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4951 (relative sequence number)
Next sequence number: 4990 (relative sequence number)
Acknowledgement number: 3349 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16616
Checksum: 0x5203 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 153
The RTT to ACK the segment was: 0.000169000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 153
Time from request: 0.000169000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31232
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f a4 40 00 80 06 67 4b c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 a4 f2 44 ed ac c7 50 18 .d...-....D...P.
0030 40 e8 52 03 00 00 00 00 00 23 ff 53 4d 42 04 00 @.R......#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 00 7a 00 00 00 ....... .z...
No. Time Source Destination Protocol
Info
155 3.768422 192.168.1.100 192.168.1.5 SMB
NT Create AndX Request, Path: \winreg
Frame 155 (158 bytes on wire, 158 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.367998000 Time delta from previous packet: 0.000618000 seconds Time since reference or first frame: 3.768422000 seconds Frame Number: 155 Packet Length: 158 bytes Capture Length: 158 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 144
Identification: 0xc831 (51249)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae7c [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3349, Ack: 4990, Len: 104
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3349 (relative sequence number)
Next sequence number: 3453 (relative sequence number)
Acknowledgement number: 4990 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64270
Checksum: 0x843c [incorrect, should be 0xebbc]
SEQ/ACK analysis
This is an ACK to the segment in frame: 154
The RTT to ACK the segment was: 0.000618000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 100
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 156
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31296
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 14
Create Flags: 0x00000016
.... .... .... .... .... .... ...1 .... = Extended Response:
Extended responses required
.... .... .... .... .... .... .... 0... = Create Directory:
Target of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock:
Requesting BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read:
Generic read is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write:
Generic write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute:
Generic execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All:
Generic all is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed:
Maximum allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security:
System security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can
NOT wait on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can
NOT write owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner
may NOT write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ
ACCESS to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete
access
.... .... .... .... .... ...1 .... .... = Write Attributes:
WRITE ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes:
READ ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO
delete child access
.... .... .... .... .... .... ..0. .... = Execute: NO
execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ
EXTENDED ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000000
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file
has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can
NOT be shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can
be shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can
be shared for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00000040
.... .... .... .... .... .... .... ...0 = Directory: File
being created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through:
Writes need not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only:
The file might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory:
File being created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge:
The client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The
client understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The
file will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close:
The file should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x03
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..1. = Effective Only: ONLY ENABLED aspects of the
client's security context are available
Byte Count (BCC): 17
File Name: \winreg
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 90 c8 31 40 00 80 06 ae 7c c0 a8 01 64 c0 a8 ...1@....|...d..
0020 01 05 06 2d 00 8b 44 ed ac c7 9e e6 a5 19 50 18 ...-..D.......P.
0030 fb 0e 84 3c 00 00 00 00 00 64 ff 53 4d 42 a2 00 ...<.....d.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 7a 18 ff 00 de de 00 ....... @z......
0060 0e 00 16 00 00 00 00 00 00 00 9f 01 02 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 ................
0080 00 00 40 00 00 00 02 00 00 00 03 11 00 00 5c 00 ..@...........\.
0090 77 00 69 00 6e 00 72 00 65 00 67 00 00 00 w.i.n.r.e.g...
No. Time Source Destination Protocol
Info
156 3.768780 192.168.1.5 192.168.1.100 SMB
NT Create AndX Response, FID: 0x400d
Frame 156 (193 bytes on wire, 193 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.368356000 Time delta from previous packet: 0.000358000 seconds Time since reference or first frame: 3.768780000 seconds Frame Number: 156 Packet Length: 193 bytes Capture Length: 193 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x0fa5 (4005)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66e6 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 4990, Ack: 3453, Len: 139
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 4990 (relative sequence number)
Next sequence number: 5129 (relative sequence number)
Acknowledgement number: 3453 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16512
Checksum: 0xd687 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 155
The RTT to ACK the segment was: 0.000358000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 155
Time from request: 0.000358000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31296
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 135
Oplock level: No oplock granted (0)
FID: 0x400d
Create action: The file existed and was opened (1)
Created: No time specified (0)
Last Access: No time specified (0)
Last Write: No time specified (0)
Change: No time specified (0)
File Attributes: 0x00000080
.... .... .... .... .0.. .... .... .... = Encrypted: This is
NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed:
This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file
is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This
is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point:
This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is
NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is
NOT a temporary file
.... .... .... .... .... .... 1... .... = Normal: This file
is an ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is
NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file
has NOT been modified since last archive
.... .... .... .... .... .... ...0 .... = Directory: This is
NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is
NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is
NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is
NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This
file is NOT read only
Allocation Size: 4096
End Of File: 0
File Type: Named pipe in message mode (2)
IPC State: 0x05ff
0... .... .... .... = Nonblocking: Reads/writes block if no
data available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 01.. .... .... = Pipe Type: Message pipe (1)
.... ..01 .... .... = Read Mode: Read messages from pipe (1)
.... .... 1111 1111 = Icount: 255
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 b3 0f a5 40 00 80 06 66 e6 c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a5 19 44 ed ad 2f 50 18 .d...-....D../P.
0030 40 80 d6 87 00 00 00 00 00 87 ff 53 4d 42 a2 00 @..........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 7a 2a ff 00 87 00 00 ....... @z*.....
0060 0d 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 80 00 00 00 00 10 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 02 00 ff 05 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 9b 01 12 00 00 00 00 00 00 ................
00c0 00 .
No. Time Source Destination Protocol
Info
157 3.768894 192.168.1.100 192.168.1.5 DCERPC
Bind: call_id: 1 UUID: WINREG
Frame 157 (194 bytes on wire, 194 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.368470000 Time delta from previous packet: 0.000114000 seconds Time since reference or first frame: 3.768894000 seconds Frame Number: 157 Packet Length: 194 bytes Capture Length: 194 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 180
Identification: 0xc832 (51250)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae57 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3453, Ack: 5129, Len: 140
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3453 (relative sequence number)
Next sequence number: 3593 (relative sequence number)
Acknowledgement number: 5129 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64131
Checksum: 0x8460 [incorrect, should be 0x3b6e]
SEQ/ACK analysis
This is an ACK to the segment in frame: 156
The RTT to ACK the segment was: 0.000114000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 136
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 158
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31360
Write AndX Request (0x2f)
Word Count (WCT): 14
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400d
Offset: 0
Reserved: FFFFFFFF
Write Mode: 0x0008
.... .... .... 1... = Message Start: This is the START of a
MESSAGE (pipe)
.... .... .... .0.. = Write Raw: DON'T use WriteRawNamedPipe
(pipe)
.... .... .... ..0. = Return Remaining: DON'T return
remaining (pipe/dev)
.... .... .... ...0 = Write Through: Write through not requested
Remaining: 72
Data Length High (multiply with 64K): 0
Data Length Low: 72
Data Offset: 64
High Offset: 0
Byte Count (BCC): 73
Padding: EE
DCE RPC Bind, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Context ID: 0
Num Trans Items: 1
Interface UUID: 338cd001-2244-31f1-aaaa-900038001003
Interface Ver: 1
Interface Ver Minor: 0
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 b4 c8 32 40 00 80 06 ae 57 c0 a8 01 64 c0 a8 ...2@....W...d..
0020 01 05 06 2d 00 8b 44 ed ad 2f 9e e6 a5 a4 50 18 ...-..D../....P.
0030 fa 83 84 60 00 00 00 00 00 88 ff 53 4d 42 2f 00 ...`.......SMB/.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 7a 0e ff 00 de de 0d ....... .z......
0060 40 00 00 00 00 ff ff ff ff 08 00 48 00 00 00 48 @..........H...H
0070 00 40 00 00 00 00 00 49 00 ee 05 00 0b 03 10 00 .@.....I........
0080 00 00 48 00 00 00 01 00 00 00 b8 10 b8 10 00 00 ..H.............
0090 00 00 01 00 00 00 00 00 01 00 01 d0 8c 33 44 22 .............3D"
00a0 f1 31 aa aa 90 00 38 00 10 03 01 00 00 00 04 5d .1....8........]
00b0 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 ..........+.H`..
00c0 00 00 ..
No. Time Source Destination Protocol
Info
158 3.769264 192.168.1.5 192.168.1.100 SMB
Write AndX Response, FID: 0x400d, 72 bytes
Frame 158 (105 bytes on wire, 105 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.368840000 Time delta from previous packet: 0.000370000 seconds Time since reference or first frame: 3.769264000 seconds Frame Number: 158 Packet Length: 105 bytes Capture Length: 105 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0fa6 (4006)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x673d [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5129, Ack: 3593, Len: 51
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5129 (relative sequence number)
Next sequence number: 5180 (relative sequence number)
Acknowledgement number: 3593 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16372
Checksum: 0x9ec2 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 157
The RTT to ACK the segment was: 0.000370000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 47
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 157
Time from request: 0.000370000 seconds
SMB Command: Write AndX (0x2f)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31360
Write AndX Response (0x2f)
Word Count (WCT): 6
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 47
FID: 0x400d
Count Low: 72
Remaining: 65535
Count High (multiply with 64K): 0
Reserved: 0000
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 5b 0f a6 40 00 80 06 67 3d c0 a8 01 05 c0 a8 .[..@...g=......
0020 01 64 00 8b 06 2d 9e e6 a5 a4 44 ed ad bb 50 18 .d...-....D...P.
0030 3f f4 9e c2 00 00 00 00 00 2f ff 53 4d 42 2f 00 ?......../.SMB/.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 80 7a 06 ff 00 2f 00 48 ....... .z.../.H
0060 00 ff ff 00 00 00 00 00 00 .........
No. Time Source Destination Protocol
Info
159 3.769346 192.168.1.100 192.168.1.5 SMB
Read AndX Request, FID: 0x400d, 1024 bytes at offset 0
Frame 159 (117 bytes on wire, 117 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.368922000 Time delta from previous packet: 0.000082000 seconds Time since reference or first frame: 3.769346000 seconds Frame Number: 159 Packet Length: 117 bytes Capture Length: 117 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 103
Identification: 0xc833 (51251)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaea3 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3593, Ack: 5180, Len: 63
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3593 (relative sequence number)
Next sequence number: 3656 (relative sequence number)
Acknowledgement number: 5180 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64080
Checksum: 0x8413 [incorrect, should be 0x7525]
SEQ/ACK analysis
This is an ACK to the segment in frame: 158
The RTT to ACK the segment was: 0.000082000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 59
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 160
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31424
Read AndX Request (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
FID: 0x400d
Offset: 0
Max Count Low: 1024
Min Count: 1024
Remaining: 1024
High Offset: 0
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 67 c8 33 40 00 80 06 ae a3 c0 a8 01 64 c0 a8 .g.3@........d..
0020 01 05 06 2d 00 8b 44 ed ad bb 9e e6 a5 d7 50 18 ...-..D.......P.
0030 fa 50 84 13 00 00 00 00 00 3b ff 53 4d 42 2e 00 .P.......;.SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 7a 0c ff 00 de de 0d ....... .z......
0060 40 00 00 00 00 00 04 00 04 ff ff ff ff 00 04 00 @...............
0070 00 00 00 00 00 .....
No. Time Source Destination Protocol
Info
160 3.769507 192.168.1.5 192.168.1.100 DCERPC
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 160 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.369083000 Time delta from previous packet: 0.000161000 seconds Time since reference or first frame: 3.769507000 seconds Frame Number: 160 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0x0fa7 (4007)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x66eb [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5180, Ack: 3656, Len: 132
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5180 (relative sequence number)
Next sequence number: 5312 (relative sequence number)
Acknowledgement number: 3656 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16309
Checksum: 0xa219 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 159
The RTT to ACK the segment was: 0.000161000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 159
Time from request: 0.000161000 seconds
SMB Command: Read AndX (0x2e)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31424
Read AndX Response (0x2e)
Word Count (WCT): 12
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
FID: 0x400d
Remaining: 0
Data Compaction Mode: 0
Reserved: 0000
Data Length Low: 68
Data Offset: 60
Data Length High (multiply with 64K): 0
Reserved: 000000000000
Byte Count (BCC): 69
Padding: 00
DCE RPC Bind_ack, Fragment: Single, FragLen: 68, Call: 1
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 68
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b13d
Scndry Addr len: 13
Scndry Addr: \PIPE\winreg
Num results: 1
Ack result: Acceptance (0)
Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860
Syntax ver: 2
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 ac 0f a7 40 00 80 06 66 eb c0 a8 01 05 c0 a8 ....@...f.......
0020 01 64 00 8b 06 2d 9e e6 a5 d7 44 ed ad fa 50 18 .d...-....D...P.
0030 3f b5 a2 19 00 00 00 00 00 80 ff 53 4d 42 2e 00 ?..........SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 7a 0c ff 00 00 00 00 ....... .z......
0060 00 00 00 00 00 44 00 3c 00 00 00 00 00 00 00 00 .....D.<........
0070 00 00 00 45 00 00 05 00 0c 03 10 00 00 00 44 00 ...E..........D.
0080 00 00 01 00 00 00 b8 10 b8 10 3d b1 00 00 0d 00 ..........=.....
0090 5c 50 49 50 45 5c 77 69 6e 72 65 67 00 00 01 00 \PIPE\winreg....
00a0 00 00 00 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 .......]........
00b0 08 00 2b 10 48 60 02 00 00 00 ..+.H`....
No. Time Source Destination Protocol
Info
161 3.769580 192.168.1.100 192.168.1.5 WINREG
OpenHKLM request
Frame 161 (178 bytes on wire, 178 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.369156000 Time delta from previous packet: 0.000073000 seconds Time since reference or first frame: 3.769580000 seconds Frame Number: 161 Packet Length: 178 bytes Capture Length: 178 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 164
Identification: 0xc834 (51252)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae65 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3656, Ack: 5312, Len: 124
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3656 (relative sequence number)
Next sequence number: 3780 (relative sequence number)
Acknowledgement number: 5312 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x8450 [incorrect, should be 0x2253]
SEQ/ACK analysis
This is an ACK to the segment in frame: 160
The RTT to ACK the segment was: 0.000073000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 120
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 162
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31488
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 36
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 36
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 53
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Request, Fragment: Single, FragLen: 36, Call: 1 Ctx: 0, [Resp: #162]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 36
Auth Length: 0
Call ID: 1
Alloc hint: 12
Context ID: 0
Opnum: 2
Response in frame: 162
Microsoft Registry, OpenHKLM
Operation: OpenHKLM (2)
Unknown
Referent ID: 0x0113da3c
Unknown 1: 0x9298
Unknown 1: 0x0001
Access mask: 0x02000000
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 a4 c8 34 40 00 80 06 ae 65 c0 a8 01 64 c0 a8 ...4@....e...d..
0020 01 05 06 2d 00 8b 44 ed ad fa 9e e6 a6 5b 50 18 ...-..D......[P.
0030 ff ff 84 50 00 00 00 00 00 78 ff 53 4d 42 25 00 ...P.....x.SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 7b 10 00 00 24 00 00 ....... .{...$..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 24 00 54 00 02 00 26 00 0d 40 35 00 00 5c 00 .$.T...&..@5..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 24 00 00 00 01 00 00 00 0c 00 ......$.........
00a0 00 00 00 00 02 00 3c da 13 01 98 92 01 00 00 00 ......<.........
00b0 00 02 ..
No. Time Source Destination Protocol
Info
162 3.770237 192.168.1.5 192.168.1.100 WINREG
OpenHKLM response
Frame 162 (162 bytes on wire, 162 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.369813000 Time delta from previous packet: 0.000657000 seconds Time since reference or first frame: 3.770237000 seconds Frame Number: 162 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 148
Identification: 0x0fa8 (4008)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6702 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5312, Ack: 3780, Len: 108
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5312 (relative sequence number)
Next sequence number: 5420 (relative sequence number)
Acknowledgement number: 3780 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16185
Checksum: 0x3251 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 161
The RTT to ACK the segment was: 0.000657000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 104
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 161
Time from request: 0.000657000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31488
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 48
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 48
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 49
Padding: 24
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Response, Fragment: Single, FragLen: 48, Call: 1 Ctx: 0, [Req: #161]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 48
Auth Length: 0
Call ID: 1
Alloc hint: 24
Context ID: 0
Cancel count: 0
Opnum: 2
Request in frame: 161
Time from request: 0.000657000 seconds
Microsoft Registry, OpenHKLM
Operation: OpenHKLM (2)
Policy Handle: HKLM handle
Context handle: 000000007D556887FA2A3C4F8756B5F29918BEDA
Frame handle opened: 162
Frame handle closed: 165
Return code: STATUS_SUCCESS (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 94 0f a8 40 00 80 06 67 02 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 a6 5b 44 ed ae 76 50 18 .d...-...[D..vP.
0030 3f 39 32 51 00 00 00 00 00 68 ff 53 4d 42 25 00 ?92Q.....h.SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 00 7b 0a 00 00 30 00 00 ....... .{...0..
0060 00 00 00 38 00 00 00 30 00 38 00 00 00 00 00 31 ...8...0.8.....1
0070 00 24 05 00 02 03 10 00 00 00 30 00 00 00 01 00 .$........0.....
0080 00 00 18 00 00 00 00 00 00 00 00 00 00 00 7d 55 ..............}U
0090 68 87 fa 2a 3c 4f 87 56 b5 f2 99 18 be da 00 00 h..*<O.V........
00a0 00 00 ..
No. Time Source Destination Protocol
Info
163 3.770313 192.168.1.100 192.168.1.5 WINREG
OpenKey request
Frame 163 (286 bytes on wire, 286 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.369889000 Time delta from previous packet: 0.000076000 seconds Time since reference or first frame: 3.770313000 seconds Frame Number: 163 Packet Length: 286 bytes Capture Length: 286 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 272
Identification: 0xc835 (51253)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xadf8 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 3780, Ack: 5420, Len: 232
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 3780 (relative sequence number)
Next sequence number: 4012 (relative sequence number)
Acknowledgement number: 5420 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65427
Checksum: 0x84bc [incorrect, should be 0x86ce]
SEQ/ACK analysis
This is an ACK to the segment in frame: 162
The RTT to ACK the segment was: 0.000076000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 228
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 164
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31552
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 144
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 144
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 161
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Request, Fragment: Single, FragLen: 144, Call: 2 Ctx: 0, [Resp:
#164]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 144
Auth Length: 0
Call ID: 2
Alloc hint: 120
Context ID: 0
Opnum: 15
Response in frame: 164
Microsoft Registry, OpenKey
Operation: OpenKey (15)
Policy Handle: HKLM handle
Context handle: 000000007D556887FA2A3C4F8756B5F29918BEDA
Frame handle opened: 162
Frame handle closed: 165
Class: SOFTWARE\Microsoft\SchedulingAgent
Length: 70
Size: 70
Character Array: SOFTWARE\Microsoft\SchedulingAgent
Referent ID: 0x75831510
Max Count: 35
Offset: 0
Actual Count: 35
Class: SOFTWARE\Microsoft\SchedulingAgent
Unknown 1: 0x00000000
Access mask: 0x00020019
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 01 10 c8 35 40 00 80 06 ad f8 c0 a8 01 64 c0 a8 ...5@........d..
0020 01 05 06 2d 00 8b 44 ed ae 76 9e e6 a6 c7 50 18 ...-..D..v....P.
0030 ff 93 84 bc 00 00 00 00 00 e4 ff 53 4d 42 25 00 ...........SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 7b 10 00 00 90 00 00 ....... @{......
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 90 00 54 00 02 00 26 00 0d 40 a1 00 00 5c 00 ...T...&..@...\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 90 00 00 00 02 00 00 00 78 00 ..............x.
00a0 00 00 00 00 0f 00 00 00 00 00 7d 55 68 87 fa 2a ..........}Uh..*
00b0 3c 4f 87 56 b5 f2 99 18 be da 46 00 46 00 10 15 <O.V......F.F...
00c0 83 75 23 00 00 00 00 00 00 00 23 00 00 00 53 00 .u#.......#...S.
00d0 4f 00 46 00 54 00 57 00 41 00 52 00 45 00 5c 00 O.F.T.W.A.R.E.\.
00e0 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
00f0 74 00 5c 00 53 00 63 00 68 00 65 00 64 00 75 00 t.\.S.c.h.e.d.u.
0100 6c 00 69 00 6e 00 67 00 41 00 67 00 65 00 6e 00 l.i.n.g.A.g.e.n.
0110 74 00 00 00 5c 2f 00 00 00 00 19 00 02 00 t...\/........
No. Time Source Destination Protocol
Info
164 3.770722 192.168.1.5 192.168.1.100 WINREG
OpenKey response, Unknown error 0x00000005
Frame 164 (162 bytes on wire, 162 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.370298000 Time delta from previous packet: 0.000409000 seconds Time since reference or first frame: 3.770722000 seconds Frame Number: 164 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 148
Identification: 0x0fa9 (4009)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6701 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5420, Ack: 4012, Len: 108
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5420 (relative sequence number)
Next sequence number: 5528 (relative sequence number)
Acknowledgement number: 4012 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17520
Checksum: 0x96ed [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 163
The RTT to ACK the segment was: 0.000409000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 104
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 163
Time from request: 0.000409000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31552
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 48
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 48
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 49
Padding: 90
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Response, Fragment: Single, FragLen: 48, Call: 2 Ctx: 0, [Req: #163]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 48
Auth Length: 0
Call ID: 2
Alloc hint: 24
Context ID: 0
Cancel count: 0
Opnum: 15
Request in frame: 163
Time from request: 0.000409000 seconds
Microsoft Registry, OpenKey
Operation: OpenKey (15)
Policy Handle
Context handle: 0000000000000000000000000000000000000000
Return code: Unknown (0x00000005)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 94 0f a9 40 00 80 06 67 01 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 a6 c7 44 ed af 5e 50 18 .d...-....D..^P.
0030 44 70 96 ed 00 00 00 00 00 68 ff 53 4d 42 25 00 Dp.......h.SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 40 7b 0a 00 00 30 00 00 ....... @{...0..
0060 00 00 00 38 00 00 00 30 00 38 00 00 00 00 00 31 ...8...0.8.....1
0070 00 90 05 00 02 03 10 00 00 00 30 00 00 00 02 00 ..........0.....
0080 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 ................
00a0 00 00 ..
No. Time Source Destination Protocol
Info
165 3.770774 192.168.1.100 192.168.1.5 WINREG
CloseKey request
Frame 165 (186 bytes on wire, 186 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.370350000 Time delta from previous packet: 0.000052000 seconds Time since reference or first frame: 3.770774000 seconds Frame Number: 165 Packet Length: 186 bytes Capture Length: 186 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 172
Identification: 0xc836 (51254)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xae5b [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 4012, Ack: 5528, Len: 132
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 4012 (relative sequence number)
Next sequence number: 4144 (relative sequence number)
Acknowledgement number: 5528 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65319
Checksum: 0x8458 [incorrect, should be 0xc3a2]
SEQ/ACK analysis
This is an ACK to the segment in frame: 164
The RTT to ACK the segment was: 0.000052000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 128
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 166
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31616
Trans Request (0x25)
Word Count (WCT): 16
Total Parameter Count: 0
Total Data Count: 44
Max Parameter Count: 0
Max Data Count: 1024
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 84
Data Count: 44
Data Offset: 84
Setup Count: 2
Reserved: 00
Byte Count (BCC): 61
Transaction Name: \PIPE\
Padding: 0000
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Request, Fragment: Single, FragLen: 44, Call: 3 Ctx: 0, [Resp: #166]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 44
Auth Length: 0
Call ID: 3
Alloc hint: 20
Context ID: 0
Opnum: 5
Response in frame: 166
Microsoft Registry, CloseKey
Operation: CloseKey (5)
Policy Handle: HKLM handle
Context handle: 000000007D556887FA2A3C4F8756B5F29918BEDA
Frame handle opened: 162
Frame handle closed: 165
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 ac c8 36 40 00 80 06 ae 5b c0 a8 01 64 c0 a8 ...6@....[...d..
0020 01 05 06 2d 00 8b 44 ed af 5e 9e e6 a7 33 50 18 ...-..D..^...3P.
0030 ff 27 84 58 00 00 00 00 00 80 ff 53 4d 42 25 00 .'.X.......SMB%.
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 7b 10 00 00 2c 00 00 ....... .{...,..
0060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
0070 00 2c 00 54 00 02 00 26 00 0d 40 3d 00 00 5c 00 .,.T...&..@=..\.
0080 50 00 49 00 50 00 45 00 5c 00 00 00 00 00 05 00 P.I.P.E.\.......
0090 00 03 10 00 00 00 2c 00 00 00 03 00 00 00 14 00 ......,.........
00a0 00 00 00 00 05 00 00 00 00 00 7d 55 68 87 fa 2a ..........}Uh..*
00b0 3c 4f 87 56 b5 f2 99 18 be da <O.V......
No. Time Source Destination Protocol
Info
166 3.771210 192.168.1.5 192.168.1.100 WINREG
CloseKey response
Frame 166 (162 bytes on wire, 162 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.370786000 Time delta from previous packet: 0.000436000 seconds Time since reference or first frame: 3.771210000 seconds Frame Number: 166 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 148
Identification: 0x0faa (4010)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6700 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5528, Ack: 4144, Len: 108
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5528 (relative sequence number)
Next sequence number: 5636 (relative sequence number)
Acknowledgement number: 4144 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17388
Checksum: 0x5ae5 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 165
The RTT to ACK the segment was: 0.000436000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 104
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 165
Time from request: 0.000436000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 224
User ID: 8195
Multiplex ID: 31616
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 0
Total Data Count: 48
Reserved: 0000
Parameter Count: 0
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 48
Data Offset: 56
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 49
Padding: 2C
SMB Pipe Protocol
Function: TransactNmPipe (0x0026)
FID: 0x400d
DCE RPC Response, Fragment: Single, FragLen: 48, Call: 3 Ctx: 0, [Req: #165]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
0... .... = Object: Not set
.0.. .... = Maybe: Not set
..0. .... = Did Not Execute: Not set
...0 .... = Multiplex: Not set
.... 0... = Reserved: Not set
.... .0.. = Cancel Pending: Not set
.... ..1. = Last Frag: Set
.... ...1 = First Frag: Set
Data Representation: 10000000
Byte order: Little-endian (1)
Character: ASCII (0)
Floating-point: IEEE (0)
Frag Length: 48
Auth Length: 0
Call ID: 3
Alloc hint: 24
Context ID: 0
Cancel count: 0
Opnum: 5
Request in frame: 165
Time from request: 0.000436000 seconds
Microsoft Registry, CloseKey
Operation: CloseKey (5)
Policy Handle
Context handle: 0000000000000000000000000000000000000000
Return code: STATUS_SUCCESS (0x00000000)
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 94 0f aa 40 00 80 06 67 00 c0 a8 01 05 c0 a8 ....@...g.......
0020 01 64 00 8b 06 2d 9e e6 a7 33 44 ed af e2 50 18 .d...-...3D...P.
0030 43 ec 5a e5 00 00 00 00 00 68 ff 53 4d 42 25 00 C.Z......h.SMB%.
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 e0 00 03 20 80 7b 0a 00 00 30 00 00 ....... .{...0..
0060 00 00 00 38 00 00 00 30 00 38 00 00 00 00 00 31 ...8...0.8.....1
0070 00 2c 05 00 02 03 10 00 00 00 30 00 00 00 03 00 .,........0.....
0080 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 ..
No. Time Source Destination Protocol
Info
167 3.771279 192.168.1.100 192.168.1.5 SMB
Close Request, FID: 0x400d
Frame 167 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.370855000 Time delta from previous packet: 0.000069000 seconds Time since reference or first frame: 3.771279000 seconds Frame Number: 167 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 85
Identification: 0xc837 (51255)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaeb1 [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 4144, Ack: 5636, Len: 45
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 4144 (relative sequence number)
Next sequence number: 4189 (relative sequence number)
Acknowledgement number: 5636 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65211
Checksum: 0x8401 [incorrect, should be 0x8bcc]
SEQ/ACK analysis
This is an ACK to the segment in frame: 166
The RTT to ACK the segment was: 0.000069000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 41
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 168
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31680
Close Request (0x04)
Word Count (WCT): 3
FID: 0x400d
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 55 c8 37 40 00 80 06 ae b1 c0 a8 01 64 c0 a8 .U.7@........d..
0020 01 05 06 2d 00 8b 44 ed af e2 9e e6 a7 9f 50 18 ...-..D.......P.
0030 fe bb 84 01 00 00 00 00 00 29 ff 53 4d 42 04 00 .........).SMB..
0040 00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 7b 03 0d 40 ff ff ff ....... .{..@...
0060 ff 00 00 ...
No. Time Source Destination Protocol
Info
168 3.771453 192.168.1.5 192.168.1.100 SMB
Close Response
Frame 168 (93 bytes on wire, 93 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.371029000 Time delta from previous packet: 0.000174000 seconds Time since reference or first frame: 3.771453000 seconds Frame Number: 168 Packet Length: 93 bytes Capture Length: 93 bytes Protocols in frame: eth:ip:tcp:nbss:smbEthernet II, Src: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4), Dst: Giga-Byt_42:19:56 (00:0d:61:42:19:56)
Destination: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Source: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x0fab (4011)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x6744 [correct]
Source: 192.168.1.5 (192.168.1.5)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
1581 (1581), Seq: 5636, Ack: 4189, Len: 39
Source port: netbios-ssn (139)
Destination port: 1581 (1581)
Sequence number: 5636 (relative sequence number)
Next sequence number: 5675 (relative sequence number)
Acknowledgement number: 4189 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17343
Checksum: 0x8935 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 167
The RTT to ACK the segment was: 0.000174000 seconds
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 167
Time from request: 0.000174000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not
been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT
error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads
if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation:
Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request
are not long file names
.... .... .... .1.. = Security Signatures: Security
signatures are supported
.... .... .... ..1. = Extended Attributes: Extended
attributes are supported
.... .... .... ...1 = Long Names Allowed: Long file names
are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 65279
User ID: 8195
Multiplex ID: 31680
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
0000 00 0d 61 42 19 56 00 b0 d0 68 d0 e4 08 00 45 00 ..aB.V...h....E.
0010 00 4f 0f ab 40 00 80 06 67 44 c0 a8 01 05 c0 a8 .O..@xxxxx......
0020 01 64 00 8b 06 2d 9e e6 a7 9f 44 ed b0 0f 50 18 .d...-....D...P.
0030 43 bf 89 35 00 00 00 00 00 23 ff 53 4d 42 04 00 C..5.....#.SMB..
0040 00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 08 ff fe 03 20 c0 7b 00 00 00 ....... .{...
No. Time Source Destination Protocol
Info
169 3.774867 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01
CTRL MAC PAUSE: Quanta 0
Frame 169 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.374443000 Time delta from previous packet: 0.003414000 seconds Time since reference or first frame: 3.774867000 seconds Frame Number: 169 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 170 3.816697 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 170 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.416273000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 3.816697000 seconds Frame Number: 170 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 171 3.858768 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 171 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.458344000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 3.858768000 seconds Frame Number: 171 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 172 3.900598 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 172 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.500174000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 3.900598000 seconds Frame Number: 172 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 173 3.922311 192.168.1.100 192.168.1.5 TCP 1581 > netbios-ssn [ACK] Seq=4189 Ack=5675 Win=65172 [TCP CHECKSUM INCORRECT] Len=0
Frame 173 (54 bytes on wire, 54 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.521887000 Time delta from previous packet: 0.021713000 seconds Time since reference or first frame: 3.922311000 seconds Frame Number: 173 Packet Length: 54 bytes Capture Length: 54 bytes Protocols in frame: eth:ip:tcpEthernet II, Src: Giga-Byt_42:19:56 (00:0d:61:42:19:56), Dst: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4)
Destination: DellComp_68:d0:e4 (00:b0:d0:68:d0:e4) Source: Giga-Byt_42:19:56 (00:0d:61:42:19:56) Type: IP (0x0800)Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.5 (192.168.1.5)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xc838 (51256)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xaedd [correct]
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 1581 (1581), Dst Port:
netbios-ssn (139), Seq: 4189, Ack: 5675, Len: 0
Source port: 1581 (1581)
Destination port: netbios-ssn (139)
Sequence number: 4189 (relative sequence number)
Acknowledgement number: 5675 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65172
Checksum: 0x83d4 [incorrect, should be 0xeb23]
SEQ/ACK analysis
This is an ACK to the segment in frame: 168
The RTT to ACK the segment was: 0.150858000 seconds
0000 00 b0 d0 68 d0 e4 00 0d 61 42 19 56 08 00 45 00 ...h....aB.V..E.
0010 00 28 c8 38 40 00 80 06 ae dd c0 a8 01 64 c0 a8 .(.8@........d..
0020 01 05 06 2d 00 8b 44 ed b0 0f 9e e6 a7 c6 50 10 ...-..D.......P.
0030 fe 94 83 d4 00 00 ......
No. Time Source Destination Protocol
Info
174 3.942428 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01
CTRL MAC PAUSE: Quanta 0
Frame 174 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.542004000 Time delta from previous packet: 0.020117000 seconds Time since reference or first frame: 3.942428000 seconds Frame Number: 174 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 175 3.984500 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 175 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.584076000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 3.984500000 seconds Frame Number: 175 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 176 4.026332 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 176 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.625908000 Time delta from previous packet: 0.041832000 seconds Time since reference or first frame: 4.026332000 seconds Frame Number: 176 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 177 4.068405 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 177 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.667981000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 4.068405000 seconds Frame Number: 177 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 178 4.110246 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 178 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.709822000 Time delta from previous packet: 0.041841000 seconds Time since reference or first frame: 4.110246000 seconds Frame Number: 178 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 179 4.152305 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 179 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.751881000 Time delta from previous packet: 0.042059000 seconds Time since reference or first frame: 4.152305000 seconds Frame Number: 179 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 180 4.194134 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 180 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.793710000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 4.194134000 seconds Frame Number: 180 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 181 4.236203 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 181 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.835779000 Time delta from previous packet: 0.042069000 seconds Time since reference or first frame: 4.236203000 seconds Frame Number: 181 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 182 4.278035 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 182 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.877611000 Time delta from previous packet: 0.041832000 seconds Time since reference or first frame: 4.278035000 seconds Frame Number: 182 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 183 4.320102 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 183 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.919678000 Time delta from previous packet: 0.042067000 seconds Time since reference or first frame: 4.320102000 seconds Frame Number: 183 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 184 4.361937 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 184 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:10.961513000 Time delta from previous packet: 0.041835000 seconds Time since reference or first frame: 4.361937000 seconds Frame Number: 184 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 185 4.404007 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 185 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.003583000 Time delta from previous packet: 0.042070000 seconds Time since reference or first frame: 4.404007000 seconds Frame Number: 185 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 186 4.445833 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 186 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.045409000 Time delta from previous packet: 0.041826000 seconds Time since reference or first frame: 4.445833000 seconds Frame Number: 186 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 187 4.487908 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 187 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.087484000 Time delta from previous packet: 0.042075000 seconds Time since reference or first frame: 4.487908000 seconds Frame Number: 187 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 188 4.529742 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 188 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.129318000 Time delta from previous packet: 0.041834000 seconds Time since reference or first frame: 4.529742000 seconds Frame Number: 188 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 189 4.571564 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 189 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.171140000 Time delta from previous packet: 0.041822000 seconds Time since reference or first frame: 4.571564000 seconds Frame Number: 189 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 190 4.613637 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 190 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.213213000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 4.613637000 seconds Frame Number: 190 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 191 4.655470 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 191 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.255046000 Time delta from previous packet: 0.041833000 seconds Time since reference or first frame: 4.655470000 seconds Frame Number: 191 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 192 4.697541 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 192 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.297117000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 4.697541000 seconds Frame Number: 192 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 193 4.739367 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 193 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.338943000 Time delta from previous packet: 0.041826000 seconds Time since reference or first frame: 4.739367000 seconds Frame Number: 193 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 194 4.781444 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 194 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.381020000 Time delta from previous packet: 0.042077000 seconds Time since reference or first frame: 4.781444000 seconds Frame Number: 194 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 195 4.823272 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 195 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.422848000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 4.823272000 seconds Frame Number: 195 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 196 4.865342 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 196 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.464918000 Time delta from previous packet: 0.042070000 seconds Time since reference or first frame: 4.865342000 seconds Frame Number: 196 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 197 4.907176 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 197 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.506752000 Time delta from previous packet: 0.041834000 seconds Time since reference or first frame: 4.907176000 seconds Frame Number: 197 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 198 4.949244 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 198 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.548820000 Time delta from previous packet: 0.042068000 seconds Time since reference or first frame: 4.949244000 seconds Frame Number: 198 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 199 4.991082 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 199 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.590658000 Time delta from previous packet: 0.041838000 seconds Time since reference or first frame: 4.991082000 seconds Frame Number: 199 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 200 5.033155 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 200 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.632731000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 5.033155000 seconds Frame Number: 200 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 201 5.074977 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 201 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.674553000 Time delta from previous packet: 0.041822000 seconds Time since reference or first frame: 5.074977000 seconds Frame Number: 201 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 202 5.117057 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 202 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.716633000 Time delta from previous packet: 0.042080000 seconds Time since reference or first frame: 5.117057000 seconds Frame Number: 202 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 203 5.158880 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 203 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.758456000 Time delta from previous packet: 0.041823000 seconds Time since reference or first frame: 5.158880000 seconds Frame Number: 203 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 204 5.200708 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 204 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.800284000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 5.200708000 seconds Frame Number: 204 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 205 5.242782 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 205 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.842358000 Time delta from previous packet: 0.042074000 seconds Time since reference or first frame: 5.242782000 seconds Frame Number: 205 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 206 5.284618 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 206 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.884194000 Time delta from previous packet: 0.041836000 seconds Time since reference or first frame: 5.284618000 seconds Frame Number: 206 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 207 5.326685 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 207 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.926261000 Time delta from previous packet: 0.042067000 seconds Time since reference or first frame: 5.326685000 seconds Frame Number: 207 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 208 5.368518 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 208 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:11.968094000 Time delta from previous packet: 0.041833000 seconds Time since reference or first frame: 5.368518000 seconds Frame Number: 208 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 209 5.410585 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 209 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.010161000 Time delta from previous packet: 0.042067000 seconds Time since reference or first frame: 5.410585000 seconds Frame Number: 209 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 210 5.452415 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 210 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.051991000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 5.452415000 seconds Frame Number: 210 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 211 5.494488 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 211 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.094064000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 5.494488000 seconds Frame Number: 211 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 212 5.536324 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 212 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.135900000 Time delta from previous packet: 0.041836000 seconds Time since reference or first frame: 5.536324000 seconds Frame Number: 212 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 213 5.578390 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 213 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.177966000 Time delta from previous packet: 0.042066000 seconds Time since reference or first frame: 5.578390000 seconds Frame Number: 213 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 214 5.620220 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 214 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.219796000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 5.620220000 seconds Frame Number: 214 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 215 5.662292 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 215 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.261868000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 5.662292000 seconds Frame Number: 215 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 216 5.704122 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 216 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.303698000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 5.704122000 seconds Frame Number: 216 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 217 5.746201 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 217 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.345777000 Time delta from previous packet: 0.042079000 seconds Time since reference or first frame: 5.746201000 seconds Frame Number: 217 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 218 5.788025 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 218 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.387601000 Time delta from previous packet: 0.041824000 seconds Time since reference or first frame: 5.788025000 seconds Frame Number: 218 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 219 5.829853 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 219 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.429429000 Time delta from previous packet: 0.041828000 seconds Time since reference or first frame: 5.829853000 seconds Frame Number: 219 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 220 5.871925 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 220 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.471501000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 5.871925000 seconds Frame Number: 220 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 221 5.913756 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 221 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.513332000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 5.913756000 seconds Frame Number: 221 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 222 5.955829 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 222 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.555405000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 5.955829000 seconds Frame Number: 222 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 223 5.997658 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 223 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.597234000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 5.997658000 seconds Frame Number: 223 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 224 6.039737 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 224 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.639313000 Time delta from previous packet: 0.042079000 seconds Time since reference or first frame: 6.039737000 seconds Frame Number: 224 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 225 6.081558 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 225 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.681134000 Time delta from previous packet: 0.041821000 seconds Time since reference or first frame: 6.081558000 seconds Frame Number: 225 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 226 6.123639 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 226 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.723215000 Time delta from previous packet: 0.042081000 seconds Time since reference or first frame: 6.123639000 seconds Frame Number: 226 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 227 6.165461 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 227 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.765037000 Time delta from previous packet: 0.041822000 seconds Time since reference or first frame: 6.165461000 seconds Frame Number: 227 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 228 6.207543 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 228 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.807119000 Time delta from previous packet: 0.042082000 seconds Time since reference or first frame: 6.207543000 seconds Frame Number: 228 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 229 6.249370 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 229 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.848946000 Time delta from previous packet: 0.041827000 seconds Time since reference or first frame: 6.249370000 seconds Frame Number: 229 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 230 6.291443 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 230 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.891019000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 6.291443000 seconds Frame Number: 230 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 231 6.333267 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 231 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.932843000 Time delta from previous packet: 0.041824000 seconds Time since reference or first frame: 6.333267000 seconds Frame Number: 231 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 232 6.375344 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 232 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:12.974920000 Time delta from previous packet: 0.042077000 seconds Time since reference or first frame: 6.375344000 seconds Frame Number: 232 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 233 6.417173 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 233 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.016749000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 6.417173000 seconds Frame Number: 233 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 234 6.458998 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 234 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.058574000 Time delta from previous packet: 0.041825000 seconds Time since reference or first frame: 6.458998000 seconds Frame Number: 234 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 235 6.501069 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 235 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.100645000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 6.501069000 seconds Frame Number: 235 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 236 6.542902 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 236 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.142478000 Time delta from previous packet: 0.041833000 seconds Time since reference or first frame: 6.542902000 seconds Frame Number: 236 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 237 6.584974 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 237 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.184550000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 6.584974000 seconds Frame Number: 237 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 238 6.626803 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 238 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.226379000 Time delta from previous packet: 0.041829000 seconds Time since reference or first frame: 6.626803000 seconds Frame Number: 238 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 239 6.668874 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 239 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.268450000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 6.668874000 seconds Frame Number: 239 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 240 6.710704 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 240 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.310280000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 6.710704000 seconds Frame Number: 240 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 241 6.752777 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 241 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.352353000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 6.752777000 seconds Frame Number: 241 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 242 6.794614 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 242 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.394190000 Time delta from previous packet: 0.041837000 seconds Time since reference or first frame: 6.794614000 seconds Frame Number: 242 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 243 6.836679 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 243 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.436255000 Time delta from previous packet: 0.042065000 seconds Time since reference or first frame: 6.836679000 seconds Frame Number: 243 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 244 6.878509 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 244 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.478085000 Time delta from previous packet: 0.041830000 seconds Time since reference or first frame: 6.878509000 seconds Frame Number: 244 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 245 6.920580 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 245 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.520156000 Time delta from previous packet: 0.042071000 seconds Time since reference or first frame: 6.920580000 seconds Frame Number: 245 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 246 6.962411 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 246 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.561987000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 6.962411000 seconds Frame Number: 246 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 247 7.004484 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 247 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.604060000 Time delta from previous packet: 0.042073000 seconds Time since reference or first frame: 7.004484000 seconds Frame Number: 247 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 248 7.046320 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 248 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.645896000 Time delta from previous packet: 0.041836000 seconds Time since reference or first frame: 7.046320000 seconds Frame Number: 248 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 249 7.088384 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 249 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.687960000 Time delta from previous packet: 0.042064000 seconds Time since reference or first frame: 7.088384000 seconds Frame Number: 249 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 250 7.130223 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 250 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.729799000 Time delta from previous packet: 0.041839000 seconds Time since reference or first frame: 7.130223000 seconds Frame Number: 250 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 251 7.172043 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 251 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.771619000 Time delta from previous packet: 0.041820000 seconds Time since reference or first frame: 7.172043000 seconds Frame Number: 251 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 252 7.214115 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 252 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.813691000 Time delta from previous packet: 0.042072000 seconds Time since reference or first frame: 7.214115000 seconds Frame Number: 252 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 253 7.255946 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 253 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.855522000 Time delta from previous packet: 0.041831000 seconds Time since reference or first frame: 7.255946000 seconds Frame Number: 253 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............No. Time Source Destination Protocol Info 254 7.298027 00:00:00_00:00:30 Spanning-tree-(for-bridges)_01 CTRL MAC PAUSE: Quanta 0
Frame 254 (60 bytes on wire, 60 bytes captured) Arrival Time: Aug 22, 2005 16:28:13.897603000 Time delta from previous packet: 0.042081000 seconds Time since reference or first frame: 7.298027000 seconds Frame Number: 254 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:maccEthernet II, Src: 00:00:00_00:00:30 (00:00:00:00:00:30), Dst: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01)
Destination: Spanning-tree-(for-bridges)_01 (01:80:c2:00:00:01) Source: 00:00:00_00:00:30 (00:00:00:00:00:30) Type: MAC Control (0x8808) MAC Control Pause: 0x0001 Quanta: 0 0000 01 80 c2 00 00 01 00 00 00 00 00 30 88 08 00 01 ...........0.... 0010 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0020 00 00 00 00 88 08 00 01 00 00 00 00 88 08 00 01 ................ 0030 00 00 00 00 88 08 00 01 00 00 00 00 ............
- Prev by Date: Re: [Ethereal-users] Installation Error - Gtk-WARNING **: cannot open display
- Next by Date: [Ethereal-users] specify WLAN channel in the capture or display filter
- Previous by thread: Re: [Ethereal-users] PLEASE HELP WITH MY PROBLEM
- Next by thread: [Ethereal-users] specify WLAN channel in the capture or display filter
- Index(es):
