Frame 3 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.817956000 Time delta from previous packet: 0.292751000 seconds Time relative to first packet: 0.292752000 seconds Frame Number: 3 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0713 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715630, Ack: 0, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715630 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe299 (incorrect, should be 0xd8f4) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 07 13 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .0..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2e 00 00 00 00 70 02 ...T..s.......p. 0030 40 00 e2 99 00 00 02 04 05 86 01 01 04 02 @............. Frame 4 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.818908000 Time delta from previous packet: 0.000952000 seconds Time relative to first packet: 0.293704000 seconds Frame Number: 4 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x82ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x550e (incorrect, should be 0x4b69) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847240, Ack: 1943715631, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847240 Acknowledgement number: 1943715631 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x9be8 (incorrect, should be 0x9243) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 82 ee 40 00 7f 06 55 0e ac 10 86 bf db 76 .0..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 88 73 da bf 2f 70 12 .*...T....s../p. 0030 42 48 9b e8 00 00 02 04 05 b4 01 01 04 02 BH............ Frame 5 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.923263000 Time delta from previous packet: 0.104355000 seconds Time relative to first packet: 0.398059000 seconds Frame Number: 5 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x071b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0xc8ac (incorrect, should be 0xbf07) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 07 1b 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .(..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 10 ...T..s../....P. 0030 42 48 c8 ac 00 00 00 00 00 00 00 00 BH.......... Frame 6 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933135000 Time delta from previous packet: 0.009872000 seconds Time relative to first packet: 0.407931000 seconds Frame Number: 6 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x071c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a0 (incorrect, should be 0xd6fb) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 72 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Next sequence number: 1943715703 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x7891 (incorrect, should be 0x6eec) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 07 1c 40 00 6f 06 e0 a0 db 76 1f 2a ac 10 .p..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 18 ...T..s../....P. 0030 42 48 78 91 00 00 81 00 00 44 20 46 44 45 43 45 BHx......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 7 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933137000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 0.407933000 seconds Frame Number: 7 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x82fb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5505 (incorrect, should be 0x4b60) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847241, Ack: 1943715703, Len: 4 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847241 Next sequence number: 2476847245 Acknowledgement number: 1943715703 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16896 Checksum: 0x46a0 (incorrect, should be 0x3cfb) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 82 fb 40 00 7f 06 55 05 ac 10 86 bf db 76 .,..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 89 73 da bf 77 50 18 .*...T....s..wP. 0030 42 00 46 a0 00 00 82 00 00 00 00 00 B.F......... Frame 8 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.039478000 Time delta from previous packet: 0.106341000 seconds Time relative to first packet: 0.514274000 seconds Frame Number: 8 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0722 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a4 (incorrect, should be 0xd6ff) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715703, Ack: 2476847245, Len: 62 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715703 Next sequence number: 1943715765 Acknowledgement number: 2476847245 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16964 Checksum: 0x3498 (incorrect, should be 0x4af2) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 07 22 40 00 6f 06 e0 a4 db 76 1f 2a ac 10 .f."@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 77 93 a1 b0 8d 50 18 ...T..s..w....P. 0030 42 44 34 98 00 00 00 00 00 3a ff 53 4d 42 75 00 BD4......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 9 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.042384000 Time delta from previous packet: 0.002906000 seconds Time relative to first packet: 0.517180000 seconds Frame Number: 9 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x82fc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5508 (incorrect, should be 0x4b63) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847245, Ack: 1943715703, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847245 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0ab5 (incorrect, should be 0x0110) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 82 fc 40 00 7f 06 55 08 ac 10 86 bf db 76 .(..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 8d 73 da bf 77 50 04 .*...T....s..wP. 0030 00 00 0a b5 00 00 00 00 00 00 00 00 ............ Frame 13 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.676082000 Time delta from previous packet: 0.256298000 seconds Time relative to first packet: 8703.150878000 seconds Frame Number: 13 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xf3bb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e5 (incorrect, should be 0xfe3f) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164465, Ack: 0, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164465 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc042 (incorrect, should be 0xb69d) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 f3 bb 40 00 72 06 07 e5 da a3 09 59 ac 10 .0..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f1 00 00 00 00 70 02 ......r.......p. 0030 40 00 c0 42 00 00 02 04 05 86 01 01 04 02 @..B.......... Frame 14 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.678268000 Time delta from previous packet: 0.002186000 seconds Time relative to first packet: 8703.153064000 seconds Frame Number: 14 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.163.9.89 (218.163.9.89) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2030 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xce70 (incorrect, should be 0xc4cb) Source: 172.16.134.191 (172.16.134.191) Destination: 218.163.9.89 (218.163.9.89) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4760 (4760), Seq: 406492478, Ack: 1926164466, Len: 0 Source port: netbios-ssn (139) Destination port: 4760 (4760) Sequence number: 406492478 Acknowledgement number: 1926164466 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x1043 (incorrect, should be 0x069e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 20 30 40 00 7f 06 ce 70 ac 10 86 bf da a3 .0 0@....p...... 0020 09 59 00 8b 12 98 18 3a 95 3e 72 ce ef f2 70 12 .Y.....:.>r...p. 0030 42 48 10 43 00 00 02 04 05 b4 01 01 04 02 BH.C.......... Frame 15 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.895758000 Time delta from previous packet: 0.217490000 seconds Time relative to first packet: 8703.370554000 seconds Frame Number: 15 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xf3c4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e4 (incorrect, should be 0xfe3e) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164466, Ack: 406492479, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164466 Acknowledgement number: 406492479 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x3d07 (incorrect, should be 0x3362) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 f3 c4 40 00 72 06 07 e4 da a3 09 59 ac 10 .(..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f2 18 3a 95 3f 50 10 ......r....:.?P. 0030 42 48 3d 07 00 00 00 00 00 00 00 00 BH=......... Frame 36 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.804840000 Time delta from previous packet: 2.724544000 seconds Time relative to first packet: 21085.279636000 seconds Frame Number: 36 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8829 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xde42 (incorrect, should be 0xd49d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055695, Ack: 0, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055695 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x5e41 (incorrect, should be 0x549c) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 88 29 40 00 2f 06 de 42 3d 9b 7e 96 ac 10 .0.)@./..B=.~... 0020 86 bf 06 b4 00 8b 00 10 1b cf 00 00 00 00 70 02 ..............p. 0030 20 00 5e 41 00 00 02 04 02 18 01 01 04 02 .^A.......... Frame 37 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.809838000 Time delta from previous packet: 0.004998000 seconds Time relative to first packet: 21085.284634000 seconds Frame Number: 37 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9506 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8165 (incorrect, should be 0x77c0) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138197, Ack: 1055696, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138197 Acknowledgement number: 1055696 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x1538 (incorrect, should be 0x0b93) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 06 40 00 7f 06 81 65 ac 10 86 bf 3d 9b .0..@....e....=. 0020 7e 96 00 8b 06 b4 ba de 69 95 00 10 1b d0 70 12 ~.......i.....p. 0030 40 e8 15 38 00 00 02 04 05 b4 01 01 04 02 @..8.......... Frame 38 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.965907000 Time delta from previous packet: 1.156069000 seconds Time relative to first packet: 21086.440703000 seconds Frame Number: 38 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9529 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xd14a (incorrect, should be 0xc7a5) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x6164 (incorrect, should be 0x57bf) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 95 29 40 00 2f 06 d1 4a 3d 9b 7e 96 ac 10 .(.)@./..J=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 10 ............i.P. 0030 21 80 61 64 00 00 00 00 00 00 00 00 !.ad........ Frame 39 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.975130000 Time delta from previous packet: 0.009223000 seconds Time relative to first packet: 21086.449926000 seconds Frame Number: 39 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9629 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 48 Protocol: TCP (0x06) Header checksum: 0xcf02 (incorrect, should be 0xc55d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 72 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Next sequence number: 1055768 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x1149 (incorrect, should be 0x07a4) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 96 29 40 00 30 06 cf 02 3d 9b 7e 96 ac 10 .p.)@.0...=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 18 ............i.P. 0030 21 80 11 49 00 00 81 00 00 44 20 46 44 45 43 45 !..I.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 40 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.976852000 Time delta from previous packet: 0.001722000 seconds Time relative to first packet: 21086.451648000 seconds Frame Number: 40 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x9507 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8168 (incorrect, should be 0x77c3) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138198, Ack: 1055768, Len: 4 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138198 Next sequence number: 3135138202 Acknowledgement number: 1055768 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xbfef (incorrect, should be 0xb64a) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 07 40 00 7f 06 81 68 ac 10 86 bf 3d 9b .,..@....h....=. 0020 7e 96 00 8b 06 b4 ba de 69 96 00 10 1c 18 50 18 ~.......i.....P. 0030 40 a0 bf ef 00 00 82 00 00 00 00 00 @........... Frame 41 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.663771000 Time delta from previous packet: 1.686919000 seconds Time relative to first packet: 21088.138567000 seconds Frame Number: 41 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xbd29 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xa90c (incorrect, should be 0x9f67) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055768, Ack: 3135138202, Len: 62 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055768 Next sequence number: 1055830 Acknowledgement number: 3135138202 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0xcd4f (incorrect, should be 0xe3a9) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 bd 29 40 00 2f 06 a9 0c 3d 9b 7e 96 ac 10 .f.)@./...=.~... 0020 86 bf 06 b4 00 8b 00 10 1c 18 ba de 69 9a 50 18 ............i.P. 0030 21 7c cd 4f 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.O.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 42 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.668662000 Time delta from previous packet: 0.004891000 seconds Time relative to first packet: 21088.143458000 seconds Frame Number: 42 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9508 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x816b (incorrect, should be 0x77c6) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138202, Ack: 1055768, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138202 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x82a4 (incorrect, should be 0x78ff) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 08 40 00 7f 06 81 6b ac 10 86 bf 3d 9b .(..@....k....=. 0020 7e 96 00 8b 06 b4 ba de 69 9a 00 10 1c 18 50 04 ~.......i.....P. 0030 00 00 82 a4 00 00 00 00 00 00 00 00 ............ Frame 48 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.723351000 Time delta from previous packet: 0.054471000 seconds Time relative to first packet: 27333.198147000 seconds Frame Number: 48 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xca8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8ad6 (incorrect, should be 0x8131) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820556, Ack: 0, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820556 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x0f86 (incorrect, should be 0x05e1) Options: (8 bytes) Maximum segment size: 1456 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 ca 8e 40 00 76 06 8a d6 42 be 43 7a ac 10 .0..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cc 00 00 00 00 70 02 ...%..........p. 0030 20 00 0f 86 00 00 02 04 05 b0 01 01 04 02 ............. Frame 49 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.728268000 Time delta from previous packet: 0.004917000 seconds Time relative to first packet: 27333.203064000 seconds Frame Number: 49 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9549 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71b (incorrect, should be 0xad76) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464892, Ack: 62820557, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464892 Acknowledgement number: 62820557 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17472 Checksum: 0xa632 (incorrect, should be 0x9c8d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 49 40 00 7f 06 b7 1b ac 10 86 bf 42 be .0.I@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fc 03 be 90 cd 70 12 Cz...%../.....p. 0030 44 40 a6 32 00 00 02 04 05 b4 01 01 04 02 D@.2.......... Frame 50 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.781436000 Time delta from previous packet: 0.053168000 seconds Time relative to first packet: 27333.256232000 seconds Frame Number: 50 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcb8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x89de (incorrect, should be 0x8039) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xf516 (incorrect, should be 0xeb71) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cb 8e 40 00 76 06 89 de 42 be 43 7a ac 10 .(..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 10 ...%......../.P. 0030 22 20 f5 16 00 00 00 00 00 00 00 00 " .......... Frame 51 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.792531000 Time delta from previous packet: 0.011095000 seconds Time relative to first packet: 27333.267327000 seconds Frame Number: 51 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcc8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8896 (incorrect, should be 0x7ef1) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 72 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Next sequence number: 62820629 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xa4fb (incorrect, should be 0x9b56) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cc 8e 40 00 76 06 88 96 42 be 43 7a ac 10 .p..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 18 ...%......../.P. 0030 22 20 a4 fb 00 00 81 00 00 44 20 46 44 45 43 45 " .......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 52 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.793233000 Time delta from previous packet: 0.000702000 seconds Time relative to first packet: 27333.268029000 seconds Frame Number: 52 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x954a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71e (incorrect, should be 0xad79) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464893, Ack: 62820629, Len: 4 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464893 Next sequence number: 352464897 Acknowledgement number: 62820629 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17400 Checksum: 0x50ea (incorrect, should be 0x4745) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 4a 40 00 7f 06 b7 1e ac 10 86 bf 42 be .,.J@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fd 03 be 91 15 50 18 Cz...%../.....P. 0030 43 f8 50 ea 00 00 82 00 00 00 00 00 C.P......... Frame 53 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.851438000 Time delta from previous packet: 0.058205000 seconds Time relative to first packet: 27333.326234000 seconds Frame Number: 53 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd08e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x84a0 (incorrect, should be 0x7afb) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820629, Ack: 352464897, Len: 62 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820629 Next sequence number: 62820691 Acknowledgement number: 352464897 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8732 Checksum: 0x6102 (incorrect, should be 0x775c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d0 8e 40 00 76 06 84 a0 42 be 43 7a ac 10 .f..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 91 15 15 02 30 01 50 18 ...%........0.P. 0030 22 1c 61 02 00 00 00 00 00 3a ff 53 4d 42 75 00 ".a......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 54 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.856216000 Time delta from previous packet: 0.004778000 seconds Time relative to first packet: 27333.331012000 seconds Frame Number: 54 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x954b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb721 (incorrect, should be 0xad7c) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464897, Ack: 62820629, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464897 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x16f7 (incorrect, should be 0x0d52) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 4b 40 00 7f 06 b7 21 ac 10 86 bf 42 be .(.K@....!....B. 0020 43 7a 00 8b 0f 25 15 02 30 01 03 be 91 15 50 04 Cz...%..0.....P. 0030 00 00 16 f7 00 00 00 00 00 00 00 00 ............ Frame 78 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.724406000 Time delta from previous packet: 0.270061000 seconds Time relative to first packet: 29730.199202000 seconds Frame Number: 78 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd732 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5db (incorrect, should be 0xdc36) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911004, Ack: 0, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911004 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x0ab6 (incorrect, should be 0x0111) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 d7 32 40 00 6b 06 e5 db 8d 95 9b f9 ac 10 .0.2@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5c 00 00 00 00 70 02 ......^+.\....p. 0030 40 00 0a b6 00 00 02 04 05 ac 01 01 04 02 @............. Frame 79 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.729626000 Time delta from previous packet: 0.005220000 seconds Time relative to first packet: 29730.204422000 seconds Frame Number: 79 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0067 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8a7 (incorrect, should be 0x9f02) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537797, Ack: 1579911005, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537797 Acknowledgement number: 1579911005 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x8ead (incorrect, should be 0x8508) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 67 40 00 7f 06 a8 a7 ac 10 86 bf 8d 95 .0.g@........... 0020 9b f9 00 8b ff a4 8a d9 ed 05 5e 2b 87 5d 70 12 ..........^+.]p. 0030 44 10 8e ad 00 00 02 04 05 b4 01 01 04 02 D............. Frame 80 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.834366000 Time delta from previous packet: 0.104740000 seconds Time relative to first packet: 29730.309162000 seconds Frame Number: 80 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd735 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5e0 (incorrect, should be 0xdc3b) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbb11 (incorrect, should be 0xb16c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 d7 35 40 00 6b 06 e5 e0 8d 95 9b f9 ac 10 .(.5@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 10 ......^+.]....P. 0030 44 70 bb 11 00 00 00 00 00 00 00 00 Dp.......... Frame 81 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.854313000 Time delta from previous packet: 0.019947000 seconds Time relative to first packet: 29730.329109000 seconds Frame Number: 81 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xd737 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe596 (incorrect, should be 0xdbf1) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 72 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Next sequence number: 1579911077 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x88fc (incorrect, should be 0x7f57) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 d7 37 40 00 6b 06 e5 96 8d 95 9b f9 ac 10 .p.7@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 18 ......^+.]....P. 0030 44 70 88 fc 00 00 81 00 00 44 20 46 44 45 43 45 Dp.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 82 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.861339000 Time delta from previous packet: 0.007026000 seconds Time relative to first packet: 29730.336135000 seconds Frame Number: 82 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0068 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8aa (incorrect, should be 0x9f05) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537798, Ack: 1579911077, Len: 4 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537798 Next sequence number: 2329537802 Acknowledgement number: 1579911077 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0x3965 (incorrect, should be 0x2fc0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 68 40 00 7f 06 a8 aa ac 10 86 bf 8d 95 .,.h@........... 0020 9b f9 00 8b ff a4 8a d9 ed 06 5e 2b 87 a5 50 18 ..........^+..P. 0030 43 c8 39 65 00 00 82 00 00 00 00 00 C.9e........ Frame 83 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.974692000 Time delta from previous packet: 0.113353000 seconds Time relative to first packet: 29730.449488000 seconds Frame Number: 83 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd73a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe59d (incorrect, should be 0xdbf8) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911077, Ack: 2329537802, Len: 62 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911077 Next sequence number: 1579911139 Acknowledgement number: 2329537802 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0x26fd (incorrect, should be 0x3d57) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d7 3a 40 00 6b 06 e5 9d 8d 95 9b f9 ac 10 .f.:@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 a5 8a d9 ed 0a 50 18 ......^+......P. 0030 44 6c 26 fd 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl&......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 84 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:40.025756000 Time delta from previous packet: 0.051064000 seconds Time relative to first packet: 29730.500552000 seconds Frame Number: 84 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0069 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8ad (incorrect, should be 0x9f08) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537802, Ack: 1579911077, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537802 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xff41 (incorrect, should be 0xf59c) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 69 40 00 7f 06 a8 ad ac 10 86 bf 8d 95 .(.i@........... 0020 9b f9 00 8b ff a4 8a d9 ed 0a 5e 2b 87 a5 50 04 ..........^+..P. 0030 00 00 ff 41 00 00 00 00 00 00 00 00 ...A........ Frame 87 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.846107000 Time delta from previous packet: 0.374606000 seconds Time relative to first packet: 38563.320903000 seconds Frame Number: 87 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa84f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1a5c (incorrect, should be 0x10b7) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596531, Ack: 0, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596531 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x1d57 (incorrect, should be 0x13b2) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a8 4f 40 00 72 06 1a 5c cf 06 4d eb ac 10 .0.O@.r..\..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 33 00 00 00 00 70 02 ...,.....3....p. 0030 20 00 1d 57 00 00 02 04 05 b4 01 01 04 02 ..W.......... Frame 88 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.851313000 Time delta from previous packet: 0.005206000 seconds Time relative to first packet: 38563.326109000 seconds Frame Number: 88 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ec (incorrect, should be 0xab47) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654193, Ack: 96596532, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654193 Acknowledgement number: 96596532 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd5b9 (incorrect, should be 0xcc14) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 bf 40 00 7f 06 b4 ec ac 10 86 bf cf 06 .0..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 71 05 c1 f2 34 70 12 M....,...q...4p. 0030 44 70 d5 b9 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 89 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.906054000 Time delta from previous packet: 0.054741000 seconds Time relative to first packet: 38563.380850000 seconds Frame Number: 89 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xab4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1764 (incorrect, should be 0x0dbf) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x24b6 (incorrect, should be 0x1b11) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ab 4f 40 00 72 06 17 64 cf 06 4d eb ac 10 .(.O@.r..d..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 10 ...,.....4...rP. 0030 22 38 24 b6 00 00 00 00 00 00 00 00 "8$......... Frame 90 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.915574000 Time delta from previous packet: 0.009520000 seconds Time relative to first packet: 38563.390370000 seconds Frame Number: 90 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xac4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x161c (incorrect, should be 0x0c77) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 72 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Next sequence number: 96596604 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf9a0 (incorrect, should be 0xeffb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ac 4f 40 00 72 06 16 1c cf 06 4d eb ac 10 .p.O@.r.....M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 18 ...,.....4...rP. 0030 22 38 f9 a0 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 91 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.921795000 Time delta from previous packet: 0.006221000 seconds Time relative to first packet: 38563.396591000 seconds Frame Number: 91 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x00c0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ef (incorrect, should be 0xab4a) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654194, Ack: 96596604, Len: 4 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654194 Next sequence number: 128654198 Acknowledgement number: 96596604 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x8071 (incorrect, should be 0x76cc) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 c0 40 00 7f 06 b4 ef ac 10 86 bf cf 06 .,..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 72 05 c1 f2 7c 50 18 M....,...r...|P. 0030 44 28 80 71 00 00 82 00 00 00 00 00 D(.q........ Frame 92 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.997396000 Time delta from previous packet: 0.075601000 seconds Time relative to first packet: 38563.472192000 seconds Frame Number: 92 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xad4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1526 (incorrect, should be 0x0b81) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596604, Ack: 128654198, Len: 62 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596604 Next sequence number: 96596666 Acknowledgement number: 128654198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x90a1 (incorrect, should be 0xa6fb) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 ad 4f 40 00 72 06 15 26 cf 06 4d eb ac 10 .f.O@.r..&..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 7c 07 ab 1b 76 50 18 ...,.....|...vP. 0030 22 34 90 a1 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 93 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:53.002337000 Time delta from previous packet: 0.004941000 seconds Time relative to first packet: 38563.477133000 seconds Frame Number: 93 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x00c1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4f2 (incorrect, should be 0xab4d) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654198, Ack: 96596604, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654198 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x46ae (incorrect, should be 0x3d09) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 c1 40 00 7f 06 b4 f2 ac 10 86 bf cf 06 .(..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 76 05 c1 f2 7c 50 04 M....,...v...|P. 0030 00 00 46 ae 00 00 00 00 00 00 00 00 ..F......... Frame 96 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.567150000 Time delta from previous packet: 0.354194000 seconds Time relative to first packet: 44458.041946000 seconds Frame Number: 96 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x915b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xee23 (incorrect, should be 0xe47e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002209, Ack: 0, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002209 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xbe10 (incorrect, should be 0xb46b) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 91 5b 40 00 72 06 ee 23 a2 21 bd fc ac 10 .0.[@.r..#.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a1 00 00 00 00 70 02 .......=......p. 0030 20 00 be 10 00 00 02 04 02 18 01 01 04 02 ............. Frame 97 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.572129000 Time delta from previous packet: 0.004979000 seconds Time relative to first packet: 44458.046925000 seconds Frame Number: 97 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00ff Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7180 (incorrect, should be 0x67db) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017930, Ack: 4002210, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017930 Acknowledgement number: 4002210 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xa1c3 (incorrect, should be 0x981e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 ff 40 00 7f 06 71 80 ac 10 86 bf a2 21 .0..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4a 00 3d 11 a2 70 12 ......_m.J.=..p. 0030 40 e8 a1 c3 00 00 02 04 05 b4 01 01 04 02 @............. Frame 98 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.785226000 Time delta from previous packet: 0.213097000 seconds Time relative to first packet: 44458.260022000 seconds Frame Number: 98 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9e5b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe12b (incorrect, should be 0xd786) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xedef (incorrect, should be 0xe44a) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9e 5b 40 00 72 06 e1 2b a2 21 bd fc ac 10 .(.[@.r..+.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 10 .......=.._m.KP. 0030 21 80 ed ef 00 00 00 00 00 00 00 00 !........... Frame 99 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.815584000 Time delta from previous packet: 0.030358000 seconds Time relative to first packet: 44458.290380000 seconds Frame Number: 99 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa05b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xdee3 (incorrect, should be 0xd53e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 72 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Next sequence number: 4002282 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x9dd4 (incorrect, should be 0x942f) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a0 5b 40 00 72 06 de e3 a2 21 bd fc ac 10 .p.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 18 .......=.._m.KP. 0030 21 80 9d d4 00 00 81 00 00 44 20 46 44 45 43 45 !........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 100 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.818345000 Time delta from previous packet: 0.002761000 seconds Time relative to first packet: 44458.293141000 seconds Frame Number: 100 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0100 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7183 (incorrect, should be 0x67de) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017931, Ack: 4002282, Len: 4 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017931 Next sequence number: 1601017935 Acknowledgement number: 4002282 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x4c7b (incorrect, should be 0x42d6) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 01 00 40 00 7f 06 71 83 ac 10 86 bf a2 21 .,..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4b 00 3d 11 ea 50 18 ......_m.K.=..P. 0030 40 a0 4c 7b 00 00 82 00 00 00 00 00 @.L{........ Frame 101 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.005494000 Time delta from previous packet: 0.187149000 seconds Time relative to first packet: 44458.480290000 seconds Frame Number: 101 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xa65b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xd8ed (incorrect, should be 0xcf48) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002282, Ack: 1601017935, Len: 62 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002282 Next sequence number: 4002344 Acknowledgement number: 1601017935 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x59db (incorrect, should be 0x7035) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 a6 5b 40 00 72 06 d8 ed a2 21 bd fc ac 10 .f.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 ea 5f 6d 98 4f 50 18 .......=.._m.OP. 0030 21 7c 59 db 00 00 00 00 00 3a ff 53 4d 42 75 00 !|Y......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 102 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.010304000 Time delta from previous packet: 0.004810000 seconds Time relative to first packet: 44458.485100000 seconds Frame Number: 102 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0101 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7186 (incorrect, should be 0x67e1) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017935, Ack: 4002282, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017935 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0f30 (incorrect, should be 0x058b) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 01 01 40 00 7f 06 71 86 ac 10 86 bf a2 21 .(..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4f 00 3d 11 ea 50 04 ......_m.O.=..P. 0030 00 00 0f 30 00 00 00 00 00 00 00 00 ...0........ Frame 107 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.507005000 Time delta from previous packet: 0.163706000 seconds Time relative to first packet: 64400.981801000 seconds Frame Number: 107 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4bbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x5ddc (incorrect, should be 0x5437) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206342, Ack: 0, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206342 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa0ee (incorrect, should be 0x9749) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4b bf 40 00 6d 06 5d dc 40 11 fa f0 ac 10 .0K.@.m.].@..... 0020 86 bf 0f cf 00 8b 07 a4 46 06 00 00 00 00 70 02 ........F.....p. 0030 20 00 a0 ee 00 00 02 04 05 b4 01 01 04 02 ............. Frame 108 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.511341000 Time delta from previous packet: 0.004336000 seconds Time relative to first packet: 64400.986137000 seconds Frame Number: 108 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x01d3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95c8 (incorrect, should be 0x8c23) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770117, Ack: 128206343, Len: 0 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770117 Acknowledgement number: 128206343 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x50ce (incorrect, should be 0x4729) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 01 d3 40 00 7f 06 95 c8 ac 10 86 bf 40 11 .0..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 05 07 a4 46 07 70 12 ............F.p. 0030 44 70 50 ce 00 00 02 04 05 b4 01 01 04 02 DpP........... Frame 109 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.636530000 Time delta from previous packet: 0.125189000 seconds Time relative to first packet: 64401.111326000 seconds Frame Number: 109 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4fbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x59e4 (incorrect, should be 0x503f) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x9fca (incorrect, should be 0x9625) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4f bf 40 00 6d 06 59 e4 40 11 fa f0 ac 10 .(O.@.m.Y.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 10 ........F.....P. 0030 22 38 9f ca 00 00 00 00 00 00 00 00 "8.......... Frame 110 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.647166000 Time delta from previous packet: 0.010636000 seconds Time relative to first packet: 64401.121962000 seconds Frame Number: 110 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x50bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x589c (incorrect, should be 0x4ef7) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 72 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Next sequence number: 128206415 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x6caf (incorrect, should be 0x630a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 50 bf 40 00 6d 06 58 9c 40 11 fa f0 ac 10 .pP.@.m.X.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 18 ........F.....P. 0030 22 38 6c af 00 00 81 00 00 44 20 46 44 45 43 45 "8l......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 111 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.653087000 Time delta from previous packet: 0.005921000 seconds Time relative to first packet: 64401.127883000 seconds Frame Number: 111 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x01d4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95cb (incorrect, should be 0x8c26) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770118, Ack: 128206415, Len: 4 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770118 Next sequence number: 2291770122 Acknowledgement number: 128206415 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xfb85 (incorrect, should be 0xf1e0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 01 d4 40 00 7f 06 95 cb ac 10 86 bf 40 11 .,..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 06 07 a4 46 4f 50 18 ............FOP. 0030 44 28 fb 85 00 00 82 00 00 00 00 00 D(.......... Frame 112 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.766769000 Time delta from previous packet: 0.113682000 seconds Time relative to first packet: 64401.241565000 seconds Frame Number: 112 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x55bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x53a6 (incorrect, should be 0x4a01) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206415, Ack: 2291770122, Len: 62 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206415 Next sequence number: 128206477 Acknowledgement number: 2291770122 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x0bb6 (incorrect, should be 0x2210) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 55 bf 40 00 6d 06 53 a6 40 11 fa f0 ac 10 .fU.@.m.S.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 4f 88 99 a3 0a 50 18 ........FO....P. 0030 22 34 0b b6 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 113 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.770906000 Time delta from previous packet: 0.004137000 seconds Time relative to first packet: 64401.245702000 seconds Frame Number: 113 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x01d5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95ce (incorrect, should be 0x8c29) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770122, Ack: 128206415, Len: 0 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770122 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc1c2 (incorrect, should be 0xb81d) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 01 d5 40 00 7f 06 95 ce ac 10 86 bf 40 11 .(..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 0a 07 a4 46 4f 50 04 ............FOP. 0030 00 00 c1 c2 00 00 00 00 00 00 00 00 ............ Frame 116 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:26.620535000 Time delta from previous packet: 8.173293000 seconds Time relative to first packet: 72557.095331000 seconds Frame Number: 116 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xfe4a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x03d4 (incorrect, should be 0xfa2e) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060376, Ack: 0, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060376 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa241 (incorrect, should be 0x989c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 fe 4a 00 00 6f 06 03 d4 d5 54 4b 2a ac 10 .0.J..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d8 00 00 00 00 70 02 ..\....2......p. 0030 20 00 a2 41 00 00 02 04 05 b4 01 01 04 02 ..A.......... Frame 117 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:26.621230000 Time delta from previous packet: 0.000695000 seconds Time relative to first packet: 72557.096026000 seconds Frame Number: 117 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0227 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff7 (incorrect, should be 0xa652) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996529, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996529 Acknowledgement number: 20060377 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x382a (incorrect, should be 0x2e85) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 27 40 00 7f 06 af f7 ac 10 86 bf d5 54 .0.'@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 71 01 32 18 d9 70 12 K*..\..%Cq.2..p. 0030 44 70 38 2a 00 00 02 04 05 b4 01 01 04 02 Dp8*.......... Frame 118 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:28.148862000 Time delta from previous packet: 1.527632000 seconds Time relative to first packet: 72558.623658000 seconds Frame Number: 118 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x464b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xbbd3 (incorrect, should be 0xb22e) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060376, Ack: 0, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060376 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa241 (incorrect, should be 0x989c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 46 4b 00 00 6f 06 bb d3 d5 54 4b 2a ac 10 .0FK..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d8 00 00 00 00 70 02 ..\....2......p. 0030 20 00 a2 41 00 00 02 04 05 b4 01 01 04 02 ..A.......... Frame 119 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:28.149757000 Time delta from previous packet: 0.000895000 seconds Time relative to first packet: 72558.624553000 seconds Frame Number: 119 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0228 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaffe (incorrect, should be 0xa659) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Acknowledgement number: 20060377 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x64ee (incorrect, should be 0x5b49) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 28 40 00 7f 06 af fe ac 10 86 bf d5 54 .(.(@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 18 d9 50 10 K*..\..%Cr.2..P. 0030 44 70 64 ee 00 00 00 00 00 00 00 00 Dpd......... Frame 120 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:29.647536000 Time delta from previous packet: 1.497779000 seconds Time relative to first packet: 72560.122332000 seconds Frame Number: 120 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0229 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff5 (incorrect, should be 0xa650) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996529, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996529 Acknowledgement number: 20060377 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x382a (incorrect, should be 0x2e85) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 29 40 00 7f 06 af f5 ac 10 86 bf d5 54 .0.)@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 71 01 32 18 d9 70 12 K*..\..%Cq.2..p. 0030 44 70 38 2a 00 00 02 04 05 b4 01 01 04 02 Dp8*.......... Frame 121 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.442480000 Time delta from previous packet: 2.794944000 seconds Time relative to first packet: 72562.917276000 seconds Frame Number: 121 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa34b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x5edb (incorrect, should be 0x5536) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060377, Ack: 35996530, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060377 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x8726 (incorrect, should be 0x7d81) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 a3 4b 00 00 6f 06 5e db d5 54 4b 2a ac 10 .(.K..o.^..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d9 02 25 43 72 50 10 ..\....2...%CrP. 0030 22 38 87 26 00 00 00 00 00 00 00 00 "8.&........ Frame 122 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.451764000 Time delta from previous packet: 0.009284000 seconds Time relative to first packet: 72562.926560000 seconds Frame Number: 122 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa44b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x5d93 (incorrect, should be 0x53ee) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060377, Ack: 35996530, Len: 72 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060377 Next sequence number: 20060449 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x370b (incorrect, should be 0x2d66) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a4 4b 00 00 6f 06 5d 93 d5 54 4b 2a ac 10 .p.K..o.]..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d9 02 25 43 72 50 18 ..\....2...%CrP. 0030 22 38 37 0b 00 00 81 00 00 44 20 46 44 45 43 45 "87......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 123 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.454076000 Time delta from previous packet: 0.002312000 seconds Time relative to first packet: 72562.928872000 seconds Frame Number: 123 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x022a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff8 (incorrect, should be 0xa653) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060449, Len: 4 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Next sequence number: 35996534 Acknowledgement number: 20060449 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe2e1 (incorrect, should be 0xd93c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 2a 40 00 7f 06 af f8 ac 10 86 bf d5 54 .,.*@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 19 21 50 18 K*..\..%Cr.2.!P. 0030 44 28 e2 e1 00 00 82 00 00 00 00 00 D(.......... Frame 124 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:35.777503000 Time delta from previous packet: 3.323427000 seconds Time relative to first packet: 72566.252299000 seconds Frame Number: 124 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x294c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xd8da (incorrect, should be 0xcf35) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060449, Ack: 35996530, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060449 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x86de (incorrect, should be 0x7d39) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 29 4c 00 00 6f 06 d8 da d5 54 4b 2a ac 10 .()L..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 21 02 25 43 72 50 10 ..\....2.!.%CrP. 0030 22 38 86 de 00 00 00 00 00 00 00 00 "8.......... Frame 125 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.497415000 Time delta from previous packet: 2.719912000 seconds Time relative to first packet: 72568.972211000 seconds Frame Number: 125 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x022b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff7 (incorrect, should be 0xa652) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060449, Len: 4 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Next sequence number: 35996534 Acknowledgement number: 20060449 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe2e1 (incorrect, should be 0xd93c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 2b 40 00 7f 06 af f7 ac 10 86 bf d5 54 .,.+@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 19 21 50 18 K*..\..%Cr.2.!P. 0030 44 28 e2 e1 00 00 82 00 00 00 00 00 D(.......... Frame 126 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.615540000 Time delta from previous packet: 0.118125000 seconds Time relative to first packet: 72569.090336000 seconds Frame Number: 126 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x914c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x709c (incorrect, should be 0x66f7) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060449, Ack: 35996534, Len: 62 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060449 Next sequence number: 20060511 Acknowledgement number: 35996534 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xf311 (incorrect, should be 0x096c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 91 4c 00 00 6f 06 70 9c d5 54 4b 2a ac 10 .f.L..o.p..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 21 02 25 43 76 50 18 ..\....2.!.%CvP. 0030 22 34 f3 11 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 127 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.616470000 Time delta from previous packet: 0.000930000 seconds Time relative to first packet: 72569.091266000 seconds Frame Number: 127 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x022c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaffa (incorrect, should be 0xa655) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996534, Ack: 20060449, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996534 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa91e (incorrect, should be 0x9f79) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 2c 40 00 7f 06 af fa ac 10 86 bf d5 54 .(.,@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 76 01 32 19 21 50 04 K*..\..%Cv.2.!P. 0030 00 00 a9 1e 00 00 00 00 00 00 00 00 ............ Frame 128 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:44.409102000 Time delta from previous packet: 5.792632000 seconds Time relative to first packet: 72574.883898000 seconds Frame Number: 128 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6d4d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x94d9 (incorrect, should be 0x8b34) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060511, Ack: 35996534, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060511 Acknowledgement number: 35996534 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x86a0 (incorrect, should be 0x7cfb) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 6d 4d 00 00 6f 06 94 d9 d5 54 4b 2a ac 10 .(mM..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 5f 02 25 43 76 50 10 ..\....2._.%CvP. 0030 22 34 86 a0 00 00 00 00 00 00 00 00 "4.......... Frame 129 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:44.410593000 Time delta from previous packet: 0.001491000 seconds Time relative to first packet: 72574.885389000 seconds Frame Number: 129 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x022d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeff9 (incorrect, should be 0xe654) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996534, Ack: 35996534, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996534 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x7dd6 (incorrect, should be 0x7431) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 2d 00 00 7f 06 ef f9 ac 10 86 bf d5 54 .(.-...........T 0020 4b 2a 00 8b 5c 9f 02 25 43 76 02 25 43 76 50 04 K*..\..%Cv.%CvP. 0030 00 00 7d d6 00 00 00 00 00 00 00 00 ..}......... Frame 132 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.795143000 Time delta from previous packet: 0.147053000 seconds Time relative to first packet: 79714.269939000 seconds Frame Number: 132 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc241 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa639 (incorrect, should be 0x9c94) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788492, Ack: 0, Len: 0 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788492 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa7a2 (incorrect, should be 0x9dfd) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c2 41 40 00 6f 06 a6 39 44 98 35 8a ac 10 .0.A@.o..9D.5... 0020 86 bf 05 47 00 8b 08 92 09 cc 00 00 00 00 70 02 ...G..........p. 0030 20 00 a7 a2 00 00 02 04 05 b4 01 01 04 02 ............. Frame 133 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.795930000 Time delta from previous packet: 0.000787000 seconds Time relative to first packet: 79714.270726000 seconds Frame Number: 133 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0277 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5604 (incorrect, should be 0x4c5f) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210431, Ack: 143788493, Len: 0 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210431 Acknowledgement number: 143788493 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9617 (incorrect, should be 0x8c72) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 77 40 00 7f 06 56 04 ac 10 86 bf 44 98 .0.w@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 3f 08 92 09 cd 70 12 5....Gl..?....p. 0030 44 70 96 17 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 134 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.904478000 Time delta from previous packet: 0.108548000 seconds Time relative to first packet: 79714.379274000 seconds Frame Number: 134 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc541 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa341 (incorrect, should be 0x999c) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788493, Ack: 1825210432, Len: 0 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788493 Acknowledgement number: 1825210432 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe513 (incorrect, should be 0xdb6e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 c5 41 40 00 6f 06 a3 41 44 98 35 8a ac 10 .(.A@.o..AD.5... 0020 86 bf 05 47 00 8b 08 92 09 cd 6c ca 80 40 50 10 ...G......l..@P. 0030 22 38 e5 13 00 00 00 00 00 00 00 00 "8.......... Frame 135 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.904538000 Time delta from previous packet: 0.000060000 seconds Time relative to first packet: 79714.379334000 seconds Frame Number: 135 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xc641 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa1f9 (incorrect, should be 0x9854) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788493, Ack: 1825210432, Len: 72 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788493 Next sequence number: 143788565 Acknowledgement number: 1825210432 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x94f8 (incorrect, should be 0x8b53) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 c6 41 40 00 6f 06 a1 f9 44 98 35 8a ac 10 .p.A@.o...D.5... 0020 86 bf 05 47 00 8b 08 92 09 cd 6c ca 80 40 50 18 ...G......l..@P. 0030 22 38 94 f8 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 136 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.905460000 Time delta from previous packet: 0.000922000 seconds Time relative to first packet: 79714.380256000 seconds Frame Number: 136 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0278 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5607 (incorrect, should be 0x4c62) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210432, Ack: 143788565, Len: 4 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210432 Next sequence number: 1825210436 Acknowledgement number: 143788565 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x40cf (incorrect, should be 0x372a) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 78 40 00 7f 06 56 07 ac 10 86 bf 44 98 .,.x@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 40 08 92 0a 15 50 18 5....Gl..@....P. 0030 44 28 40 cf 00 00 82 00 00 00 00 00 D(@......... Frame 137 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 23:16:44.003611000 Time delta from previous packet: 0.098151000 seconds Time relative to first packet: 79714.478407000 seconds Frame Number: 137 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xcb41 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x9d03 (incorrect, should be 0x935e) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788565, Ack: 1825210436, Len: 62 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788565 Next sequence number: 143788627 Acknowledgement number: 1825210436 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x50ff (incorrect, should be 0x6759) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 cb 41 40 00 6f 06 9d 03 44 98 35 8a ac 10 .f.A@.o...D.5... 0020 86 bf 05 47 00 8b 08 92 0a 15 6c ca 80 44 50 18 ...G......l..DP. 0030 22 34 50 ff 00 00 00 00 00 3a ff 53 4d 42 75 00 "4P......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 138 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:44.008673000 Time delta from previous packet: 0.005062000 seconds Time relative to first packet: 79714.483469000 seconds Frame Number: 138 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0279 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x560a (incorrect, should be 0x4c65) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210436, Ack: 143788565, Len: 0 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210436 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x070c (incorrect, should be 0xfd66) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 79 40 00 7f 06 56 0a ac 10 86 bf 44 98 .(.y@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 44 08 92 0a 15 50 04 5....Gl..D....P. 0030 00 00 07 0c 00 00 00 00 00 00 00 00 ............ Frame 141 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.884579000 Time delta from previous packet: 0.156342000 seconds Time relative to first packet: 81112.359375000 seconds Frame Number: 141 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc7ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3744 (incorrect, should be 0x2d9f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575601, Ack: 0, Len: 0 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575601 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x6da7 (incorrect, should be 0x6402) Options: (8 bytes) Maximum segment size: 1400 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c7 ee 40 00 71 06 37 44 04 40 dd 2a ac 10 .0..@.q.7D.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f1 00 00 00 00 70 02 ........g.....p. 0030 20 00 6d a7 00 00 02 04 05 78 01 01 04 02 .m......x.... Frame 142 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.891677000 Time delta from previous packet: 0.007098000 seconds Time relative to first packet: 81112.366473000 seconds Frame Number: 142 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x028b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeea7 (incorrect, should be 0xe502) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707732, Ack: 14575602, Len: 0 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707732 Acknowledgement number: 14575602 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16800 Checksum: 0x6206 (incorrect, should be 0x5861) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 8b 40 00 7f 06 ee a7 ac 10 86 bf 04 40 .0..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 14 00 de 67 f2 70 12 .*......h...g.p. 0030 41 a0 62 06 00 00 02 04 05 b4 01 01 04 02 A.b........... Frame 143 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.982886000 Time delta from previous packet: 0.091209000 seconds Time relative to first packet: 81112.457682000 seconds Frame Number: 143 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xccee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x324c (incorrect, should be 0x28a7) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575602, Ack: 2174707733, Len: 0 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575602 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0xaf9a (incorrect, should be 0xa5f5) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cc ee 40 00 71 06 32 4c 04 40 dd 2a ac 10 .(..@.q.2L.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 10 ........g...h.P. 0030 20 d0 af 9a 00 00 00 00 00 00 00 00 ........... Frame 144 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.992845000 Time delta from previous packet: 0.009959000 seconds Time relative to first packet: 81112.467641000 seconds Frame Number: 144 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcdee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3104 (incorrect, should be 0x275f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575602, Ack: 2174707733, Len: 72 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575602 Next sequence number: 14575674 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0x5f7f (incorrect, should be 0x55da) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cd ee 40 00 71 06 31 04 04 40 dd 2a ac 10 .p..@.q.1..@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 18 ........g...h.P. 0030 20 d0 5f 7f 00 00 81 00 00 44 20 46 44 45 43 45 ._......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 145 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.993597000 Time delta from previous packet: 0.000752000 seconds Time relative to first packet: 81112.468393000 seconds Frame Number: 145 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x028c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeeaa (incorrect, should be 0xe505) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707733, Ack: 14575674, Len: 4 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707733 Next sequence number: 2174707737 Acknowledgement number: 14575674 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16728 Checksum: 0x0cbe (incorrect, should be 0x0319) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 8c 40 00 7f 06 ee aa ac 10 86 bf 04 40 .,..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 15 00 de 68 3a 50 18 .*......h...h:P. 0030 41 58 0c be 00 00 82 00 00 00 00 00 AX.......... Frame 146 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.093702000 Time delta from previous packet: 0.100105000 seconds Time relative to first packet: 81112.568498000 seconds Frame Number: 146 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd1ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x2d0e (incorrect, should be 0x2369) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575674, Ack: 2174707737, Len: 62 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575674 Next sequence number: 14575736 Acknowledgement number: 2174707737 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8396 Checksum: 0x1b86 (incorrect, should be 0x31e0) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 ee 40 00 71 06 2d 0e 04 40 dd 2a ac 10 .f..@.q.-..@.*.. 0020 86 bf 81 c4 00 8b 00 de 68 3a 81 9f 68 19 50 18 ........h:..h.P. 0030 20 cc 1b 86 00 00 00 00 00 3a ff 53 4d 42 75 00 ........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 147 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.099579000 Time delta from previous packet: 0.005877000 seconds Time relative to first packet: 81112.574375000 seconds Frame Number: 147 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x028d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeead (incorrect, should be 0xe508) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707737, Ack: 14575674, Len: 0 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707737 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xd02a (incorrect, should be 0xc685) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 8d 40 00 7f 06 ee ad ac 10 86 bf 04 40 .(..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 19 00 de 68 3a 50 04 .*......h...h:P. 0030 00 00 d0 2a 00 00 00 00 00 00 00 00 ...*........ Frame 155 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.046726000 Time delta from previous packet: 0.625602000 seconds Time relative to first packet: 91618.521522000 seconds Frame Number: 155 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x84de Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92ef (incorrect, should be 0x894a) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254176, Ack: 0, Len: 0 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254176 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe229 (incorrect, should be 0xd884) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 84 de 40 00 6b 06 92 ef 51 ca 7d 05 ac 10 .0..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e0 00 00 00 00 70 02 .......wM.....p. 0030 40 00 e2 29 00 00 02 04 05 b4 01 01 04 02 @..).......... Frame 156 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.047401000 Time delta from previous packet: 0.000675000 seconds Time relative to first packet: 91618.522197000 seconds Frame Number: 156 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x030b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c3 (incorrect, should be 0xf71d) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536265, Ack: 276254177, Len: 0 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536265 Acknowledgement number: 276254177 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x0fe5 (incorrect, should be 0x0640) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 0b 40 00 7f 06 00 c3 ac 10 86 bf 51 ca .0..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 09 10 77 4d e1 70 12 }.....0....wM.p. 0030 44 70 0f e5 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 157 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.189203000 Time delta from previous packet: 0.141802000 seconds Time relative to first packet: 91618.663999000 seconds Frame Number: 157 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x84ea Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92eb (incorrect, should be 0x8946) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254177, Ack: 817536266, Len: 0 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254177 Acknowledgement number: 817536266 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x3ca9 (incorrect, should be 0x3304) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 84 ea 40 00 6b 06 92 eb 51 ca 7d 05 ac 10 .(..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e1 30 ba 9d 0a 50 10 .......wM.0...P. 0030 44 70 3c a9 00 00 00 00 00 00 00 00 Dp<......... Frame 158 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.216299000 Time delta from previous packet: 0.027096000 seconds Time relative to first packet: 91618.691095000 seconds Frame Number: 158 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x84ec Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92a1 (incorrect, should be 0x88fc) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254177, Ack: 817536266, Len: 72 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254177 Next sequence number: 276254249 Acknowledgement number: 817536266 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xec8d (incorrect, should be 0xe2e8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 84 ec 40 00 6b 06 92 a1 51 ca 7d 05 ac 10 .p..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e1 30 ba 9d 0a 50 18 .......wM.0...P. 0030 44 70 ec 8d 00 00 81 00 00 44 20 46 44 45 43 45 Dp.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 159 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.217001000 Time delta from previous packet: 0.000702000 seconds Time relative to first packet: 91618.691797000 seconds Frame Number: 159 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x030c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c6 (incorrect, should be 0xf720) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536266, Ack: 276254249, Len: 4 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536266 Next sequence number: 817536270 Acknowledgement number: 276254249 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xba9c (incorrect, should be 0xb0f7) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 0c 40 00 7f 06 00 c6 ac 10 86 bf 51 ca .,..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 0a 10 77 4e 29 50 18 }.....0....wN)P. 0030 44 28 ba 9c 00 00 82 00 00 00 00 00 D(.......... Frame 160 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.457537000 Time delta from previous packet: 0.240536000 seconds Time relative to first packet: 91618.932333000 seconds Frame Number: 160 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x84f5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92a2 (incorrect, should be 0x88fd) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254249, Ack: 817536270, Len: 62 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254249 Next sequence number: 276254311 Acknowledgement number: 817536270 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0xa894 (incorrect, should be 0xbeee) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 84 f5 40 00 6b 06 92 a2 51 ca 7d 05 ac 10 .f..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4e 29 30 ba 9d 0e 50 18 .......wN)0...P. 0030 44 6c a8 94 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 161 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.458214000 Time delta from previous packet: 0.000677000 seconds Time relative to first packet: 91618.933010000 seconds Frame Number: 161 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x030d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c9 (incorrect, should be 0xf723) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536270, Ack: 276254249, Len: 0 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536270 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x80d9 (incorrect, should be 0x7734) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 0d 40 00 7f 06 00 c9 ac 10 86 bf 51 ca .(..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 0e 10 77 4e 29 50 04 }.....0....wN)P. 0030 00 00 80 d9 00 00 00 00 00 00 00 00 ............ Frame 166 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.524707000 Time delta from previous packet: 0.327344000 seconds Time relative to first packet: 100510.999503000 seconds Frame Number: 166 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6cb7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x5281 (incorrect, should be 0x48dc) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179085, Ack: 0, Len: 0 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179085 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xd363 (incorrect, should be 0xc9be) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 6c b7 40 00 71 06 52 81 da ed 46 77 ac 10 .0l.@.q.R...Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0d 00 00 00 00 70 02 ...s...!@.....p. 0030 20 00 d3 63 00 00 02 04 05 b4 01 01 04 02 ..c.......... Frame 167 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.530846000 Time delta from previous packet: 0.006139000 seconds Time relative to first packet: 100511.005642000 seconds Frame Number: 167 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x035b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaddd (incorrect, should be 0xa438) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196573, Ack: 2179086, Len: 0 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196573 Acknowledgement number: 2179086 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd018 (incorrect, should be 0xc673) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 5b 40 00 7f 06 ad dd ac 10 86 bf da ed .0.[@........... 0020 46 77 00 8b 04 73 a2 ac 3c 1d 00 21 40 0e 70 12 Fw...s..<..!@.p. 0030 44 70 d0 18 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 168 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.712523000 Time delta from previous packet: 0.181677000 seconds Time relative to first packet: 100511.187319000 seconds Frame Number: 168 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x72b7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x4c89 (incorrect, should be 0x42e4) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179086, Ack: 2729196574, Len: 0 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179086 Acknowledgement number: 2729196574 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x1f15 (incorrect, should be 0x1570) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 72 b7 40 00 71 06 4c 89 da ed 46 77 ac 10 .(r.@.q.L...Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0e a2 ac 3c 1e 50 10 ...s...!@...<.P. 0030 22 38 1f 15 00 00 00 00 00 00 00 00 "8.......... Frame 169 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.722851000 Time delta from previous packet: 0.010328000 seconds Time relative to first packet: 100511.197647000 seconds Frame Number: 169 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x73b7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x4b41 (incorrect, should be 0x419c) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179086, Ack: 2729196574, Len: 72 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179086 Next sequence number: 2179158 Acknowledgement number: 2729196574 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf3ff (incorrect, should be 0xea5a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 73 b7 40 00 71 06 4b 41 da ed 46 77 ac 10 .ps.@.q.KA..Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0e a2 ac 3c 1e 50 18 ...s...!@...<.P. 0030 22 38 f3 ff 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 170 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.725699000 Time delta from previous packet: 0.002848000 seconds Time relative to first packet: 100511.200495000 seconds Frame Number: 170 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x035c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xade0 (incorrect, should be 0xa43b) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196574, Ack: 2179158, Len: 4 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196574 Next sequence number: 2729196578 Acknowledgement number: 2179158 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x7ad0 (incorrect, should be 0x712b) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 5c 40 00 7f 06 ad e0 ac 10 86 bf da ed .,.\@........... 0020 46 77 00 8b 04 73 a2 ac 3c 1e 00 21 40 56 50 18 Fw...s..<..!@VP. 0030 44 28 7a d0 00 00 82 00 00 00 00 00 D(z......... Frame 171 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.930695000 Time delta from previous packet: 0.204996000 seconds Time relative to first packet: 100511.405491000 seconds Frame Number: 171 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7bb7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x434b (incorrect, should be 0x39a6) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179158, Ack: 2729196578, Len: 62 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179158 Next sequence number: 2179220 Acknowledgement number: 2729196578 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x8b00 (incorrect, should be 0xa15a) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 7b b7 40 00 71 06 43 4b da ed 46 77 ac 10 .f{.@.q.CK..Fw.. 0020 86 bf 04 73 00 8b 00 21 40 56 a2 ac 3c 22 50 18 ...s...!@V..<"P. 0030 22 34 8b 00 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 172 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.935832000 Time delta from previous packet: 0.005137000 seconds Time relative to first packet: 100511.410628000 seconds Frame Number: 172 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x035d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xade3 (incorrect, should be 0xa43e) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196578, Ack: 2179158, Len: 0 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196578 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x410d (incorrect, should be 0x3768) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 5d 40 00 7f 06 ad e3 ac 10 86 bf da ed .(.]@........... 0020 46 77 00 8b 04 73 a2 ac 3c 22 00 21 40 56 50 04 Fw...s..<".!@VP. 0030 00 00 41 0d 00 00 00 00 00 00 00 00 ..A......... Frame 175 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.038928000 Time delta from previous packet: 0.164900000 seconds Time relative to first packet: 101744.513724000 seconds Frame Number: 175 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0256 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa593 (incorrect, should be 0x9bee) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309821, Ack: 0, Len: 0 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309821 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x045a (incorrect, should be 0xfab4) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 02 56 40 00 6b 06 a5 93 d5 6b 69 48 ac 10 .0.V@.k....kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7d 00 00 00 00 70 02 ...Q.....}....p. 0030 ff ff 04 5a 00 00 02 04 05 b4 01 01 04 02 ...Z.......... Frame 176 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.044020000 Time delta from previous packet: 0.005092000 seconds Time relative to first packet: 101744.518816000 seconds Frame Number: 176 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x036d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x907c (incorrect, should be 0x86d7) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810557, Ack: 9309822, Len: 0 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810557 Acknowledgement number: 9309822 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbb49 (incorrect, should be 0xb1a4) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 6d 40 00 7f 06 90 7c ac 10 86 bf d5 6b .0.m@....|.....k 0020 69 48 00 8b 07 51 b5 11 4f 7d 00 8e 0e 7e 70 12 iH...Q..O}...~p. 0030 44 70 bb 49 00 00 02 04 05 b4 01 01 04 02 Dp.I.......... Frame 177 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.198806000 Time delta from previous packet: 0.154786000 seconds Time relative to first packet: 101744.673602000 seconds Frame Number: 177 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0456 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa39b (incorrect, should be 0x99f6) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309822, Ack: 3037810558, Len: 0 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309822 Acknowledgement number: 3037810558 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x2c7e (incorrect, should be 0x22d9) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 04 56 40 00 6b 06 a3 9b d5 6b 69 48 ac 10 .(.V@.k....kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7e b5 11 4f 7e 50 10 ...Q.....~..O~P. 0030 ff ff 2c 7e 00 00 00 00 00 00 00 00 ..,~........ Frame 178 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.209002000 Time delta from previous packet: 0.010196000 seconds Time relative to first packet: 101744.683798000 seconds Frame Number: 178 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0556 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa253 (incorrect, should be 0x98ae) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309822, Ack: 3037810558, Len: 72 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309822 Next sequence number: 9309894 Acknowledgement number: 3037810558 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xdc62 (incorrect, should be 0xd2bd) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 05 56 40 00 6b 06 a2 53 d5 6b 69 48 ac 10 .p.V@.k..S.kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7e b5 11 4f 7e 50 18 ...Q.....~..O~P. 0030 ff ff dc 62 00 00 81 00 00 44 20 46 44 45 43 45 ...b.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 179 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.210300000 Time delta from previous packet: 0.001298000 seconds Time relative to first packet: 101744.685096000 seconds Frame Number: 179 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x036f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x907e (incorrect, should be 0x86d9) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810558, Ack: 9309894, Len: 4 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810558 Next sequence number: 3037810562 Acknowledgement number: 9309894 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x6601 (incorrect, should be 0x5c5c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 6f 40 00 7f 06 90 7e ac 10 86 bf d5 6b .,.o@....~.....k 0020 69 48 00 8b 07 51 b5 11 4f 7e 00 8e 0e c6 50 18 iH...Q..O~....P. 0030 44 28 66 01 00 00 82 00 00 00 00 00 D(f......... Frame 180 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.378861000 Time delta from previous packet: 0.168561000 seconds Time relative to first packet: 101744.853657000 seconds Frame Number: 180 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0956 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x9e5d (incorrect, should be 0x94b8) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309894, Ack: 3037810562, Len: 62 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309894 Next sequence number: 9309956 Acknowledgement number: 3037810562 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x9869 (incorrect, should be 0xaec3) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 09 56 40 00 6b 06 9e 5d d5 6b 69 48 ac 10 .f.V@.k..].kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e c6 b5 11 4f 82 50 18 ...Q........O.P. 0030 ff fb 98 69 00 00 00 00 00 3a ff 53 4d 42 75 00 ...i.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 181 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.384849000 Time delta from previous packet: 0.005988000 seconds Time relative to first packet: 101744.859645000 seconds Frame Number: 181 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0370 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9081 (incorrect, should be 0x86dc) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810562, Ack: 9309894, Len: 0 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810562 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x2c3e (incorrect, should be 0x2299) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 70 40 00 7f 06 90 81 ac 10 86 bf d5 6b .(.p@..........k 0020 69 48 00 8b 07 51 b5 11 4f 82 00 8e 0e c6 50 04 iH...Q..O.....P. 0030 00 00 2c 3e 00 00 00 00 00 00 00 00 ..,>........ Frame 184 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:55:21.979479000 Time delta from previous packet: 0.456918000 seconds Time relative to first packet: 103632.454275000 seconds Frame Number: 184 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa267 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x05ad (incorrect, should be 0xfc07) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697871, Ack: 0, Len: 0 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697871 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x4d39 (incorrect, should be 0x4394) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a2 67 40 00 6c 06 05 ad d5 2c 68 5c ac 10 .0.g@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 0f 00 00 00 00 70 02 ...*..........p. 0030 20 00 4d 39 00 00 02 04 02 18 01 01 04 02 .M9.......... Frame 185 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:55:21.980274000 Time delta from previous packet: 0.000795000 seconds Time relative to first packet: 103632.455070000 seconds Frame Number: 185 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0384 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9190 (incorrect, should be 0x87eb) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887328, Ack: 697872, Len: 0 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887328 Acknowledgement number: 697872 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xb60e (incorrect, should be 0xac69) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 84 40 00 7f 06 91 90 ac 10 86 bf d5 2c .0..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 60 00 0a a6 10 70 12 h\...*.4.`....p. 0030 40 e8 b6 0e 00 00 02 04 05 b4 01 01 04 02 @............. Frame 186 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.339570000 Time delta from previous packet: 0.359296000 seconds Time relative to first packet: 103632.814366000 seconds Frame Number: 186 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb167 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xf6b4 (incorrect, should be 0xed0f) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697872, Ack: 3509887329, Len: 0 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697872 Acknowledgement number: 3509887329 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x023b (incorrect, should be 0xf895) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b1 67 40 00 6c 06 f6 b4 d5 2c 68 5c ac 10 .(.g@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 10 d1 34 a1 61 50 10 ...*.......4.aP. 0030 21 80 02 3b 00 00 00 00 00 00 00 00 !..;........ Frame 187 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.349816000 Time delta from previous packet: 0.010246000 seconds Time relative to first packet: 103632.824612000 seconds Frame Number: 187 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0200 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xa5d4 (incorrect, should be 0x9c2f) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697872, Ack: 3509887329, Len: 72 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697872 Next sequence number: 697944 Acknowledgement number: 3509887329 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xd725 (incorrect, should be 0xcd80) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 02 00 40 00 6c 06 a5 d4 d5 2c 68 5c ac 10 .p..@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 10 d1 34 a1 61 50 18 ...*.......4.aP. 0030 21 80 d7 25 00 00 81 00 00 44 20 46 44 45 43 45 !..%.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 188 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.351609000 Time delta from previous packet: 0.001793000 seconds Time relative to first packet: 103632.826405000 seconds Frame Number: 188 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0385 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9193 (incorrect, should be 0x87ee) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887329, Ack: 697944, Len: 4 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887329 Next sequence number: 3509887333 Acknowledgement number: 697944 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x60c6 (incorrect, should be 0x5721) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 85 40 00 7f 06 91 93 ac 10 86 bf d5 2c .,..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 61 00 0a a6 58 50 18 h\...*.4.a...XP. 0030 40 a0 60 c6 00 00 82 00 00 00 00 00 @.`......... Frame 189 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.689768000 Time delta from previous packet: 0.338159000 seconds Time relative to first packet: 103633.164564000 seconds Frame Number: 189 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0900 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x9ede (incorrect, should be 0x9539) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697944, Ack: 3509887333, Len: 62 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697944 Next sequence number: 698006 Acknowledgement number: 3509887333 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x6e26 (incorrect, should be 0x8480) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 09 00 40 00 6c 06 9e de d5 2c 68 5c ac 10 .f..@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 58 d1 34 a1 65 50 18 ...*.....X.4.eP. 0030 21 7c 6e 26 00 00 00 00 00 3a ff 53 4d 42 75 00 !|n&.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 190 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.694685000 Time delta from previous packet: 0.004917000 seconds Time relative to first packet: 103633.169481000 seconds Frame Number: 190 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0386 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9196 (incorrect, should be 0x87f1) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887333, Ack: 697944, Len: 0 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887333 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x237b (incorrect, should be 0x19d6) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 86 40 00 7f 06 91 96 ac 10 86 bf d5 2c .(..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 65 00 0a a6 58 50 04 h\...*.4.e...XP. 0030 00 00 23 7b 00 00 00 00 00 00 00 00 ..#{........ Frame 195 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.761713000 Time delta from previous packet: 0.122383000 seconds Time relative to first packet: 113150.236509000 seconds Frame Number: 195 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x216a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xb247 (incorrect, should be 0xa8a2) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418416, Ack: 0, Len: 0 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418416 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xbcb2 (incorrect, should be 0xb30d) Options: (8 bytes) Maximum segment size: 1322 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 21 6a 00 00 6e 06 b2 47 44 9a 0b 52 ac 10 .0!j..n..GD..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b0 00 00 00 00 70 02 ........|.....p. 0030 ff ff bc b2 00 00 02 04 05 2a 01 01 04 02 .........*.... Frame 196 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.762396000 Time delta from previous packet: 0.000683000 seconds Time relative to first packet: 113150.237192000 seconds Frame Number: 196 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x03e6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ecb (incorrect, should be 0x7526) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321755, Ack: 97418417, Len: 0 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321755 Acknowledgement number: 97418417 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17186 Checksum: 0xae92 (incorrect, should be 0xa4ed) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 e6 40 00 7f 06 7e cb ac 10 86 bf 44 9a .0..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 5b 05 ce 7c b1 70 12 .R...._.k[..|.p. 0030 43 22 ae 92 00 00 02 04 05 b4 01 01 04 02 C"............ Frame 197 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.850806000 Time delta from previous packet: 0.088410000 seconds Time relative to first packet: 113150.325602000 seconds Frame Number: 197 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x236a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xb04f (incorrect, should be 0xa6aa) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418417, Ack: 1594321756, Len: 0 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418417 Acknowledgement number: 1594321756 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x1e79 (incorrect, should be 0x14d4) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 23 6a 00 00 6e 06 b0 4f 44 9a 0b 52 ac 10 .(#j..n..OD..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b1 5f 07 6b 5c 50 10 ........|._.k\P. 0030 ff ff 1e 79 00 00 00 00 00 00 00 00 ...y........ Frame 198 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.860783000 Time delta from previous packet: 0.009977000 seconds Time relative to first packet: 113150.335579000 seconds Frame Number: 198 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x246a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xaf07 (incorrect, should be 0xa562) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418417, Ack: 1594321756, Len: 72 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418417 Next sequence number: 97418489 Acknowledgement number: 1594321756 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xeb5d (incorrect, should be 0xe1b8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 24 6a 00 00 6e 06 af 07 44 9a 0b 52 ac 10 .p$j..n...D..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b1 5f 07 6b 5c 50 18 ........|._.k\P. 0030 ff ff eb 5d 00 00 81 00 00 44 20 46 44 45 43 45 ...].....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 199 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.862551000 Time delta from previous packet: 0.001768000 seconds Time relative to first packet: 113150.337347000 seconds Frame Number: 199 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ece (incorrect, should be 0x7529) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321756, Ack: 97418489, Len: 4 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321756 Next sequence number: 1594321760 Acknowledgement number: 97418489 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17114 Checksum: 0x594a (incorrect, should be 0x4fa5) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 e7 40 00 7f 06 7e ce ac 10 86 bf 44 9a .,..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 5c 05 ce 7c f9 50 18 .R...._.k\..|.P. 0030 42 da 59 4a 00 00 82 00 00 00 00 00 B.YJ........ Frame 200 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.950871000 Time delta from previous packet: 0.088320000 seconds Time relative to first packet: 113150.425667000 seconds Frame Number: 200 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x266a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xad11 (incorrect, should be 0xa36c) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418489, Ack: 1594321760, Len: 62 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418489 Next sequence number: 97418551 Acknowledgement number: 1594321760 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x8a64 (incorrect, should be 0xa0be) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 26 6a 00 00 6e 06 ad 11 44 9a 0b 52 ac 10 .f&j..n...D..R.. 0020 86 bf ca d6 00 8b 05 ce 7c f9 5f 07 6b 60 50 18 ........|._.k`P. 0030 ff fb 8a 64 00 00 00 00 00 3a ff 53 4d 42 75 00 ...d.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 201 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.955795000 Time delta from previous packet: 0.004924000 seconds Time relative to first packet: 113150.430591000 seconds Frame Number: 201 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x03e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ed1 (incorrect, should be 0x752c) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321760, Ack: 97418489, Len: 0 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321760 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x1e39 (incorrect, should be 0x1494) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 e8 40 00 7f 06 7e d1 ac 10 86 bf 44 9a .(..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 60 05 ce 7c f9 50 04 .R...._.k`..|.P. 0030 00 00 1e 39 00 00 00 00 00 00 00 00 ...9........ Frame 204 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:52:03.138414000 Time delta from previous packet: 5.409110000 seconds Time relative to first packet: 114233.613210000 seconds Frame Number: 204 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x50dd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x91e6 (incorrect, should be 0x8841) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139344, Ack: 0, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139344 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa824 (incorrect, should be 0x9e7f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 50 dd 40 00 6c 06 91 e6 51 32 b1 a7 ac 10 .0P.@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d0 00 00 00 00 70 02 ..............p. 0030 20 00 a8 24 00 00 02 04 05 b4 01 01 04 02 ..$.......... Frame 205 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:52:03.139135000 Time delta from previous packet: 0.000721000 seconds Time relative to first packet: 114233.613931000 seconds Frame Number: 205 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x03f5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbce (incorrect, should be 0xc229) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211609, Ack: 114139345, Len: 0 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211609 Acknowledgement number: 114139345 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x359d (incorrect, should be 0x2bf8) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 f5 40 00 7f 06 cb ce ac 10 86 bf 51 32 .0..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de d9 06 cd a0 d1 70 12 ......o,......p. 0030 44 70 35 9d 00 00 02 04 05 b4 01 01 04 02 Dp5........... Frame 206 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.804891000 Time delta from previous packet: 1.665756000 seconds Time relative to first packet: 114235.279687000 seconds Frame Number: 206 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5cdd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x85ee (incorrect, should be 0x7c49) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139345, Ack: 1865211610, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139345 Acknowledgement number: 1865211610 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x8499 (incorrect, should be 0x7af4) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 5c dd 40 00 6c 06 85 ee 51 32 b1 a7 ac 10 .(\.@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d1 6f 2c de da 50 10 ..........o,..P. 0030 22 38 84 99 00 00 00 00 00 00 00 00 "8.......... Frame 207 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.814914000 Time delta from previous packet: 0.010023000 seconds Time relative to first packet: 114235.289710000 seconds Frame Number: 207 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x5ddd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x84a6 (incorrect, should be 0x7b01) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139345, Ack: 1865211610, Len: 72 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139345 Next sequence number: 114139417 Acknowledgement number: 1865211610 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x517e (incorrect, should be 0x47d9) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5d dd 40 00 6c 06 84 a6 51 32 b1 a7 ac 10 .p].@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d1 6f 2c de da 50 18 ..........o,..P. 0030 22 38 51 7e 00 00 81 00 00 44 20 46 44 45 43 45 "8Q~.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 208 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.816742000 Time delta from previous packet: 0.001828000 seconds Time relative to first packet: 114235.291538000 seconds Frame Number: 208 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03f6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd1 (incorrect, should be 0xc22c) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211610, Ack: 114139417, Len: 4 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211610 Next sequence number: 1865211614 Acknowledgement number: 114139417 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe054 (incorrect, should be 0xd6af) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 f6 40 00 7f 06 cb d1 ac 10 86 bf 51 32 .,..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de da 06 cd a1 19 50 18 ......o,......P. 0030 44 28 e0 54 00 00 82 00 00 00 00 00 D(.T........ Frame 209 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:07.759681000 Time delta from previous packet: 2.942939000 seconds Time relative to first packet: 114238.234477000 seconds Frame Number: 209 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03f7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd0 (incorrect, should be 0xc22b) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211610, Ack: 114139417, Len: 4 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211610 Next sequence number: 1865211614 Acknowledgement number: 114139417 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe054 (incorrect, should be 0xd6af) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 f7 40 00 7f 06 cb d0 ac 10 86 bf 51 32 .,..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de da 06 cd a1 19 50 18 ......o,......P. 0030 44 28 e0 54 00 00 82 00 00 00 00 00 D(.T........ Frame 210 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:09.357544000 Time delta from previous packet: 1.597863000 seconds Time relative to first packet: 114239.832340000 seconds Frame Number: 210 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7cdd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x65ee (incorrect, should be 0x5c49) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139479, Ack: 1865211614, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139479 Acknowledgement number: 1865211614 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x8413 (incorrect, should be 0x7a6e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7c dd 40 00 6c 06 65 ee 51 32 b1 a7 ac 10 .(|.@.l.e.Q2.... 0020 86 bf e6 cd 00 8b 06 cd a1 57 6f 2c de de 50 10 .........Wo,..P. 0030 22 34 84 13 00 00 00 00 00 00 00 00 "4.......... Frame 211 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 08:52:10.617396000 Time delta from previous packet: 1.259852000 seconds Time relative to first packet: 114241.092192000 seconds Frame Number: 211 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x85dd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x5cb0 (incorrect, should be 0x530b) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139417, Ack: 1865211614, Len: 62 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139417 Next sequence number: 114139479 Acknowledgement number: 1865211614 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xf084 (incorrect, should be 0x06df) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 85 dd 40 00 6c 06 5c b0 51 32 b1 a7 ac 10 .f..@.l.\.Q2.... 0020 86 bf e6 cd 00 8b 06 cd a1 19 6f 2c de de 50 18 ..........o,..P. 0030 22 34 f0 84 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 212 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:10.622458000 Time delta from previous packet: 0.005062000 seconds Time relative to first packet: 114241.097254000 seconds Frame Number: 212 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x03f8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd3 (incorrect, should be 0xc22e) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211614, Ack: 114139417, Len: 0 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211614 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa691 (incorrect, should be 0x9cec) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 f8 40 00 7f 06 cb d3 ac 10 86 bf 51 32 .(..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de de 06 cd a1 19 50 04 ......o,......P. 0030 00 00 a6 91 00 00 00 00 00 00 00 00 ............ Frame 215 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 10:43:54.951204000 Time delta from previous packet: 0.130656000 seconds Time relative to first packet: 120945.426000000 seconds Frame Number: 215 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe493 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xf04c (incorrect, should be 0xe6a7) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002567, Ack: 0, Len: 0 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002567 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x3915 (incorrect, should be 0x2f70) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e4 93 40 00 6f 06 f0 4c d0 ba 3d 02 ac 10 .0..@.o..L..=... 0020 86 bf 05 ec 00 8b 00 e4 eb c7 00 00 00 00 70 02 ..............p. 0030 20 00 39 15 00 00 02 04 05 b4 01 01 04 02 .9........... Frame 216 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 10:43:54.951206000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 120945.426002000 seconds Frame Number: 216 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0446 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc09a (incorrect, should be 0xb6f5) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192206, Ack: 15002568, Len: 0 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192206 Acknowledgement number: 15002568 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xcd75 (incorrect, should be 0xc3d0) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 04 46 40 00 7f 06 c0 9a ac 10 86 bf d0 ba .0.F@........... 0020 3d 02 00 8b 05 ec dc 4f 6a ce 00 e4 eb c8 70 12 =......Oj.....p. 0030 44 70 cd 75 00 00 02 04 05 b4 01 01 04 02 Dp.u.......... Frame 217 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.052134000 Time delta from previous packet: 0.100928000 seconds Time relative to first packet: 120945.526930000 seconds Frame Number: 217 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe793 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xed54 (incorrect, should be 0xe3af) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002568, Ack: 3696192207, Len: 0 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002568 Acknowledgement number: 3696192207 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x1c72 (incorrect, should be 0x12cd) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 e7 93 40 00 6f 06 ed 54 d0 ba 3d 02 ac 10 .(..@.o..T..=... 0020 86 bf 05 ec 00 8b 00 e4 eb c8 dc 4f 6a cf 50 10 ...........Oj.P. 0030 22 38 1c 72 00 00 00 00 00 00 00 00 "8.r........ Frame 218 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.059815000 Time delta from previous packet: 0.007681000 seconds Time relative to first packet: 120945.534611000 seconds Frame Number: 218 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xe893 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xec0c (incorrect, should be 0xe267) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002568, Ack: 3696192207, Len: 72 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002568 Next sequence number: 15002640 Acknowledgement number: 3696192207 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xcc56 (incorrect, should be 0xc2b1) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 e8 93 40 00 6f 06 ec 0c d0 ba 3d 02 ac 10 .p..@.o.....=... 0020 86 bf 05 ec 00 8b 00 e4 eb c8 dc 4f 6a cf 50 18 ...........Oj.P. 0030 22 38 cc 56 00 00 81 00 00 44 20 46 44 45 43 45 "8.V.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 219 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.060787000 Time delta from previous packet: 0.000972000 seconds Time relative to first packet: 120945.535583000 seconds Frame Number: 219 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0447 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc09d (incorrect, should be 0xb6f8) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192207, Ack: 15002640, Len: 4 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192207 Next sequence number: 3696192211 Acknowledgement number: 15002640 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x782d (incorrect, should be 0x6e88) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 04 47 40 00 7f 06 c0 9d ac 10 86 bf d0 ba .,.G@........... 0020 3d 02 00 8b 05 ec dc 4f 6a cf 00 e4 ec 10 50 18 =......Oj.....P. 0030 44 28 78 2d 00 00 82 00 00 00 00 00 D(x-........ Frame 220 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.199911000 Time delta from previous packet: 0.139124000 seconds Time relative to first packet: 120945.674707000 seconds Frame Number: 220 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xeb93 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe916 (incorrect, should be 0xdf71) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002640, Ack: 3696192211, Len: 62 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002640 Next sequence number: 15002702 Acknowledgement number: 3696192211 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x885d (incorrect, should be 0x9eb7) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 eb 93 40 00 6f 06 e9 16 d0 ba 3d 02 ac 10 .f..@.o.....=... 0020 86 bf 05 ec 00 8b 00 e4 ec 10 dc 4f 6a d3 50 18 ...........Oj.P. 0030 22 34 88 5d 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.].....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 221 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.202573000 Time delta from previous packet: 0.002662000 seconds Time relative to first packet: 120945.677369000 seconds Frame Number: 221 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0448 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc0a0 (incorrect, should be 0xb6fb) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192211, Ack: 15002640, Len: 0 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192211 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x3e6a (incorrect, should be 0x34c5) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 04 48 40 00 7f 06 c0 a0 ac 10 86 bf d0 ba .(.H@........... 0020 3d 02 00 8b 05 ec dc 4f 6a d3 00 e4 ec 10 50 04 =......Oj.....P. 0030 00 00 3e 6a 00 00 00 00 00 00 00 00 ..>j........ Frame 224 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 12:09:49.632552000 Time delta from previous packet: 0.600116000 seconds Time relative to first packet: 126100.107348000 seconds Frame Number: 224 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9a77 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x08f2 (incorrect, should be 0xff4c) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719604, Ack: 0, Len: 0 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719604 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf704 (incorrect, should be 0xed5f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 9a 77 40 00 6b 06 08 f2 3e c2 04 72 ac 10 .0.w@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b4 00 00 00 00 70 02 ..............p. 0030 40 00 f7 04 00 00 02 04 05 b4 01 01 04 02 @............. Frame 225 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 12:09:49.633491000 Time delta from previous packet: 0.000939000 seconds Time relative to first packet: 126100.108287000 seconds Frame Number: 225 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0485 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8ae4 (incorrect, should be 0x813f) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462666, Ack: 231719605, Len: 0 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462666 Acknowledgement number: 231719605 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x1da8 (incorrect, should be 0x1403) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 04 85 40 00 7f 06 8a e4 ac 10 86 bf 3e c2 .0..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 ca 0d cf c2 b5 70 12 .r....0.......p. 0030 44 70 1d a8 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 226 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.190476000 Time delta from previous packet: 0.556985000 seconds Time relative to first packet: 126100.665272000 seconds Frame Number: 226 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9a8a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x08e7 (incorrect, should be 0xff41) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719605, Ack: 806462667, Len: 0 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719605 Acknowledgement number: 806462667 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x4a6c (incorrect, should be 0x40c7) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9a 8a 40 00 6b 06 08 e7 3e c2 04 72 ac 10 .(..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b5 30 11 a4 cb 50 10 ..........0...P. 0030 44 70 4a 6c 00 00 00 00 00 00 00 00 DpJl........ Frame 227 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.201656000 Time delta from previous packet: 0.011180000 seconds Time relative to first packet: 126100.676452000 seconds Frame Number: 227 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9a8b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x089e (incorrect, should be 0xfef8) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719605, Ack: 806462667, Len: 72 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719605 Next sequence number: 231719677 Acknowledgement number: 806462667 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xfa50 (incorrect, should be 0xf0ab) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 9a 8b 40 00 6b 06 08 9e 3e c2 04 72 ac 10 .p..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b5 30 11 a4 cb 50 18 ..........0...P. 0030 44 70 fa 50 00 00 81 00 00 44 20 46 44 45 43 45 Dp.P.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 228 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.204915000 Time delta from previous packet: 0.003259000 seconds Time relative to first packet: 126100.679711000 seconds Frame Number: 228 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0486 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8ae7 (incorrect, should be 0x8142) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462667, Ack: 231719677, Len: 4 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462667 Next sequence number: 806462671 Acknowledgement number: 231719677 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xc85f (incorrect, should be 0xbeba) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 04 86 40 00 7f 06 8a e7 ac 10 86 bf 3e c2 .,..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 cb 0d cf c2 fd 50 18 .r....0.......P. 0030 44 28 c8 5f 00 00 82 00 00 00 00 00 D(._........ Frame 229 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.790880000 Time delta from previous packet: 0.585965000 seconds Time relative to first packet: 126101.265676000 seconds Frame Number: 229 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x9aa3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x0890 (incorrect, should be 0xfeea) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719677, Ack: 806462671, Len: 62 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719677 Next sequence number: 231719739 Acknowledgement number: 806462671 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0xb657 (incorrect, should be 0xccb1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 9a a3 40 00 6b 06 08 90 3e c2 04 72 ac 10 .f..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 fd 30 11 a4 cf 50 18 ..........0...P. 0030 44 6c b6 57 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl.W.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 230 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.796156000 Time delta from previous packet: 0.005276000 seconds Time relative to first packet: 126101.270952000 seconds Frame Number: 230 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0487 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8aea (incorrect, should be 0x8145) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462671, Ack: 231719677, Len: 0 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462671 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x8e9c (incorrect, should be 0x84f7) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 04 87 40 00 7f 06 8a ea ac 10 86 bf 3e c2 .(..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 cf 0d cf c2 fd 50 04 .r....0.......P. 0030 00 00 8e 9c 00 00 00 00 00 00 00 00 ............ Frame 253 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.389421000 Time delta from previous packet: 0.101911000 seconds Time relative to first packet: 157920.864217000 seconds Frame Number: 253 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7a33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xfd88 (incorrect, should be 0xf3e3) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342167, Ack: 0, Len: 0 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342167 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x7e91 (incorrect, should be 0x74ec) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 7a 33 40 00 74 06 fd 88 44 73 21 6e ac 10 .0z3@.t...Ds!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 97 00 00 00 00 70 02 ........J.....p. 0030 16 d0 7e 91 00 00 02 04 05 b4 01 01 04 02 ..~........... Frame 254 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.422583000 Time delta from previous packet: 0.033162000 seconds Time relative to first packet: 157920.897379000 seconds Frame Number: 254 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.115.33.110 (68.115.33.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x05cc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x66f0 (incorrect, should be 0x5d4b) Source: 172.16.134.191 (172.16.134.191) Destination: 68.115.33.110 (68.115.33.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4881 (4881), Seq: 4196917429, Ack: 8342168, Len: 0 Source port: netbios-ssn (139) Destination port: 4881 (4881) Sequence number: 4196917429 Acknowledgement number: 8342168 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7602 (incorrect, should be 0x6c5d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 05 cc 40 00 7f 06 66 f0 ac 10 86 bf 44 73 .0..@...f.....Ds 0020 21 6e 00 8b 13 11 fa 27 e0 b5 00 7f 4a 98 70 12 !n.....'....J.p. 0030 44 70 76 02 00 00 02 04 05 b4 01 01 04 02 Dpv........... Frame 255 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.465207000 Time delta from previous packet: 0.042624000 seconds Time relative to first packet: 157920.940003000 seconds Frame Number: 255 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7e33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf990 (incorrect, should be 0xefeb) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342168, Ack: 4196917430, Len: 0 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342168 Acknowledgement number: 4196917430 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xd066 (incorrect, should be 0xc6c1) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7e 33 40 00 74 06 f9 90 44 73 21 6e ac 10 .(~3@.t...Ds!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 98 fa 27 e0 b6 50 10 ........J..'..P. 0030 16 d0 d0 66 00 00 00 00 00 00 00 00 ...f........ Frame 256 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.484404000 Time delta from previous packet: 0.019197000 seconds Time relative to first packet: 157920.959200000 seconds Frame Number: 256 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x7f33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf848 (incorrect, should be 0xeea3) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342168, Ack: 4196917430, Len: 72 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342168 Next sequence number: 8342240 Acknowledgement number: 4196917430 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xa551 (incorrect, should be 0x9bac) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 7f 33 40 00 74 06 f8 48 44 73 21 6e ac 10 .p.3@.t..HDs!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 98 fa 27 e0 b6 50 18 ........J..'..P. 0030 16 d0 a5 51 00 00 81 00 00 44 20 46 44 45 43 45 ...Q.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 257 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.490276000 Time delta from previous packet: 0.005872000 seconds Time relative to first packet: 157920.965072000 seconds Frame Number: 257 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.115.33.110 (68.115.33.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x05cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x66f3 (incorrect, should be 0x5d4e) Source: 172.16.134.191 (172.16.134.191) Destination: 68.115.33.110 (68.115.33.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4881 (4881), Seq: 4196917430, Ack: 8342240, Len: 4 Source port: netbios-ssn (139) Destination port: 4881 (4881) Sequence number: 4196917430 Next sequence number: 4196917434 Acknowledgement number: 8342240 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x20ba (incorrect, should be 0x1715) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 05 cd 40 00 7f 06 66 f3 ac 10 86 bf 44 73 .,..@...f.....Ds 0020 21 6e 00 8b 13 11 fa 27 e0 b6 00 7f 4a e0 50 18 !n.....'....J.P. 0030 44 28 20 ba 00 00 82 00 00 00 00 00 D( ......... Frame 258 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.562587000 Time delta from previous packet: 0.072311000 seconds Time relative to first packet: 157921.037383000 seconds Frame Number: 258 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x8233 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf552 (incorrect, should be 0xebad) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342240, Ack: 4196917434, Len: 62 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342240 Next sequence number: 8342302 Acknowledgement number: 4196917434 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5836 Checksum: 0x3c52 (incorrect, should be 0x52ac) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 82 33 40 00 74 06 f5 52 44 73 21 6e ac 10 .f.3@.t..RDs!n.. 0020 86 bf 13 11 00 8b 00 7f 4a e0 fa 27 e0 ba 50 18 ........J..'..P. 0030 16 cc 3c 52 00 00 00 00 00 3a ff 53 4d 42 75 00 .. (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5c 14 40 00 68 06 8f a9 90 86 6d 19 ac 10 .p\.@.h.....m... 0020 86 bf 04 01 00 8b 01 9b 65 b2 28 73 3f 1a 50 18 ........e.(s?.P. 0030 22 38 43 50 00 00 81 00 00 44 20 46 44 45 43 45 "8CP.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 268 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:51:57.618024000 Time delta from previous packet: 0.000633000 seconds Time relative to first packet: 161028.092820000 seconds Frame Number: 268 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 144.134.109.25 (144.134.109.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x05f0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcf11 (incorrect, should be 0xc56c) Source: 172.16.134.191 (172.16.134.191) Destination: 144.134.109.25 (144.134.109.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 678641434, Ack: 26961402, Len: 4 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 678641434 Next sequence number: 678641438 Acknowledgement number: 26961402 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xef26 (incorrect, should be 0xe581) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 05 f0 40 00 7f 06 cf 11 ac 10 86 bf 90 86 .,..@........... 0020 6d 19 00 8b 04 01 28 73 3f 1a 01 9b 65 fa 50 18 m.....(s?...e.P. 0030 44 28 ef 26 00 00 82 00 00 00 00 00 D(.&........ Frame 269 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 21:51:58.075756000 Time delta from previous packet: 0.457732000 seconds Time relative to first packet: 161028.550552000 seconds Frame Number: 269 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 144.134.109.25 (144.134.109.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7214 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 104 Protocol: TCP (0x06) Header checksum: 0x79b3 (incorrect, should be 0x700e) Source: 144.134.109.25 (144.134.109.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 26961402, Ack: 678641438, Len: 62 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 26961402 Next sequence number: 26961464 Acknowledgement number: 678641438 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xff56 (incorrect, should be 0x15b1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 72 14 40 00 68 06 79 b3 90 86 6d 19 ac 10 .fr.@.h.y...m... 0020 86 bf 04 01 00 8b 01 9b 65 fa 28 73 3f 1e 50 18 ........e.(s?.P. 0030 22 34 ff 56 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.V.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 270 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:51:58.081099000 Time delta from previous packet: 0.005343000 seconds Time relative to first packet: 161028.555895000 seconds Frame Number: 270 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 144.134.109.25 (144.134.109.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x05f1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcf14 (incorrect, should be 0xc56f) Source: 172.16.134.191 (172.16.134.191) Destination: 144.134.109.25 (144.134.109.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 678641438, Ack: 26961402, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 678641438 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xb563 (incorrect, should be 0xabbe) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 05 f1 40 00 7f 06 cf 14 ac 10 86 bf 90 86 .(..@........... 0020 6d 19 00 8b 04 01 28 73 3f 1e 01 9b 65 fa 50 04 m.....(s?...e.P. 0030 00 00 b5 63 00 00 00 00 00 00 00 00 ...c........ Frame 281 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:55:35.528599000 Time delta from previous packet: 0.000008000 seconds Time relative to first packet: 236846.003395000 seconds Frame Number: 281 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x376d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xf2bd (incorrect, should be 0xe918) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4794 (4794), Dst Port: netbios-ssn (139), Seq: 149921138, Ack: 0, Len: 0 Source port: 4794 (4794) Destination port: netbios-ssn (139) Sequence number: 149921138 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa603 (incorrect, should be 0x9c5e) Options: (8 bytes) Maximum segment size: 1420 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 37 6d 40 00 6d 06 f2 bd c3 24 f7 4d ac 10 .07m@.m....$.M.. 0020 86 bf 12 ba 00 8b 08 ef 9d 72 00 00 00 00 70 02 .........r....p. 0030 40 00 a6 03 00 00 02 04 05 8c 01 01 04 02 @............. Frame 283 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:55:35.533719000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 236846.008515000 seconds Frame Number: 283 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.36.247.77 (195.36.247.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x639a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb490 (incorrect, should be 0xaaeb) Source: 172.16.134.191 (172.16.134.191) Destination: 195.36.247.77 (195.36.247.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4794 (4794), Seq: 2453940821, Ack: 149921139, Len: 0 Source port: netbios-ssn (139) Destination port: 4794 (4794) Sequence number: 2453940821 Acknowledgement number: 149921139 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17040 Checksum: 0xe6a0 (incorrect, should be 0xdcfb) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 63 9a 40 00 7f 06 b4 90 ac 10 86 bf c3 24 .0c.@..........$ 0020 f7 4d 00 8b 12 ba 92 44 2a 55 08 ef 9d 73 70 12 .M.....D*U...sp. 0030 42 90 e6 a0 00 00 02 04 05 b4 01 01 04 02 B............. Frame 286 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 18:55:36.416696000 Time delta from previous packet: 0.019314000 seconds Time relative to first packet: 236846.891492000 seconds Frame Number: 286 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x37cb Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x3268 (incorrect, should be 0x28c3) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4794 (4794), Dst Port: netbios-ssn (139), Seq: 149921139, Ack: 149921139, Len: 0 Source port: 4794 (4794) Destination port: netbios-ssn (139) Sequence number: 149921139 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x6c39 (incorrect, should be 0x6294) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 37 cb 00 00 6d 06 32 68 c3 24 f7 4d ac 10 .(7...m.2h.$.M.. 0020 86 bf 12 ba 00 8b 08 ef 9d 73 08 ef 9d 73 50 04 .........s...sP. 0030 00 00 6c 39 00 00 00 00 00 00 00 00 ..l9........ Frame 402 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.085060000 Time delta from previous packet: 0.000016000 seconds Time relative to first packet: 236898.559856000 seconds Frame Number: 402 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4c2e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xddfc (incorrect, should be 0xd457) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3352 (3352), Dst Port: netbios-ssn (139), Seq: 186099577, Ack: 0, Len: 0 Source port: 3352 (3352) Destination port: netbios-ssn (139) Sequence number: 186099577 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x9f76 (incorrect, should be 0x95d1) Options: (8 bytes) Maximum segment size: 1420 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4c 2e 40 00 6d 06 dd fc c3 24 f7 4d ac 10 .0L.@.m....$.M.. 0020 86 bf 0d 18 00 8b 0b 17 a7 79 00 00 00 00 70 02 .........y....p. 0030 40 00 9f 76 00 00 02 04 05 8c 01 01 04 02 @..v.......... Frame 404 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.086253000 Time delta from previous packet: 0.000078000 seconds Time relative to first packet: 236898.561049000 seconds Frame Number: 404 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.36.247.77 (195.36.247.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x63e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb442 (incorrect, should be 0xaa9d) Source: 172.16.134.191 (172.16.134.191) Destination: 195.36.247.77 (195.36.247.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3352 (3352), Seq: 2467165145, Ack: 186099578, Len: 0 Source port: netbios-ssn (139) Destination port: 3352 (3352) Sequence number: 2467165145 Acknowledgement number: 186099578 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17040 Checksum: 0x15c6 (incorrect, should be 0x0c21) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 63 e8 40 00 7f 06 b4 42 ac 10 86 bf c3 24 .0c.@....B.....$ 0020 f7 4d 00 8b 0d 18 93 0d f3 d9 0b 17 a7 7a 70 12 .M...........zp. 0030 42 90 15 c6 00 00 02 04 05 b4 01 01 04 02 B............. Frame 407 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.978397000 Time delta from previous packet: 0.011007000 seconds Time relative to first packet: 236899.453193000 seconds Frame Number: 407 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4c8b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x1da8 (incorrect, should be 0x1403) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3352 (3352), Dst Port: netbios-ssn (139), Seq: 186099578, Ack: 186099578, Len: 0 Source port: 3352 (3352) Destination port: netbios-ssn (139) Sequence number: 186099578 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x597d (incorrect, should be 0x4fd8) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4c 8b 00 00 6d 06 1d a8 c3 24 f7 4d ac 10 .(L...m....$.M.. 0020 86 bf 0d 18 00 8b 0b 17 a7 7a 0b 17 a7 7a 50 04 .........z...zP. 0030 00 00 59 7d 00 00 00 00 00 00 00 00 ..Y}........ Frame 425 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.251517000 Time delta from previous packet: 0.324915000 seconds Time relative to first packet: 239248.726313000 seconds Frame Number: 425 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xca4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x73cc (incorrect, should be 0x6a27) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016531, Ack: 0, Len: 0 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016531 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x6897 (incorrect, should be 0x5ef2) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 ca 4a 40 00 6e 06 73 cc d2 0c d3 79 ac 10 .0.J@.n.s....y.. 0020 86 bf 11 51 00 8b 00 a8 19 53 00 00 00 00 70 02 ...Q.....S....p. 0030 20 00 68 97 00 00 02 04 05 b4 01 01 04 02 .h........... Frame 426 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.252277000 Time delta from previous packet: 0.000760000 seconds Time relative to first packet: 239248.727073000 seconds Frame Number: 426 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x675c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5ba (incorrect, should be 0xbc15) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631718, Ack: 11016532, Len: 0 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631718 Acknowledgement number: 11016532 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x92dd (incorrect, should be 0x8938) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 67 5c 40 00 7f 06 c5 ba ac 10 86 bf d2 0c .0g\@........... 0020 d3 79 00 8b 11 51 b6 11 fb 26 00 a8 19 54 70 12 .y...Q...&...Tp. 0030 44 70 92 dd 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 427 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.529537000 Time delta from previous packet: 0.277260000 seconds Time relative to first packet: 239249.004333000 seconds Frame Number: 427 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcd4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x70d4 (incorrect, should be 0x672f) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016532, Ack: 3054631719, Len: 0 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016532 Acknowledgement number: 3054631719 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe1d9 (incorrect, should be 0xd834) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cd 4a 40 00 6e 06 70 d4 d2 0c d3 79 ac 10 .(.J@.n.p....y.. 0020 86 bf 11 51 00 8b 00 a8 19 54 b6 11 fb 27 50 10 ...Q.....T...'P. 0030 22 38 e1 d9 00 00 00 00 00 00 00 00 "8.......... Frame 428 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.541243000 Time delta from previous packet: 0.011706000 seconds Time relative to first packet: 239249.016039000 seconds Frame Number: 428 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xce4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x6f8c (incorrect, should be 0x65e7) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016532, Ack: 3054631719, Len: 72 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016532 Next sequence number: 11016604 Acknowledgement number: 3054631719 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x91be (incorrect, should be 0x8819) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ce 4a 40 00 6e 06 6f 8c d2 0c d3 79 ac 10 .p.J@.n.o....y.. 0020 86 bf 11 51 00 8b 00 a8 19 54 b6 11 fb 27 50 18 ...Q.....T...'P. 0030 22 38 91 be 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 429 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.542527000 Time delta from previous packet: 0.001284000 seconds Time relative to first packet: 239249.017323000 seconds Frame Number: 429 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x675d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5bd (incorrect, should be 0xbc18) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631719, Ack: 11016604, Len: 4 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631719 Next sequence number: 3054631723 Acknowledgement number: 11016604 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x3d95 (incorrect, should be 0x33f0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 67 5d 40 00 7f 06 c5 bd ac 10 86 bf d2 0c .,g]@........... 0020 d3 79 00 8b 11 51 b6 11 fb 27 00 a8 19 9c 50 18 .y...Q...'....P. 0030 44 28 3d 95 00 00 82 00 00 00 00 00 D(=......... Frame 430 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.799588000 Time delta from previous packet: 0.257061000 seconds Time relative to first packet: 239249.274384000 seconds Frame Number: 430 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd14a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x6c96 (incorrect, should be 0x62f1) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016604, Ack: 3054631723, Len: 62 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016604 Next sequence number: 11016666 Acknowledgement number: 3054631723 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x4dc5 (incorrect, should be 0x641f) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 4a 40 00 6e 06 6c 96 d2 0c d3 79 ac 10 .f.J@.n.l....y.. 0020 86 bf 11 51 00 8b 00 a8 19 9c b6 11 fb 2b 50 18 ...Q.........+P. 0030 22 34 4d c5 00 00 00 00 00 3a ff 53 4d 42 75 00 "4M......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 431 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.804660000 Time delta from previous packet: 0.005072000 seconds Time relative to first packet: 239249.279456000 seconds Frame Number: 431 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x675e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5c0 (incorrect, should be 0xbc1b) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631723, Ack: 11016604, Len: 0 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631723 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x03d2 (incorrect, should be 0xfa2c) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 67 5e 40 00 7f 06 c5 c0 ac 10 86 bf d2 0c .(g^@........... 0020 d3 79 00 8b 11 51 b6 11 fb 2b 00 a8 19 9c 50 04 .y...Q...+....P. 0030 00 00 03 d2 00 00 00 00 00 00 00 00 ............ Frame 434 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:47:47.962022000 Time delta from previous packet: 0.510539000 seconds Time relative to first packet: 239978.436818000 seconds Frame Number: 434 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x256d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4fce (incorrect, should be 0x4629) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963040, Ack: 0, Len: 0 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963040 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x0777 (incorrect, should be 0xfdd1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 25 6d 40 00 70 06 4f ce ca 3f a2 22 ac 10 .0%m@.p.O..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e0 00 00 00 00 70 02 ...e...K......p. 0030 20 00 07 77 00 00 02 04 05 b4 01 01 04 02 ..w.......... Frame 435 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:47:47.962777000 Time delta from previous packet: 0.000755000 seconds Time relative to first packet: 239978.437573000 seconds Frame Number: 435 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x686f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdcb (incorrect, should be 0xf426) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119574, Ack: 4963041, Len: 0 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119574 Acknowledgement number: 4963041 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9bac (incorrect, should be 0x9207) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 68 6f 40 00 7f 06 fd cb ac 10 86 bf ca 3f .0ho@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 56 00 4b ba e1 70 12 ."...e...V.K..p. 0030 44 70 9b ac 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 436 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.439987000 Time delta from previous packet: 0.477210000 seconds Time relative to first packet: 239978.914783000 seconds Frame Number: 436 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x296d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4bd6 (incorrect, should be 0x4231) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963041, Ack: 3237119575, Len: 0 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963041 Acknowledgement number: 3237119575 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xeaa8 (incorrect, should be 0xe103) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 29 6d 40 00 70 06 4b d6 ca 3f a2 22 ac 10 .()m@.p.K..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e1 c0 f2 86 57 50 10 ...e...K.....WP. 0030 22 38 ea a8 00 00 00 00 00 00 00 00 "8.......... Frame 437 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.451926000 Time delta from previous packet: 0.011939000 seconds Time relative to first packet: 239978.926722000 seconds Frame Number: 437 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x2a6d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4a8e (incorrect, should be 0x40e9) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963041, Ack: 3237119575, Len: 72 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963041 Next sequence number: 4963113 Acknowledgement number: 3237119575 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xb78d (incorrect, should be 0xade8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 2a 6d 40 00 70 06 4a 8e ca 3f a2 22 ac 10 .p*m@.p.J..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e1 c0 f2 86 57 50 18 ...e...K.....WP. 0030 22 38 b7 8d 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 438 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.453204000 Time delta from previous packet: 0.001278000 seconds Time relative to first packet: 239978.928000000 seconds Frame Number: 438 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6870 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdce (incorrect, should be 0xf429) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119575, Ack: 4963113, Len: 4 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119575 Next sequence number: 3237119579 Acknowledgement number: 4963113 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x4664 (incorrect, should be 0x3cbf) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 68 70 40 00 7f 06 fd ce ac 10 86 bf ca 3f .,hp@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 57 00 4b bb 29 50 18 ."...e...W.K.)P. 0030 44 28 46 64 00 00 82 00 00 00 00 00 D(Fd........ Frame 439 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.940293000 Time delta from previous packet: 0.487089000 seconds Time relative to first packet: 239979.415089000 seconds Frame Number: 439 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x2e6d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4698 (incorrect, should be 0x3cf3) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963113, Ack: 3237119579, Len: 62 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963113 Next sequence number: 4963175 Acknowledgement number: 3237119579 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x5694 (incorrect, should be 0x6cee) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 2e 6d 40 00 70 06 46 98 ca 3f a2 22 ac 10 .f.m@.p.F..?.".. 0020 86 bf 0a 65 00 8b 00 4b bb 29 c0 f2 86 5b 50 18 ...e...K.)...[P. 0030 22 34 56 94 00 00 00 00 00 3a ff 53 4d 42 75 00 "4V......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 440 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.946593000 Time delta from previous packet: 0.006300000 seconds Time relative to first packet: 239979.421389000 seconds Frame Number: 440 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6872 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdd0 (incorrect, should be 0xf42b) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119579, Ack: 4963113, Len: 0 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119579 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0ca1 (incorrect, should be 0x02fc) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 68 72 40 00 7f 06 fd d0 ac 10 86 bf ca 3f .(hr@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 5b 00 4b bb 29 50 04 ."...e...[.K.)P. 0030 00 00 0c a1 00 00 00 00 00 00 00 00 ............ Frame 446 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.111288000 Time delta from previous packet: 0.634848000 seconds Time relative to first packet: 247731.586084000 seconds Frame Number: 446 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x33e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xaafb (incorrect, should be 0xa156) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347502, Ack: 0, Len: 0 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347502 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x8c74 (incorrect, should be 0x82cf) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 33 e8 40 00 6e 06 aa fb d2 d6 31 e3 ac 10 .03.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 ae 00 00 00 00 70 02 .......Q......p. 0030 20 00 8c 74 00 00 02 04 02 18 01 01 04 02 ..t.......... Frame 447 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.112022000 Time delta from previous packet: 0.000734000 seconds Time relative to first packet: 247731.586818000 seconds Frame Number: 447 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x73c9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1a (incorrect, should be 0x5075) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524121, Ack: 5347503, Len: 0 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524121 Acknowledgement number: 5347503 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xb11c (incorrect, should be 0xa777) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 73 c9 40 00 7f 06 5a 1a ac 10 86 bf d2 d6 .0s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 19 00 51 98 af 70 12 1.....4....Q..p. 0030 40 e8 b1 1c 00 00 02 04 05 b4 01 01 04 02 @............. Frame 448 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.670767000 Time delta from previous packet: 0.558745000 seconds Time relative to first packet: 247732.145563000 seconds Frame Number: 448 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x3ee8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xa003 (incorrect, should be 0x965e) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347503, Ack: 883524122, Len: 0 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347503 Acknowledgement number: 883524122 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 536 Checksum: 0x1cb1 (incorrect, should be 0x130c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 3e e8 40 00 6e 06 a0 03 d2 d6 31 e3 ac 10 .(>.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 af 34 a9 82 1a 50 10 .......Q..4...P. 0030 02 18 1c b1 00 00 00 00 00 00 00 00 ............ Frame 449 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.680070000 Time delta from previous packet: 0.009303000 seconds Time relative to first packet: 247732.154866000 seconds Frame Number: 449 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x3fe8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x9ebb (incorrect, should be 0x9516) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347503, Ack: 883524122, Len: 72 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347503 Next sequence number: 5347575 Acknowledgement number: 883524122 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xca2d (incorrect, should be 0xc088) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 3f e8 40 00 6e 06 9e bb d2 d6 31 e3 ac 10 .p?.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 af 34 a9 82 1a 50 18 .......Q..4...P. 0030 21 80 ca 2d 00 00 81 00 00 44 20 46 44 45 43 45 !..-.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 450 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.681364000 Time delta from previous packet: 0.001294000 seconds Time relative to first packet: 247732.156160000 seconds Frame Number: 450 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x73ca Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1d (incorrect, should be 0x5078) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524122, Ack: 5347575, Len: 4 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524122 Next sequence number: 883524126 Acknowledgement number: 5347575 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x5bd4 (incorrect, should be 0x522f) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 73 ca 40 00 7f 06 5a 1d ac 10 86 bf d2 d6 .,s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 1a 00 51 98 f7 50 18 1.....4....Q..P. 0030 40 a0 5b d4 00 00 82 00 00 00 00 00 @.[......... Frame 451 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 21:57:02.220328000 Time delta from previous packet: 0.538964000 seconds Time relative to first packet: 247732.695124000 seconds Frame Number: 451 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x4ee8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x8fc5 (incorrect, should be 0x8620) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347575, Ack: 883524126, Len: 62 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347575 Next sequence number: 5347637 Acknowledgement number: 883524126 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x6934 (incorrect, should be 0x7f8e) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 4e e8 40 00 6e 06 8f c5 d2 d6 31 e3 ac 10 .fN.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 f7 34 a9 82 1e 50 18 .......Q..4...P. 0030 21 7c 69 34 00 00 00 00 00 3a ff 53 4d 42 75 00 !|i4.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 452 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:02.236457000 Time delta from previous packet: 0.016129000 seconds Time relative to first packet: 247732.711253000 seconds Frame Number: 452 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x73cc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1f (incorrect, should be 0x507a) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524126, Ack: 5347575, Len: 0 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524126 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x1e89 (incorrect, should be 0x14e4) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 73 cc 40 00 7f 06 5a 1f ac 10 86 bf d2 d6 .(s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 1e 00 51 98 f7 50 04 1.....4....Q..P. 0030 00 00 1e 89 00 00 00 00 00 00 00 00 ............ Frame 459 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.624589000 Time delta from previous packet: 0.008705000 seconds Time relative to first packet: 259783.099385000 seconds Frame Number: 459 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x83ce Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x1225 (incorrect, should be 0x0880) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4605 (4605), Dst Port: netbios-ssn (139), Seq: 2060642689, Ack: 0, Len: 0 Source port: 4605 (4605) Destination port: netbios-ssn (139) Sequence number: 2060642689 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x498e (incorrect, should be 0x3fe9) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 83 ce 40 00 6f 06 12 25 42 8b 0a 0f ac 10 .@..@.o..%B..... 0020 86 bf 11 fd 00 8b 7a d2 e9 81 00 00 00 00 b0 02 ......z......... 0030 ff ff 49 8e 00 00 02 04 05 86 01 03 03 00 01 01 ..I............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 460 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.624591000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 259783.099387000 seconds Frame Number: 460 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x8548 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00ab (incorrect, should be 0xf705) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4605 (4605), Seq: 3893171809, Ack: 2060642690, Len: 0 Source port: netbios-ssn (139) Destination port: 4605 (4605) Sequence number: 3893171809 Acknowledgement number: 2060642690 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x0898 (incorrect, should be 0xfef2) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 48 40 00 7f 06 00 ab ac 10 86 bf 42 8b .@.H@.........B. 0020 0a 0f 00 8b 11 fd e8 0d 16 61 7a d2 e9 82 b0 12 .........az..... 0030 42 48 08 98 00 00 02 04 05 b4 01 03 03 00 01 01 BH.............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 464 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.767757000 Time delta from previous packet: 0.005668000 seconds Time relative to first packet: 259783.242553000 seconds Frame Number: 464 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x83ee Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x521d (incorrect, should be 0x4878) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4605 (4605), Dst Port: netbios-ssn (139), Seq: 2060642690, Ack: 2060642690, Len: 0 Source port: 4605 (4605) Destination port: netbios-ssn (139) Sequence number: 2060642690 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x5ee9 (incorrect, should be 0x5544) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 83 ee 00 00 6f 06 52 1d 42 8b 0a 0f ac 10 .(....o.R.B..... 0020 86 bf 11 fd 00 8b 7a d2 e9 82 7a d2 e9 82 50 04 ......z...z...P. 0030 00 00 5e e9 00 00 00 00 00 00 00 00 ..^......... Frame 499 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.491662000 Time delta from previous packet: 0.004409000 seconds Time relative to first packet: 259784.966458000 seconds Frame Number: 499 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x84f7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x10fc (incorrect, should be 0x0757) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4661 (4661), Dst Port: netbios-ssn (139), Seq: 2063962073, Ack: 0, Len: 0 Source port: 4661 (4661) Destination port: netbios-ssn (139) Sequence number: 2063962073 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xa2cb (incorrect, should be 0x9926) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 84 f7 40 00 6f 06 10 fc 42 8b 0a 0f ac 10 .@..@.o...B..... 0020 86 bf 12 35 00 8b 7b 05 8f d9 00 00 00 00 b0 02 ...5..{......... 0030 ff ff a2 cb 00 00 02 04 05 86 01 03 03 00 01 01 ................ 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 500 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.491664000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 259784.966460000 seconds Frame Number: 500 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x855c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x0097 (incorrect, should be 0xf6f1) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4661 (4661), Seq: 3893767196, Ack: 2063962074, Len: 0 Source port: netbios-ssn (139) Destination port: 4661 (4661) Sequence number: 3893767196 Acknowledgement number: 2063962074 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x4c11 (incorrect, should be 0x426c) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 5c 40 00 7f 06 00 97 ac 10 86 bf 42 8b .@.\@.........B. 0020 0a 0f 00 8b 12 35 e8 16 2c 1c 7b 05 8f da b0 12 .....5..,.{..... 0030 42 48 4c 11 00 00 02 04 05 b4 01 03 03 00 01 01 BHL............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 505 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.739573000 Time delta from previous packet: 0.008573000 seconds Time relative to first packet: 259785.214369000 seconds Frame Number: 505 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x851c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x50ef (incorrect, should be 0x474a) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4661 (4661), Dst Port: netbios-ssn (139), Seq: 2063962074, Ack: 2063962074, Len: 0 Source port: 4661 (4661) Destination port: netbios-ssn (139) Sequence number: 2063962074 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x119c (incorrect, should be 0x07f7) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 85 1c 00 00 6f 06 50 ef 42 8b 0a 0f ac 10 .(....o.P.B..... 0020 86 bf 12 35 00 8b 7b 05 8f da 7b 05 8f da 50 04 ...5..{...{...P. 0030 00 00 11 9c 00 00 00 00 00 00 00 00 ............ Frame 563 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.380117000 Time delta from previous packet: 0.015682000 seconds Time relative to first packet: 259788.854913000 seconds Frame Number: 563 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x877c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x0e77 (incorrect, should be 0x04d2) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4799 (4799), Dst Port: netbios-ssn (139), Seq: 2071817742, Ack: 0, Len: 0 Source port: 4799 (4799) Destination port: netbios-ssn (139) Sequence number: 2071817742 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xc394 (incorrect, should be 0xb9ef) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 87 7c 40 00 6f 06 0e 77 42 8b 0a 0f ac 10 .@.|@.o..wB..... 0020 86 bf 12 bf 00 8b 7b 7d 6e 0e 00 00 00 00 b0 02 ......{}n....... 0030 ff ff c3 94 00 00 02 04 05 86 01 03 03 00 01 01 ................ 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 564 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.380122000 Time delta from previous packet: 0.000005000 seconds Time relative to first packet: 259788.854918000 seconds Frame Number: 564 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x857b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x0078 (incorrect, should be 0xf6d2) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4799 (4799), Seq: 3894842395, Ack: 2071817743, Len: 0 Source port: netbios-ssn (139) Destination port: 4799 (4799) Sequence number: 3894842395 Acknowledgement number: 2071817743 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x04cb (incorrect, should be 0xfb25) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 7b 40 00 7f 06 00 78 ac 10 86 bf 42 8b .@.{@....x....B. 0020 0a 0f 00 8b 12 bf e8 26 94 1b 7b 7d 6e 0f b0 12 .......&..{}n... 0030 42 48 04 cb 00 00 02 04 05 b4 01 03 03 00 01 01 BH.............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 569 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.483289000 Time delta from previous packet: 0.008162000 seconds Time relative to first packet: 259788.958085000 seconds Frame Number: 569 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x8790 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x4e7b (incorrect, should be 0x44d6) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4799 (4799), Dst Port: netbios-ssn (139), Seq: 2071817743, Ack: 2071817743, Len: 0 Source port: 4799 (4799) Destination port: netbios-ssn (139) Sequence number: 2071817743 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x53b8 (incorrect, should be 0x4a13) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 87 90 00 00 6f 06 4e 7b 42 8b 0a 0f ac 10 .(....o.N{B..... 0020 86 bf 12 bf 00 8b 7b 7d 6e 0f 7b 7d 6e 0f 50 04 ......{}n.{}n.P. 0030 00 00 53 b8 00 00 00 00 00 00 00 00 ..S......... Frame 777 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:22:14.562268000 Time delta from previous packet: 0.457029000 seconds Time relative to first packet: 267245.037064000 seconds Frame Number: 777 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc2d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x60ba (incorrect, should be 0x5715) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611266, Ack: 0, Len: 0 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611266 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x4d45 (incorrect, should be 0x43a0) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c2 d9 40 00 6f 06 60 ba c3 43 fb c5 ac 10 .0..@.o.`..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 02 00 00 00 00 70 02 ........&.....p. 0030 20 00 4d 45 00 00 02 04 02 18 01 01 04 02 .ME.......... Frame 778 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:22:14.567460000 Time delta from previous packet: 0.005192000 seconds Time relative to first packet: 267245.042256000 seconds Frame Number: 778 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x90b3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e0 (incorrect, should be 0x793b) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114474, Ack: 65611267, Len: 0 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114474 Acknowledgement number: 65611267 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x3441 (incorrect, should be 0x2a9c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 90 b3 40 00 7f 06 82 e0 ac 10 86 bf c3 43 .0..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2a 03 e9 26 03 70 12 ......WD.*..&.p. 0030 40 e8 34 41 00 00 02 04 05 b4 01 01 04 02 @.4A.......... Frame 779 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.122320000 Time delta from previous packet: 0.554860000 seconds Time relative to first packet: 267245.597116000 seconds Frame Number: 779 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd8d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x4ac2 (incorrect, should be 0x411d) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611267, Ack: 1464114475, Len: 0 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611267 Acknowledgement number: 1464114475 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x806d (incorrect, should be 0x76c8) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 d8 d9 40 00 6f 06 4a c2 c3 43 fb c5 ac 10 .(..@.o.J..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 03 57 44 9d 2b 50 10 ........&.WD.+P. 0030 21 80 80 6d 00 00 00 00 00 00 00 00 !..m........ Frame 780 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.145328000 Time delta from previous packet: 0.023008000 seconds Time relative to first packet: 267245.620124000 seconds Frame Number: 780 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xd9d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x497a (incorrect, should be 0x3fd5) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611267, Ack: 1464114475, Len: 72 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611267 Next sequence number: 65611339 Acknowledgement number: 1464114475 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x4e58 (incorrect, should be 0x44b3) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 d9 d9 40 00 6f 06 49 7a c3 43 fb c5 ac 10 .p..@.o.Iz.C.... 0020 86 bf 06 cc 00 8b 03 e9 26 03 57 44 9d 2b 50 18 ........&.WD.+P. 0030 21 80 4e 58 00 00 81 00 00 44 20 46 44 45 43 45 !.NX.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 781 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.147720000 Time delta from previous packet: 0.002392000 seconds Time relative to first packet: 267245.622516000 seconds Frame Number: 781 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x90b4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e3 (incorrect, should be 0x793e) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114475, Ack: 65611339, Len: 4 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114475 Next sequence number: 1464114479 Acknowledgement number: 65611339 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xdef8 (incorrect, should be 0xd553) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 90 b4 40 00 7f 06 82 e3 ac 10 86 bf c3 43 .,..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2b 03 e9 26 4b 50 18 ......WD.+..&KP. 0030 40 a0 de f8 00 00 82 00 00 00 00 00 @........... Frame 782 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.620880000 Time delta from previous packet: 0.473160000 seconds Time relative to first packet: 267246.095676000 seconds Frame Number: 782 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xf1d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x3184 (incorrect, should be 0x27df) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611339, Ack: 1464114479, Len: 62 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611339 Next sequence number: 65611401 Acknowledgement number: 1464114479 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0xec58 (incorrect, should be 0x02b3) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 f1 d9 40 00 6f 06 31 84 c3 43 fb c5 ac 10 .f..@.o.1..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 4b 57 44 9d 2f 50 18 ........&KWD./P. 0030 21 7c ec 58 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.X.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 783 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.625923000 Time delta from previous packet: 0.005043000 seconds Time relative to first packet: 267246.100719000 seconds Frame Number: 783 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x90b5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e6 (incorrect, should be 0x7941) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114479, Ack: 65611339, Len: 0 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114479 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa1ad (incorrect, should be 0x9808) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 90 b5 40 00 7f 06 82 e6 ac 10 86 bf c3 43 .(..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2f 03 e9 26 4b 50 04 ......WD./..&KP. 0030 00 00 a1 ad 00 00 00 00 00 00 00 00 ............ Frame 786 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:25:19.822725000 Time delta from previous packet: 0.232052000 seconds Time relative to first packet: 267430.297521000 seconds Frame Number: 786 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc1e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x8684 (incorrect, should be 0x7cdf) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016213, Ack: 0, Len: 0 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016213 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x5a51 (incorrect, should be 0x50ac) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c1 e7 40 00 66 06 86 84 d9 de c9 52 ac 10 .0..@.f......R.. 0020 86 bf d7 9d 00 8b 00 f4 63 55 00 00 00 00 70 02 ........cU....p. 0030 20 00 5a 51 00 00 02 04 05 b4 01 01 04 02 .ZQ.......... Frame 787 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:25:19.823468000 Time delta from previous packet: 0.000743000 seconds Time relative to first packet: 267430.298264000 seconds Frame Number: 787 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.222.201.82 (217.222.201.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x90f9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9e72 (incorrect, should be 0x94cd) Source: 172.16.134.191 (172.16.134.191) Destination: 217.222.201.82 (217.222.201.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 55197 (55197), Seq: 1510300882, Ack: 16016214, Len: 0 Source port: netbios-ssn (139) Destination port: 55197 (55197) Sequence number: 1510300882 Acknowledgement number: 16016214 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7ef8 (incorrect, should be 0x7553) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 90 f9 40 00 7f 06 9e 72 ac 10 86 bf d9 de .0..@....r...... 0020 c9 52 00 8b d7 9d 5a 05 5c d2 00 f4 63 56 70 12 .R....Z.\...cVp. 0030 44 70 7e f8 00 00 02 04 05 b4 01 01 04 02 Dp~........... Frame 788 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.052505000 Time delta from previous packet: 0.229037000 seconds Time relative to first packet: 267430.527301000 seconds Frame Number: 788 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcae7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x7d8c (incorrect, should be 0x73e7) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016214, Ack: 1510300883, Len: 0 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016214 Acknowledgement number: 1510300883 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xcdf4 (incorrect, should be 0xc44f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ca e7 40 00 66 06 7d 8c d9 de c9 52 ac 10 .(..@.f.}....R.. 0020 86 bf d7 9d 00 8b 00 f4 63 56 5a 05 5c d3 50 10 ........cVZ.\.P. 0030 22 38 cd f4 00 00 00 00 00 00 00 00 "8.......... Frame 789 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.062618000 Time delta from previous packet: 0.010113000 seconds Time relative to first packet: 267430.537414000 seconds Frame Number: 789 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcbe7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x7c44 (incorrect, should be 0x729f) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016214, Ack: 1510300883, Len: 72 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016214 Next sequence number: 16016286 Acknowledgement number: 1510300883 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x7dd9 (incorrect, should be 0x7434) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cb e7 40 00 66 06 7c 44 d9 de c9 52 ac 10 .p..@.f.|D...R.. 0020 86 bf d7 9d 00 8b 00 f4 63 56 5a 05 5c d3 50 18 ........cVZ.\.P. 0030 22 38 7d d9 00 00 81 00 00 44 20 46 44 45 43 45 "8}......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 790 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.064897000 Time delta from previous packet: 0.002279000 seconds Time relative to first packet: 267430.539693000 seconds Frame Number: 790 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.222.201.82 (217.222.201.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x90fb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9e74 (incorrect, should be 0x94cf) Source: 172.16.134.191 (172.16.134.191) Destination: 217.222.201.82 (217.222.201.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 55197 (55197), Seq: 1510300883, Ack: 16016286, Len: 4 Source p