rendered paste body 09:57:14.638040 IP (tos 0x0, ttl 128, id 2858, offset 0, flags [none], proto UDP (17), length 277)
192.168.1.110.138 > 192.168.3.255.138: [bad udp cksum 0x5ea4 -> 0xd082!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5A7 IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 33 31 30 00 00 00 00 00 00 T\GETDC3 10\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
09:57:14.638270 IP (tos 0x0, ttl 128, id 2859, offset 0, flags [none], proto UDP (17), length 277, bad cksum 0 (->d4e0)!)
192.168.1.110.138 > 192.168.0.58.138: [bad udp cksum 0x5adf -> 0xd447!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5A7 IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 33 31 30 00 00 00 00 00 00 T\GETDC3 10\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
09:57:14.638676 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E22 IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC310
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
09:57:14.639065 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E23 IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC310
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
09:57:20.090066 IP (tos 0x0, ttl 128, id 3001, offset 0, flags [none], proto UDP (17), length 229)
192.168.1.110.138 > 192.168.3.255.138: [bad udp cksum 0x5e74 -> 0x1d0c!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5A8 IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=187 (0xbb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x20 (Server)
DestName=M-Y-D-O-M-A-I-N NameType=0x1D (Master Browser)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=33 (0x21)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=33 (0x21)
DataOff=86 (0x56)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 00 00 02 00 \0x01\0x00\0x00\0x00\0x02\0x00
smb_bcc=50
Name=\MAILSLOT\BROWSE
BROWSE PACKET
BROWSE PACKET:
Type=0x1 (HostAnnouncement)
UpdateCount=0x8000
Res1=0xFC
AnnounceInterval=10 (0xa)
Name=WORKSTATION--7 NameType=0x00 (Workstation)
MajorVersion=0x6
MinorVersion=0x1
ServerType=0x31007
ElectionVersion=0x10F
BrowserConstant=0xAA55
Data: (1 bytes)
[000] 00 \0x00
09:58:39.152051 IP (tos 0x0, ttl 128, id 5143, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->8cec)!)
192.168.1.110.64953 > 192.168.0.58.445: Flags [R.], cksum 0x59e7 (incorrect -> 0x2e43), seq 2907273166, ack 2453565683, win 0, length 0
09:58:39.153752 IP (tos 0x0, ttl 128, id 5144, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8cdf)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [S], cksum 0x59f3 (incorrect -> 0xb019), seq 1467411489, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
09:58:39.153952 IP (tos 0x8, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.58.445 > 192.168.1.110.65498: Flags [S.], cksum 0x8d80 (correct), seq 1871616497, ack 1467411490, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
09:58:39.154021 IP (tos 0x0, ttl 128, id 5145, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->8cea)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xc72c), seq 1, ack 1, win 16425, length 0
09:58:39.154121 IP (tos 0x0, ttl 128, id 5146, offset 0, flags [DF], proto TCP (6), length 177, bad cksum 0 (->8c60)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a70 (incorrect -> 0x0e65), seq 1:138, ack 1, win 16425, length 137
SMB PACKET: SMBnegprot (REQUEST)
SMB Command = 0x72
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x43
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 0 (0x0)
smb_bcc=98
Dialect=PC NETWORK PROGRAM 1.0
Dialect=LANMAN1.0
Dialect=Windows for Workgroups 3.1a
Dialect=LM1.2X002
Dialect=LANMAN2.1
Dialect=NT LM 0.12
09:58:39.154235 IP (tos 0x8, ttl 64, id 42674, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.445 > 192.168.1.110.65498: Flags [.], cksum 0xf77e (correct), seq 1, ack 138, win 3918, length 0
09:58:39.159607 IP (tos 0x8, ttl 64, id 42675, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x3bca (correct), seq 1:132, ack 138, win 3918, length 131
SMB PACKET: SMBnegprot (REPLY)
SMB Command = 0x72
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x43
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
NT1 Protocol
DialectIndex=5 (0x5)
SecMode=0x3
MaxMux=50 (0x32)
NumVcs=1 (0x1)
MaxBuffer=16644 (0x4104)
RawSize=65536 (0x10000)
SessionKey=0xC81
Capabilities=0x8080F3FD
ServerTime=Thu Aug 28 09:58:40 2014
TimeZone=65416 (0xff88)
CryptKey=Data: (1 bytes)
[000] 00 \0x00
smb_bcc=58
[000] 70 64 63 00 00 00 00 00 00 00 00 00 00 00 00 00 pdc\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(\0x06\0x06+\0x06\0x01\0x05 \0x05\0x02\0xa0\0x1e0\0x1c\0xa0\0x0e
[020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0\0x0c\0x06\0x0a+\0x06\0x01\0x04 \0x01\0x827\0x02\0x02\0x0a\0xa3\0x0a
[030] 30 08 A0 06 1B 04 4E 4F 4E 45 0\0x08\0xa0\0x06\0x1b\0x04NO NE
09:58:39.160713 IP (tos 0x0, ttl 128, id 5147, offset 0, flags [none], proto UDP (17), length 277)
192.168.1.110.138 > 192.168.3.255.138: [bad udp cksum 0x5ea4 -> 0xd076!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5A9 IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 36 31 37 00 00 00 00 00 00 T\GETDC6 17\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
09:58:39.160864 IP (tos 0x0, ttl 128, id 5148, offset 0, flags [none], proto UDP (17), length 277, bad cksum 0 (->cbef)!)
192.168.1.110.138 > 192.168.0.58.138: [bad udp cksum 0x5adf -> 0xd43b!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5A9 IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 36 31 37 00 00 00 00 00 00 T\GETDC6 17\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
09:58:39.161269 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E3F IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC617
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
09:58:39.161349 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E40 IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC617
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
09:58:39.359821 IP (tos 0x8, ttl 64, id 42676, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x3bca (correct), seq 1:132, ack 138, win 3918, length 131
SMB PACKET: SMBnegprot (REPLY)
SMB Command = 0x72
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x43
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
NT1 Protocol
DialectIndex=5 (0x5)
SecMode=0x3
MaxMux=50 (0x32)
NumVcs=1 (0x1)
MaxBuffer=16644 (0x4104)
RawSize=65536 (0x10000)
SessionKey=0xC81
Capabilities=0x8080F3FD
ServerTime=Thu Aug 28 09:58:40 2014
TimeZone=65416 (0xff88)
CryptKey=Data: (1 bytes)
[000] 00 \0x00
smb_bcc=58
[000] 70 64 63 00 00 00 00 00 00 00 00 00 00 00 00 00 pdc\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(\0x06\0x06+\0x06\0x01\0x05 \0x05\0x02\0xa0\0x1e0\0x1c\0xa0\0x0e
[020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0\0x0c\0x06\0x0a+\0x06\0x01\0x04 \0x01\0x827\0x02\0x02\0x0a\0xa3\0x0a
[030] 30 08 A0 06 1B 04 4E 4F 4E 45 0\0x08\0xa0\0x06\0x1b\0x04NO NE
09:58:39.359849 IP (tos 0x0, ttl 128, id 5150, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8cd9)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [.], cksum 0x59f3 (incorrect -> 0x7ca5), seq 138, ack 132, win 16392, options [nop,nop,sack 1 {1:132}], length 0
09:58:39.782127 IP (tos 0x0, ttl 128, id 5164, offset 0, flags [DF], proto TCP (6), length 182, bad cksum 0 (->8c49)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a75 (incorrect -> 0x1fff), seq 138:280, ack 132, win 16392, length 142
SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 10368 (0x2880)
Word Count = 12 (0xc)
Com2=0xFF
Res1=0x0
Off2=0 (0x0)
MaxBuffer=16644 (0x4104)
MaxMpx=50 (0x32)
VcNumber=0 (0x0)
SessionKey=0x0
CaseInsensitivePasswordLength=74 (0x4a)
CaseSensitivePasswordLength=0 (0x0)
Res=0xD40000
Capabilities=0x4FA000
Pass1&Pass2&Account&Domain&OS&LanMan=
smb_bcc=79
[000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H\0x06\0x06+\0x06\0x01\0x05 \0x05\0x02\0xa0>0<\0xa0\0x0e
[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0\0x0c\0x06\0x0a+\0x06\0x01\0x04 \0x01\0x827\0x02\0x02\0x0a\0xa2*
[020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 \0x04(NTLMSS P\0x00\0x01\0x00\0x00\0x00\0x97\0x82
[030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x08\0xe2\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 06 01 B1 1D 00 00 00 0F 00 00 00 00 00 \0x00\0x00\0x06\0x01\0xb1\0x1d\0x00\0x00 \0x00\0x0f\0x00\0x00\0x00\0x00\0x00
09:58:39.784101 IP (tos 0x8, ttl 64, id 42677, offset 0, flags [DF], proto TCP (6), length 396)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xe38b (correct), seq 132:488, ack 280, win 4186, length 356
SMB PACKET: SMBsesssetupX (REPLY)
SMB Command = 0x73
Error class = 0x16
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10368 (0x2880)
Word Count = 4 (0x4)
NTError = STATUS_MORE_PROCESSING_REQUIRED
[000] FF 00 00 00 00 00 F3 00 \0xff\0x00\0x00\0x00\0x00\0x00\0xf3\0x00
smb_bcc=309
[000] A1 81 F0 30 81 ED A0 03 0A 01 01 A1 0C 06 0A 2B \0xa1\0x81\0xf00\0x81\0xed\0xa0\0x03 \0x0a\0x01\0x01\0xa1\0x0c\0x06\0x0a+
[010] 06 01 04 01 82 37 02 02 0A A2 81 D7 04 81 D4 4E \0x06\0x01\0x04\0x01\0x827\0x02\0x02 \0x0a\0xa2\0x81\0xd7\0x04\0x81\0xd4N
[020] 54 4C 4D 53 53 50 00 02 00 00 00 1E 00 1E 00 38 TLMSSP\0x00\0x02 \0x00\0x00\0x00\0x1e\0x00\0x1e\0x008
[030] 00 00 00 95 82 89 E2 9B FF F1 FE 61 E0 46 8A 00 \0x00\0x00\0x00\0x95\0x82\0x89\0xe2\0x9b \0xff\0xf1\0xfea\0xe0F\0x8a\0x00
[040] 00 00 00 00 00 00 00 7E 00 7E 00 56 00 00 00 06 \0x00\0x00\0x00\0x00\0x00\0x00\0x00~ \0x00~\0x00V\0x00\0x00\0x00\0x06
[050] 01 00 00 00 00 00 0F 43 00 41 00 45 00 2D 00 45 \0x01\0x00\0x00\0x00\0x00\0x00\0x0fC \0x00A\0x00E\0x00-\0x00E
[060] 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 49 \0x00N\0x00G\0x00I\0x00N \0x00E\0x00E\0x00R\0x00I
[070] 00 4E 00 47 00 02 00 1E 00 43 00 41 00 45 00 2D \0x00N\0x00G\0x00\0x02\0x00\0x1e \0x00C\0x00A\0x00E\0x00-
[080] 00 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 \0x00E\0x00N\0x00G\0x00I \0x00N\0x00E\0x00E\0x00R
[090] 00 49 00 4E 00 47 00 01 00 06 00 50 00 44 00 43 \0x00I\0x00N\0x00G\0x00\0x01 \0x00\0x06\0x00P\0x00D\0x00C
[0A0] 00 04 00 1E 00 66 00 69 00 6C 00 65 00 73 00 2E \0x00\0x04\0x00\0x1e\0x00f\0x00i \0x00l\0x00e\0x00s\0x00.
[0B0] 00 76 00 70 00 6E 00 2E 00 61 00 76 00 2E 00 68 \0x00v\0x00p\0x00n\0x00. \0x00a\0x00v\0x00.\0x00h
[0C0] 00 75 00 03 00 28 00 72 00 67 00 79 00 75 00 2E \0x00u\0x00\0x03\0x00(\0x00r \0x00g\0x00y\0x00u\0x00.
[0D0] 00 66 00 69 00 6C 00 65 00 73 00 2E 00 76 00 70 \0x00f\0x00i\0x00l\0x00e \0x00s\0x00.\0x00v\0x00p
[0E0] 00 6E 00 2E 00 61 00 76 00 2E 00 68 00 75 00 00 \0x00n\0x00.\0x00a\0x00v \0x00.\0x00h\0x00u\0x00\0x00
[0F0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 \0x00\0x00\0x00U\0x00n\0x00i \0x00x\0x00\0x00\0x00S\0x00a
[100] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E \0x00m\0x00b\0x00a\0x00 \0x003\0x00.\0x006\0x00.
[110] 00 36 00 00 00 43 00 41 00 45 00 2D 00 45 00 4E \0x006\0x00\0x00\0x00C\0x00A \0x00E\0x00-\0x00E\0x00N
[120] 00 47 00 49 00 4E 00 45 00 45 00 52 00 49 00 4E \0x00G\0x00I\0x00N\0x00E \0x00E\0x00R\0x00I\0x00N
[130] 00 47 00 00 00 \0x00G\0x00\0x00\0x00
09:58:39.784567 IP (tos 0x0, ttl 128, id 5165, offset 0, flags [DF], proto TCP (6), length 640, bad cksum 0 (->8a7e)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5c3f (incorrect -> 0xce29), seq 280:880, ack 488, win 16303, length 600
SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10432 (0x28c0)
Word Count = 12 (0xc)
Com2=0xFF
Res1=0x0
Off2=0 (0x0)
MaxBuffer=16644 (0x4104)
MaxMpx=50 (0x32)
VcNumber=0 (0x0)
SessionKey=0x0
CaseInsensitivePasswordLength=532 (0x214)
CaseSensitivePasswordLength=0 (0x0)
Res=0xD40000
Capabilities=0x219A000
Pass1&Pass2&Account&Domain&OS&LanMan=
smb_bcc=537
[000] A1 82 02 10 30 82 02 0C A2 82 02 08 04 82 02 04 \0xa1\0x82\0x02\0x100\0x82\0x02\0x0c \0xa2\0x82\0x02\0x08\0x04\0x82\0x02\0x04
[010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP\0x00 \0x03\0x00\0x00\0x00\0x18\0x00\0x18\0x00
[020] A0 00 00 00 3C 01 3C 01 B8 00 00 00 1E 00 1E 00 \0xa0\0x00\0x00\0x00<\0x01<\0x01 \0xb8\0x00\0x00\0x00\0x1e\0x00\0x1e\0x00
[030] 58 00 00 00 0E 00 0E 00 76 00 00 00 1C 00 1C 00 X\0x00\0x00\0x00\0x0e\0x00\0x0e\0x00 v\0x00\0x00\0x00\0x1c\0x00\0x1c\0x00
[040] 84 00 00 00 10 00 10 00 F4 01 00 00 15 82 88 E2 \0x84\0x00\0x00\0x00\0x10\0x00\0x10\0x00 \0xf4\0x01\0x00\0x00\0x15\0x82\0x88\0xe2
[050] 06 01 B1 1D 00 00 00 0F 7C 31 CF DA 02 A8 C1 09 \0x06\0x01\0xb1\0x1d\0x00\0x00\0x00\0x0f |1\0xcf\0xda\0x02\0xa8\0xc1\0x09
[060] 9C 76 9A 70 60 AF 9F 4D 43 00 41 00 45 00 2D 00 \0x9cv\0x9ap`\0xaf\0x9fM C\0x00A\0x00E\0x00-\0x00
[070] 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 E\0x00N\0x00G\0x00I\0x00 N\0x00E\0x00E\0x00R\0x00
[080] 49 00 4E 00 47 00 73 00 7A 00 7A 00 65 00 6D 00 I\0x00N\0x00G\0x00s\0x00 z\0x00z\0x00e\0x00m\0x00
[090] 6B 00 6F 00 49 00 47 00 2D 00 44 00 45 00 56 00 k\0x00o\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[0A0] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[0C0] 00 00 00 00 00 00 00 00 54 4B 5C 36 DD 5A 98 21 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 TK\6\0xddZ\0x98!
[0D0] 81 CB CA 63 66 FF 89 A8 01 01 00 00 00 00 00 00 \0x81\0xcb\0xcacf\0xff\0x89\0xa8 \0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00
[0E0] D9 B8 FE E0 95 C2 CF 01 5D A1 AF 4E 3D 0C E5 53 \0xd9\0xb8\0xfe\0xe0\0x95\0xc2\0xcf\0x01 ]\0xa1\0xafN=\0x0c\0xe5S
[0F0] 00 00 00 00 02 00 1E 00 43 00 41 00 45 00 2D 00 \0x00\0x00\0x00\0x00\0x02\0x00\0x1e\0x00 C\0x00A\0x00E\0x00-\0x00
[100] 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 E\0x00N\0x00G\0x00I\0x00 N\0x00E\0x00E\0x00R\0x00
[110] 49 00 4E 00 47 00 01 00 06 00 50 00 44 00 43 00 I\0x00N\0x00G\0x00\0x01\0x00 \0x06\0x00P\0x00D\0x00C\0x00
[120] 04 00 1E 00 66 00 69 00 6C 00 65 00 73 00 2E 00 \0x04\0x00\0x1e\0x00f\0x00i\0x00 l\0x00e\0x00s\0x00.\0x00
[130] 76 00 70 00 6E 00 2E 00 61 00 76 00 2E 00 68 00 v\0x00p\0x00n\0x00.\0x00 a\0x00v\0x00.\0x00h\0x00
[140] 75 00 03 00 28 00 72 00 67 00 79 00 75 00 2E 00 u\0x00\0x03\0x00(\0x00r\0x00 g\0x00y\0x00u\0x00.\0x00
[150] 66 00 69 00 6C 00 65 00 73 00 2E 00 76 00 70 00 f\0x00i\0x00l\0x00e\0x00 s\0x00.\0x00v\0x00p\0x00
[160] 6E 00 2E 00 61 00 76 00 2E 00 68 00 75 00 08 00 n\0x00.\0x00a\0x00v\0x00 .\0x00h\0x00u\0x00\0x08\0x00
[170] 30 00 30 00 00 00 00 00 00 00 00 00 00 00 00 30 0\0x000\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x000
[180] 00 00 9D 0B 7D 7F 17 45 A6 EC CA D1 ED E3 40 4E \0x00\0x00\0x9d\0x0b}\0x7f\0x17E \0xa6\0xec\0xca\0xd1\0xed\0xe3@N
[190] 7A 07 64 7B 0A 30 E4 83 D2 88 82 61 45 B7 3D 1F z\0x07d{\0x0a0\0xe4\0x83 \0xd2\0x88\0x82aE\0xb7=\0x1f
[1A0] BF DD 0A 00 10 00 00 00 00 00 00 00 00 00 00 00 \0xbf\0xdd\0x0a\0x00\0x10\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[1B0] 00 00 00 00 00 00 09 00 42 00 63 00 69 00 66 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x09\0x00 B\0x00c\0x00i\0x00f\0x00
[1C0] 73 00 2F 00 52 00 47 00 59 00 55 00 46 00 49 00 s\0x00/\0x00R\0x00G\0x00 Y\0x00U\0x00F\0x00I\0x00
[1D0] 4C 00 45 00 53 00 2E 00 63 00 61 00 65 00 2D 00 L\0x00E\0x00S\0x00.\0x00 c\0x00a\0x00e\0x00-\0x00
[1E0] 65 00 6E 00 67 00 69 00 6E 00 65 00 65 00 72 00 e\0x00n\0x00g\0x00i\0x00 n\0x00e\0x00e\0x00r\0x00
[1F0] 69 00 6E 00 67 00 2E 00 68 00 75 00 00 00 00 00 i\0x00n\0x00g\0x00.\0x00 h\0x00u\0x00\0x00\0x00\0x00\0x00
[200] 00 00 00 00 E6 98 EF CC 99 F0 B4 7E D4 F1 4C 8C \0x00\0x00\0x00\0x00\0xe6\0x98\0xef\0xcc \0x99\0xf0\0xb4~\0xd4\0xf1L\0x8c
[210] 9F 94 98 52 00 00 00 00 00 \0x9f\0x94\0x98R\0x00\0x00\0x00\0x00 \0x00
09:58:39.823029 IP (tos 0x8, ttl 64, id 42678, offset 0, flags [DF], proto TCP (6), length 162)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x2c9c (correct), seq 488:610, ack 880, win 4486, length 122
SMB PACKET: SMBsesssetupX (REPLY)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10432 (0x28c0)
Word Count = 4 (0x4)
[000] FF 00 00 00 00 00 09 00 \0xff\0x00\0x00\0x00\0x00\0x00\0x09\0x00
smb_bcc=75
[000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 \0xa1\0x070\0x05\0xa0\0x03\0x0a\0x01 \0x00U\0x00n\0x00i\0x00x
[010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 \0x00\0x00\0x00S\0x00a\0x00m \0x00b\0x00a\0x00 \0x003
[020] 00 2E 00 36 00 2E 00 36 00 00 00 43 00 41 00 45 \0x00.\0x006\0x00.\0x006 \0x00\0x00\0x00C\0x00A\0x00E
[030] 00 2D 00 45 00 4E 00 47 00 49 00 4E 00 45 00 45 \0x00-\0x00E\0x00N\0x00G \0x00I\0x00N\0x00E\0x00E
[040] 00 52 00 49 00 4E 00 47 00 00 00 \0x00R\0x00I\0x00N\0x00G \0x00\0x00\0x00
09:58:39.823433 IP (tos 0x0, ttl 128, id 5166, offset 0, flags [DF], proto TCP (6), length 128, bad cksum 0 (->8c7d)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a3f (incorrect -> 0x029a), seq 880:968, ack 610, win 16272, length 88
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10496 (0x2900)
Word Count = 4 (0x4)
Com2=0xFF
Off2=84 (0x54)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=41
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 50 00 43 00 24 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00P\0x00C\0x00$
[020] 00 00 00 3F 3F 3F 3F 3F 00 \0x00\0x00\0x00????? \0x00
09:58:39.828974 IP (tos 0x8, ttl 64, id 42679, offset 0, flags [DF], proto TCP (6), length 100)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x678b (correct), seq 610:670, ack 968, win 4486, length 60
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10496 (0x2900)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 01 00 FF 01 00 00 FF 01 00 00 \0x01\0x00\0xff\0x01\0x00\0x00\0xff\0x01 \0x00\0x00
smb_bcc=7
ServiceType=IPC
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
09:58:39.829200 IP (tos 0x0, ttl 128, id 5167, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->8c6c)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0x643e), seq 968:1072, ack 670, win 16257, length 104
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10560 (0x2940)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=32 data_length=0
TotParam=32 (0x20)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=32 (0x20)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=35
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x67, 0x6F)
Path=mData=
09:58:39.829597 IP (tos 0x8, ttl 64, id 42680, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xac7a (correct), seq 670:709, ack 1072, win 4486, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10560 (0x2940)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
09:58:39.829873 IP (tos 0x0, ttl 128, id 5168, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->8c7d)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0x9e96), seq 1072:1158, ack 709, win 16248, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10624 (0x2980)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 47 00 4F 00 4D 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00G\0x00O\0x00M\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
09:58:39.836972 IP (tos 0x8, ttl 64, id 42681, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xb27d (correct), seq 709:775, ack 1158, win 4486, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10624 (0x2980)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
09:58:39.837633 IP (tos 0x0, ttl 128, id 5169, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c78)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xa927), seq 1158:1248, ack 775, win 16231, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10688 (0x29c0)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.838470 IP (tos 0x8, ttl 64, id 42682, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xa654 (correct), seq 775:914, ack 1248, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10688 (0x29c0)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15794 (0x3db2)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.838614 IP (tos 0x0, ttl 128, id 5170, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c85)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xcabc), seq 1248:1324, ack 914, win 16196, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10752 (0x2a00)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B2 3D EE 03 \0xb2=\0xee\0x03
Data=
09:58:39.839019 IP (tos 0x8, ttl 64, id 42683, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x9cd8 (correct), seq 914:986, ack 1324, win 4486, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10752 (0x2a00)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
09:58:39.839360 IP (tos 0x0, ttl 128, id 5171, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c84)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x8b2a), seq 1324:1400, ack 986, win 16178, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10816 (0x2a40)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B2 3D ED 03 \0xb2=\0xed\0x03
Data=
09:58:39.839648 IP (tos 0x8, ttl 64, id 42684, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x5ef3 (correct), seq 986:1074, ack 1400, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10816 (0x2a40)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.839929 IP (tos 0x0, ttl 128, id 5172, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8ca2)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x3ee1), seq 1400:1445, ack 1074, win 16156, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10880 (0x2a80)
Word Count = 3 (0x3)
Handle=15794 (0x3db2)
Time=NULL
smb_bcc=0
09:58:39.840233 IP (tos 0x8, ttl 64, id 42685, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xb098 (correct), seq 1074:1113, ack 1445, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 10880 (0x2a80)
Word Count = 0 (0x0)
smb_bcc=0
09:58:39.840928 IP (tos 0x0, ttl 128, id 5173, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c74)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x270a), seq 1445:1535, ack 1113, win 16147, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10944 (0x2ac0)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.841433 IP (tos 0x8, ttl 64, id 42686, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xa1e2 (correct), seq 1113:1252, ack 1535, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 10944 (0x2ac0)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15796 (0x3db4)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.841694 IP (tos 0x0, ttl 128, id 5174, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c81)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xc78e), seq 1535:1611, ack 1252, win 16112, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11008 (0x2b00)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B4 3D ED 03 \0xb4=\0xed\0x03
Data=
09:58:39.842001 IP (tos 0x8, ttl 64, id 42687, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x9d15 (correct), seq 1252:1340, ack 1611, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11008 (0x2b00)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.842252 IP (tos 0x0, ttl 128, id 5175, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8c9f)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x7d43), seq 1611:1656, ack 1340, win 16090, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11072 (0x2b40)
Word Count = 3 (0x3)
Handle=15796 (0x3db4)
Time=NULL
smb_bcc=0
09:58:39.842559 IP (tos 0x8, ttl 64, id 42688, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xeeba (correct), seq 1340:1379, ack 1656, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11072 (0x2b40)
Word Count = 0 (0x0)
smb_bcc=0
09:58:39.851860 IP (tos 0x0, ttl 128, id 5176, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->8c59)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0xde43), seq 1656:1770, ack 1379, win 16080, length 114
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11136 (0x2b80)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=42 data_length=0
TotParam=42 (0x2a)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=42 (0x2a)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=45
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x74, 0x65)
Path=xturesData=
09:58:39.852220 IP (tos 0x8, ttl 64, id 42689, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x66f9 (correct), seq 1379:1418, ack 1770, win 4486, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11136 (0x2b80)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
09:58:39.852471 IP (tos 0x0, ttl 128, id 5177, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->8c6a)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0xb89d), seq 1770:1866, ack 1418, win 16070, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11200 (0x2bc0)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 54 00 45 00 58 00 54 \0x00L\0x00E\0x00S\0x00\ \0x00T\0x00E\0x00X\0x00T
[020] 00 55 00 52 00 45 00 53 00 00 00 3F 3F 3F 3F 3F \0x00U\0x00R\0x00E\0x00S \0x00\0x00\0x00?????
[030] 00 \0x00
09:58:39.859687 IP (tos 0x8, ttl 64, id 42690, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x6bf2 (correct), seq 1418:1484, ack 1866, win 4486, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11200 (0x2bc0)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
09:58:39.860641 IP (tos 0x0, ttl 128, id 5178, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c6f)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x61da), seq 1866:1956, ack 1484, win 16425, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11264 (0x2c00)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.861213 IP (tos 0x8, ttl 64, id 42691, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x742e (correct), seq 1484:1623, ack 1956, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11264 (0x2c00)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15798 (0x3db6)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.861337 IP (tos 0x0, ttl 128, id 5179, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c7c)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x7f6f), seq 1956:2032, ack 1623, win 16390, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11328 (0x2c40)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B6 3D EE 03 \0xb6=\0xee\0x03
Data=
09:58:39.861638 IP (tos 0x8, ttl 64, id 42692, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x564d (correct), seq 1623:1695, ack 2032, win 4486, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11328 (0x2c40)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
09:58:39.861974 IP (tos 0x0, ttl 128, id 5180, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c7b)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x3fdd), seq 2032:2108, ack 1695, win 16372, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11392 (0x2c80)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B6 3D ED 03 \0xb6=\0xed\0x03
Data=
09:58:39.862302 IP (tos 0x8, ttl 64, id 42693, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x1868 (correct), seq 1695:1783, ack 2108, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11392 (0x2c80)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.862586 IP (tos 0x0, ttl 128, id 5181, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8c99)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xf78f), seq 2108:2153, ack 1783, win 16350, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11456 (0x2cc0)
Word Count = 3 (0x3)
Handle=15798 (0x3db6)
Time=NULL
smb_bcc=0
09:58:39.862933 IP (tos 0x8, ttl 64, id 42694, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x6a0d (correct), seq 1783:1822, ack 2153, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11456 (0x2cc0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:39.863604 IP (tos 0x0, ttl 128, id 5182, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c6b)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xdfbd), seq 2153:2243, ack 1822, win 16340, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11520 (0x2d00)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.864101 IP (tos 0x8, ttl 64, id 42695, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x6fbc (correct), seq 1822:1961, ack 2243, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11520 (0x2d00)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15800 (0x3db8)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.864363 IP (tos 0x0, ttl 128, id 5183, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c78)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x7c42), seq 2243:2319, ack 1961, win 16305, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11584 (0x2d40)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] B8 3D ED 03 \0xb8=\0xed\0x03
Data=
09:58:39.864648 IP (tos 0x8, ttl 64, id 42696, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x568a (correct), seq 1961:2049, ack 2319, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11584 (0x2d40)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.864854 IP (tos 0x0, ttl 128, id 5184, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8c96)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x35f3), seq 2319:2364, ack 2049, win 16283, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11648 (0x2d80)
Word Count = 3 (0x3)
Handle=15800 (0x3db8)
Time=NULL
smb_bcc=0
09:58:39.865129 IP (tos 0x8, ttl 64, id 42697, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xa82f (correct), seq 2049:2088, ack 2364, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11648 (0x2d80)
Word Count = 0 (0x0)
smb_bcc=0
09:58:39.866535 IP (tos 0x0, ttl 128, id 5185, offset 0, flags [DF], proto TCP (6), length 166, bad cksum 0 (->8c44)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a65 (incorrect -> 0x42b8), seq 2364:2490, ack 2088, win 16274, length 126
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11712 (0x2dc0)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=54 data_length=0
TotParam=54 (0x36)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=54 (0x36)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=57
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x76, 0x69)
Path=sual-systemsData=
09:58:39.866870 IP (tos 0x8, ttl 64, id 42698, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x2162 (correct), seq 2088:2127, ack 2490, win 4486, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11712 (0x2dc0)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
09:58:39.867126 IP (tos 0x0, ttl 128, id 5186, offset 0, flags [DF], proto TCP (6), length 148, bad cksum 0 (->8c55)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a53 (incorrect -> 0xbd12), seq 2490:2598, ack 2127, win 16264, length 108
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11776 (0x2e00)
Word Count = 4 (0x4)
Com2=0xFF
Off2=104 (0x68)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=61
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 56 00 49 00 53 00 55 \0x00L\0x00E\0x00S\0x00\ \0x00V\0x00I\0x00S\0x00U
[020] 00 41 00 4C 00 2D 00 53 00 59 00 53 00 54 00 45 \0x00A\0x00L\0x00-\0x00S \0x00Y\0x00S\0x00T\0x00E
[030] 00 4D 00 53 00 00 00 3F 3F 3F 3F 3F 00 \0x00M\0x00S\0x00\0x00\0x00? ????\0x00
09:58:39.874043 IP (tos 0x8, ttl 64, id 42699, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x254f (correct), seq 2127:2193, ack 2598, win 4486, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 11776 (0x2e00)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
09:58:39.874667 IP (tos 0x0, ttl 128, id 5187, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c66)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x1be9), seq 2598:2688, ack 2193, win 16247, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11840 (0x2e40)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.875204 IP (tos 0x8, ttl 64, id 42700, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x7813 (correct), seq 2193:2332, ack 2688, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11840 (0x2e40)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15802 (0x3dba)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.875311 IP (tos 0x0, ttl 128, id 5188, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c73)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x357d), seq 2688:2764, ack 2332, win 16213, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11904 (0x2e80)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] BA 3D EE 03 \0xba=\0xee\0x03
Data=
09:58:39.875561 IP (tos 0x8, ttl 64, id 42701, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x0faa (correct), seq 2332:2404, ack 2764, win 4486, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11904 (0x2e80)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
09:58:39.875841 IP (tos 0x0, ttl 128, id 5189, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c72)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xf5ea), seq 2764:2840, ack 2404, win 16195, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11968 (0x2ec0)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] BA 3D ED 03 \0xba=\0xed\0x03
Data=
09:58:39.876074 IP (tos 0x8, ttl 64, id 42702, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xd1c4 (correct), seq 2404:2492, ack 2840, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 11968 (0x2ec0)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.876263 IP (tos 0x0, ttl 128, id 5190, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8c90)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xb199), seq 2840:2885, ack 2492, win 16173, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12032 (0x2f00)
Word Count = 3 (0x3)
Handle=15802 (0x3dba)
Time=NULL
smb_bcc=0
09:58:39.876564 IP (tos 0x8, ttl 64, id 42703, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x236a (correct), seq 2492:2531, ack 2885, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12032 (0x2f00)
Word Count = 0 (0x0)
smb_bcc=0
09:58:39.877195 IP (tos 0x0, ttl 128, id 5191, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8c62)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x99cb), seq 2885:2975, ack 2531, win 16163, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 12096 (0x2f40)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
09:58:39.877668 IP (tos 0x8, ttl 64, id 42704, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x73a1 (correct), seq 2531:2670, ack 2975, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 12096 (0x2f40)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=15804 (0x3dbc)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
09:58:39.877935 IP (tos 0x0, ttl 128, id 5192, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8c6f)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x3250), seq 2975:3051, ack 2670, win 16128, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 12160 (0x2f80)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] BC 3D ED 03 \0xbc=\0xed\0x03
Data=
09:58:39.878282 IP (tos 0x8, ttl 64, id 42705, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x0fe7 (correct), seq 2670:2758, ack 3051, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 12160 (0x2f80)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
09:58:39.878549 IP (tos 0x0, ttl 128, id 5193, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8c8d)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xeffc), seq 3051:3096, ack 2758, win 16106, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12224 (0x2fc0)
Word Count = 3 (0x3)
Handle=15804 (0x3dbc)
Time=NULL
smb_bcc=0
09:58:39.878851 IP (tos 0x8, ttl 64, id 42706, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x618c (correct), seq 2758:2797, ack 3096, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12224 (0x2fc0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:40.079878 IP (tos 0x8, ttl 64, id 42707, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x618c (correct), seq 2758:2797, ack 3096, win 4486, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12224 (0x2fc0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:40.079916 IP (tos 0x0, ttl 128, id 5207, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8ca0)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [.], cksum 0x59f3 (incorrect -> 0x52a8), seq 3096, ack 2797, win 16096, options [nop,nop,sack 1 {2758:2797}], length 0
09:58:53.856836 IP (tos 0x0, ttl 128, id 5554, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->8b2a)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x857a), seq 3096:3135, ack 2797, win 16096, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12288 (0x3000)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.857264 IP (tos 0x8, ttl 64, id 42708, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xb63d (correct), seq 2797:2836, ack 3135, win 4486, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12288 (0x3000)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.857355 IP (tos 0x0, ttl 128, id 5555, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->8b29)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x4435), seq 3135:3174, ack 2836, win 16087, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12352 (0x3040)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.857719 IP (tos 0x8, ttl 64, id 42709, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x74ef (correct), seq 2836:2875, ack 3174, win 4486, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12352 (0x3040)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.857767 IP (tos 0x0, ttl 128, id 5556, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->8b28)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x05f1), seq 3174:3213, ack 2875, win 16077, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12416 (0x3080)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.857997 IP (tos 0x8, ttl 64, id 42710, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0x36a1 (correct), seq 2875:2914, ack 3213, win 4486, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12416 (0x3080)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.858102 IP (tos 0x0, ttl 128, id 5557, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->8b27)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xc2ac), seq 3213:3252, ack 2914, win 16067, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12480 (0x30c0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:53.858495 IP (tos 0x8, ttl 64, id 42711, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xf352 (correct), seq 2914:2953, ack 3252, win 4486, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12480 (0x30c0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:54.058688 IP (tos 0x8, ttl 64, id 42712, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.65498: Flags [P.], cksum 0xf352 (correct), seq 2914:2953, ack 3252, win 4486, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12480 (0x30c0)
Word Count = 0 (0x0)
smb_bcc=0
09:58:54.058719 IP (tos 0x0, ttl 128, id 5560, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8b3f)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [.], cksum 0x59f3 (incorrect -> 0x4eef), seq 3252, ack 2953, win 16425, options [nop,nop,sack 1 {2914:2953}], length 0
09:59:39.195807 IP (tos 0x8, ttl 64, id 42713, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.445 > 192.168.1.110.65498: Flags [F.], cksum 0xdd93 (correct), seq 2953, ack 3252, win 4486, length 0
09:59:39.195859 IP (tos 0x0, ttl 128, id 6725, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->86be)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xaef0), seq 3252, ack 2954, win 16425, length 0
09:59:50.285407 IP (tos 0x0, ttl 128, id 7025, offset 0, flags [DF], proto TCP (6), length 114, bad cksum 0 (->66fd)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [P.], cksum 0x787c (incorrect -> 0xd84c), seq 1288179682:1288179756, ack 2365411937, win 259, length 74
09:59:50.322800 IP (tos 0x0, ttl 63, id 13770, offset 0, flags [DF], proto TCP (6), length 93)
192.168.30.133.993 > 192.168.1.110.62680: Flags [P.], cksum 0x326f (correct), seq 1:54, ack 74, win 50, length 53
09:59:50.323038 IP (tos 0x0, ttl 128, id 7026, offset 0, flags [DF], proto TCP (6), length 114, bad cksum 0 (->66fc)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [P.], cksum 0x787c (incorrect -> 0x8b77), seq 74:148, ack 54, win 259, length 74
09:59:50.360200 IP (tos 0x0, ttl 63, id 13771, offset 0, flags [DF], proto TCP (6), length 93)
192.168.30.133.993 > 192.168.1.110.62680: Flags [P.], cksum 0xea06 (correct), seq 54:107, ack 148, win 50, length 53
09:59:50.360613 IP (tos 0x0, ttl 128, id 7027, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->66eb)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [P.], cksum 0x788c (incorrect -> 0x082f), seq 148:238, ack 107, win 259, length 90
09:59:50.396137 IP (tos 0x0, ttl 63, id 13772, offset 0, flags [DF], proto TCP (6), length 141)
192.168.30.133.993 > 192.168.1.110.62680: Flags [P.], cksum 0x3f7e (correct), seq 107:208, ack 238, win 50, length 101
09:59:50.396524 IP (tos 0x0, ttl 128, id 7028, offset 0, flags [DF], proto TCP (6), length 146, bad cksum 0 (->66da)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [P.], cksum 0x789c (incorrect -> 0x1b31), seq 238:344, ack 208, win 258, length 106
09:59:50.431971 IP (tos 0x0, ttl 63, id 13773, offset 0, flags [DF], proto TCP (6), length 93)
192.168.30.133.993 > 192.168.1.110.62680: Flags [P.], cksum 0x8a5b (correct), seq 208:261, ack 344, win 50, length 53
09:59:50.435567 IP (tos 0x0, ttl 128, id 7029, offset 0, flags [DF], proto TCP (6), length 114, bad cksum 0 (->66f9)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [P.], cksum 0x787c (incorrect -> 0x6f5a), seq 344:418, ack 261, win 258, length 74
09:59:50.471188 IP (tos 0x0, ttl 63, id 13774, offset 0, flags [DF], proto TCP (6), length 109)
192.168.30.133.993 > 192.168.1.110.62680: Flags [P.], cksum 0x4438 (correct), seq 261:330, ack 418, win 50, length 69
09:59:50.672486 IP (tos 0x0, ttl 128, id 7030, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->6742)!)
192.168.1.110.62680 > 192.168.30.133.993: Flags [.], cksum 0x7832 (incorrect -> 0xff0c), seq 418, ack 330, win 258, length 0
10:00:01.407613 IP (tos 0x0, ttl 128, id 7315, offset 0, flags [none], proto UDP (17), length 277)
192.168.1.110.138 > 192.168.3.255.138: [bad udp cksum 0x5ea4 -> 0xcf7d!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5AA IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 35 32 30 00 00 00 00 00 00 T\GETDC5 20\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
10:00:01.407687 IP (tos 0x0, ttl 128, id 7316, offset 0, flags [none], proto UDP (17), length 277, bad cksum 0 (->c377)!)
192.168.1.110.138 > 192.168.0.58.138: [bad udp cksum 0x5adf -> 0xd342!]
>>> NBT UDP PACKET(138) Res=0x110E ID=0xA5AA IP=192 (0xc0).168 (0xa8).1 (0x1).110 (0x6e) Port=138 (0x8a) Length=235 (0xeb) Res2=0x0
SourceName=WORKSTATION--7 NameType=0x00 (Workstation)
DestName=M-Y-D-O-M-A-I-N NameType=0x1C (Unknown)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=75 (0x4b)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x3E8
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=75 (0x4b)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=98
Name=\MAILSLOT\NET\NETLOGON
Data Data: (75 bytes)
[000] 12 00 00 00 49 00 47 00 2D 00 44 00 45 00 56 00 \0x12\0x00\0x00\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[010] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[020] 00 00 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 \0x00\0x00\0x00\0x00\MAI LSLOT\NE
[030] 54 5C 47 45 54 44 43 35 32 30 00 00 00 00 00 00 T\GETDC5 20\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 00 0B 00 00 20 FF FF FF FF \0x00\0x00\0x00\0x0b\0x00\0x00 \0xff \0xff\0xff\0xff
10:00:01.408067 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E5D IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC520
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
10:00:01.408163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 258)
192.168.0.58.138 > 192.168.1.110.138: [udp sum ok]
>>> NBT UDP PACKET(138) Res=0x100A ID=0x5E5E IP=192 (0xc0).168 (0xa8).0 (0x0).58 (0x3a) Port=138 (0x8a) Length=216 (0xd8) Res2=0x0
SourceName=PDC NameType=0x00 (Workstation)
DestName=WORKSTATION--7 NameType=0x00 (Workstation)
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x0
Flags2 = 0x0
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
TotParamCnt=0 (0x0)
TotDataCnt=56 (0x38)
MaxParmCnt=0 (0x0)
MaxDataCnt=0 (0x0)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=0 (0x0)
DataCnt=56 (0x38)
DataOff=92 (0x5c)
SUCnt=3 (0x3)
Data: (6 bytes)
[000] 01 00 01 00 02 00 \0x01\0x00\0x01\0x00\0x02\0x00
smb_bcc=79
Name=\MAILSLOT\NET\GETDC520
Data Data: (56 bytes)
[000] 13 00 5C 00 5C 00 50 00 44 00 43 00 00 00 00 00 \0x13\0x00\\0x00\\0x00P\0x00 D\0x00C\0x00\0x00\0x00\0x00\0x00
[010] 43 00 41 00 45 00 2D 00 45 00 4E 00 47 00 49 00 C\0x00A\0x00E\0x00-\0x00 E\0x00N\0x00G\0x00I\0x00
[020] 4E 00 45 00 45 00 52 00 49 00 4E 00 47 00 00 00 N\0x00E\0x00E\0x00R\0x00 I\0x00N\0x00G\0x00\0x00\0x00
[030] 01 00 00 00 FF FF FF FF \0x01\0x00\0x00\0x00\0xff\0xff\0xff\0xff
10:00:04.173920 IP (tos 0x0, ttl 128, id 7397, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->841e)!)
192.168.1.110.65498 > 192.168.0.58.445: Flags [R.], cksum 0x59e7 (incorrect -> 0xef15), seq 3252, ack 2954, win 0, length 0
10:00:04.174874 IP (tos 0x0, ttl 128, id 7398, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8411)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [S], cksum 0x59f3 (incorrect -> 0xb5af), seq 2329932416, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
10:00:04.174987 IP (tos 0x8, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.58.445 > 192.168.1.110.49276: Flags [S.], cksum 0xc9b4 (correct), seq 3512336775, ack 2329932417, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
10:00:04.175027 IP (tos 0x0, ttl 128, id 7399, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->841c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0x0361), seq 1, ack 1, win 16425, length 0
10:00:04.175057 IP (tos 0x0, ttl 128, id 7400, offset 0, flags [DF], proto TCP (6), length 177, bad cksum 0 (->8392)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a70 (incorrect -> 0x4a99), seq 1:138, ack 1, win 16425, length 137
SMB PACKET: SMBnegprot (REQUEST)
SMB Command = 0x72
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x43
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 0 (0x0)
smb_bcc=98
Dialect=PC NETWORK PROGRAM 1.0
Dialect=LANMAN1.0
Dialect=Windows for Workgroups 3.1a
Dialect=LM1.2X002
Dialect=LANMAN2.1
Dialect=NT LM 0.12
10:00:04.175126 IP (tos 0x8, ttl 64, id 35542, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.445 > 192.168.1.110.49276: Flags [.], cksum 0x33b3 (correct), seq 1, ack 138, win 3918, length 0
10:00:04.181175 IP (tos 0x8, ttl 64, id 35543, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5f6b (correct), seq 1:132, ack 138, win 3918, length 131
SMB PACKET: SMBnegprot (REPLY)
SMB Command = 0x72
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x43
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 17 (0x11)
NT1 Protocol
DialectIndex=5 (0x5)
SecMode=0x3
MaxMux=50 (0x32)
NumVcs=1 (0x1)
MaxBuffer=16644 (0x4104)
RawSize=65536 (0x10000)
SessionKey=0x126C
Capabilities=0x8080F3FD
ServerTime=Thu Aug 28 10:00:05 2014
TimeZone=65416 (0xff88)
CryptKey=Data: (1 bytes)
[000] 00 \0x00
smb_bcc=58
[000] 70 64 63 00 00 00 00 00 00 00 00 00 00 00 00 00 pdc\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(\0x06\0x06+\0x06\0x01\0x05 \0x05\0x02\0xa0\0x1e0\0x1c\0xa0\0x0e
[020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0\0x0c\0x06\0x0a+\0x06\0x01\0x04 \0x01\0x827\0x02\0x02\0x0a\0xa3\0x0a
[030] 30 08 A0 06 1B 04 4E 4F 4E 45 0\0x08\0xa0\0x06\0x1b\0x04NO NE
10:00:04.181689 IP (tos 0x0, ttl 128, id 7401, offset 0, flags [DF], proto TCP (6), length 182, bad cksum 0 (->838c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a75 (incorrect -> 0xdc2a), seq 138:280, ack 132, win 16392, length 142
SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 0 (0x0)
MID = 12544 (0x3100)
Word Count = 12 (0xc)
Com2=0xFF
Res1=0x0
Off2=0 (0x0)
MaxBuffer=16644 (0x4104)
MaxMpx=50 (0x32)
VcNumber=0 (0x0)
SessionKey=0x0
CaseInsensitivePasswordLength=74 (0x4a)
CaseSensitivePasswordLength=0 (0x0)
Res=0xD40000
Capabilities=0x4FA000
Pass1&Pass2&Account&Domain&OS&LanMan=
smb_bcc=79
[000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H\0x06\0x06+\0x06\0x01\0x05 \0x05\0x02\0xa0>0<\0xa0\0x0e
[010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0\0x0c\0x06\0x0a+\0x06\0x01\0x04 \0x01\0x827\0x02\0x02\0x0a\0xa2*
[020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 \0x04(NTLMSS P\0x00\0x01\0x00\0x00\0x00\0x97\0x82
[030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x08\0xe2\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[040] 00 00 06 01 B1 1D 00 00 00 0F 00 00 00 00 00 \0x00\0x00\0x06\0x01\0xb1\0x1d\0x00\0x00 \0x00\0x0f\0x00\0x00\0x00\0x00\0x00
10:00:04.183571 IP (tos 0x8, ttl 64, id 35544, offset 0, flags [DF], proto TCP (6), length 396)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf070 (correct), seq 132:488, ack 280, win 4186, length 356
SMB PACKET: SMBsesssetupX (REPLY)
SMB Command = 0x73
Error class = 0x16
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12544 (0x3100)
Word Count = 4 (0x4)
NTError = STATUS_MORE_PROCESSING_REQUIRED
[000] FF 00 00 00 00 00 F3 00 \0xff\0x00\0x00\0x00\0x00\0x00\0xf3\0x00
smb_bcc=309
[000] A1 81 F0 30 81 ED A0 03 0A 01 01 A1 0C 06 0A 2B \0xa1\0x81\0xf00\0x81\0xed\0xa0\0x03 \0x0a\0x01\0x01\0xa1\0x0c\0x06\0x0a+
[010] 06 01 04 01 82 37 02 02 0A A2 81 D7 04 81 D4 4E \0x06\0x01\0x04\0x01\0x827\0x02\0x02 \0x0a\0xa2\0x81\0xd7\0x04\0x81\0xd4N
[020] 54 4C 4D 53 53 50 00 02 00 00 00 1E 00 1E 00 38 TLMSSP\0x00\0x02 \0x00\0x00\0x00\0x1e\0x00\0x1e\0x008
[030] 00 00 00 95 82 89 E2 AF 50 63 DC CA 87 07 FB 00 \0x00\0x00\0x00\0x95\0x82\0x89\0xe2\0xaf Pc\0xdc\0xca\0x87\0x07\0xfb\0x00
[040] 00 00 00 00 00 00 00 7E 00 7E 00 56 00 00 00 06 \0x00\0x00\0x00\0x00\0x00\0x00\0x00~ \0x00~\0x00V\0x00\0x00\0x00\0x06
[050] 01 00 00 00 00 00 0F 43 00 41 00 45 00 2D 00 45 \0x01\0x00\0x00\0x00\0x00\0x00\0x0fC \0x00A\0x00E\0x00-\0x00E
[060] 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 49 \0x00N\0x00G\0x00I\0x00N \0x00E\0x00E\0x00R\0x00I
[070] 00 4E 00 47 00 02 00 1E 00 43 00 41 00 45 00 2D \0x00N\0x00G\0x00\0x02\0x00\0x1e \0x00C\0x00A\0x00E\0x00-
[080] 00 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 \0x00E\0x00N\0x00G\0x00I \0x00N\0x00E\0x00E\0x00R
[090] 00 49 00 4E 00 47 00 01 00 06 00 50 00 44 00 43 \0x00I\0x00N\0x00G\0x00\0x01 \0x00\0x06\0x00P\0x00D\0x00C
[0A0] 00 04 00 1E 00 66 00 69 00 6C 00 65 00 73 00 2E \0x00\0x04\0x00\0x1e\0x00f\0x00i \0x00l\0x00e\0x00s\0x00.
[0B0] 00 76 00 70 00 6E 00 2E 00 61 00 76 00 2E 00 68 \0x00v\0x00p\0x00n\0x00. \0x00a\0x00v\0x00.\0x00h
[0C0] 00 75 00 03 00 28 00 72 00 67 00 79 00 75 00 2E \0x00u\0x00\0x03\0x00(\0x00r \0x00g\0x00y\0x00u\0x00.
[0D0] 00 66 00 69 00 6C 00 65 00 73 00 2E 00 76 00 70 \0x00f\0x00i\0x00l\0x00e \0x00s\0x00.\0x00v\0x00p
[0E0] 00 6E 00 2E 00 61 00 76 00 2E 00 68 00 75 00 00 \0x00n\0x00.\0x00a\0x00v \0x00.\0x00h\0x00u\0x00\0x00
[0F0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 \0x00\0x00\0x00U\0x00n\0x00i \0x00x\0x00\0x00\0x00S\0x00a
[100] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E \0x00m\0x00b\0x00a\0x00 \0x003\0x00.\0x006\0x00.
[110] 00 36 00 00 00 43 00 41 00 45 00 2D 00 45 00 4E \0x006\0x00\0x00\0x00C\0x00A \0x00E\0x00-\0x00E\0x00N
[120] 00 47 00 49 00 4E 00 45 00 45 00 52 00 49 00 4E \0x00G\0x00I\0x00N\0x00E \0x00E\0x00R\0x00I\0x00N
[130] 00 47 00 00 00 \0x00G\0x00\0x00\0x00
10:00:04.183739 IP (tos 0x0, ttl 128, id 7402, offset 0, flags [DF], proto TCP (6), length 640, bad cksum 0 (->81c1)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5c3f (incorrect -> 0x06a2), seq 280:880, ack 488, win 16303, length 600
SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12608 (0x3140)
Word Count = 12 (0xc)
Com2=0xFF
Res1=0x0
Off2=0 (0x0)
MaxBuffer=16644 (0x4104)
MaxMpx=50 (0x32)
VcNumber=0 (0x0)
SessionKey=0x0
CaseInsensitivePasswordLength=532 (0x214)
CaseSensitivePasswordLength=0 (0x0)
Res=0xD40000
Capabilities=0x219A000
Pass1&Pass2&Account&Domain&OS&LanMan=
smb_bcc=537
[000] A1 82 02 10 30 82 02 0C A2 82 02 08 04 82 02 04 \0xa1\0x82\0x02\0x100\0x82\0x02\0x0c \0xa2\0x82\0x02\0x08\0x04\0x82\0x02\0x04
[010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP\0x00 \0x03\0x00\0x00\0x00\0x18\0x00\0x18\0x00
[020] A0 00 00 00 3C 01 3C 01 B8 00 00 00 1E 00 1E 00 \0xa0\0x00\0x00\0x00<\0x01<\0x01 \0xb8\0x00\0x00\0x00\0x1e\0x00\0x1e\0x00
[030] 58 00 00 00 0E 00 0E 00 76 00 00 00 1C 00 1C 00 X\0x00\0x00\0x00\0x0e\0x00\0x0e\0x00 v\0x00\0x00\0x00\0x1c\0x00\0x1c\0x00
[040] 84 00 00 00 10 00 10 00 F4 01 00 00 15 82 88 E2 \0x84\0x00\0x00\0x00\0x10\0x00\0x10\0x00 \0xf4\0x01\0x00\0x00\0x15\0x82\0x88\0xe2
[050] 06 01 B1 1D 00 00 00 0F 75 36 3A 51 63 0E D8 7A \0x06\0x01\0xb1\0x1d\0x00\0x00\0x00\0x0f u6:Qc\0x0e\0xd8z
[060] 63 8D BE 99 9B 09 EB 27 43 00 41 00 45 00 2D 00 c\0x8d\0xbe\0x99\0x9b\0x09\0xeb' C\0x00A\0x00E\0x00-\0x00
[070] 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 E\0x00N\0x00G\0x00I\0x00 N\0x00E\0x00E\0x00R\0x00
[080] 49 00 4E 00 47 00 73 00 7A 00 7A 00 65 00 6D 00 I\0x00N\0x00G\0x00s\0x00 z\0x00z\0x00e\0x00m\0x00
[090] 6B 00 6F 00 49 00 47 00 2D 00 44 00 45 00 56 00 k\0x00o\0x00I\0x00G\0x00 -\0x00D\0x00E\0x00V\0x00
[0A0] 45 00 4C 00 4F 00 50 00 45 00 52 00 2D 00 37 00 E\0x00L\0x00O\0x00P\0x00 E\0x00R\0x00-\0x007\0x00
[0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[0C0] 00 00 00 00 00 00 00 00 DC 3A DC E6 D0 D2 33 48 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0xdc:\0xdc\0xe6\0xd0\0xd23H
[0D0] 45 44 4D 0A 72 74 6C 87 01 01 00 00 00 00 00 00 EDM\0x0artl\0x87 \0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00
[0E0] 39 9D 4B 13 96 C2 CF 01 25 5F 47 03 A9 D2 31 1F 9\0x9dK\0x13\0x96\0xc2\0xcf\0x01 %_G\0x03\0xa9\0xd21\0x1f
[0F0] 00 00 00 00 02 00 1E 00 43 00 41 00 45 00 2D 00 \0x00\0x00\0x00\0x00\0x02\0x00\0x1e\0x00 C\0x00A\0x00E\0x00-\0x00
[100] 45 00 4E 00 47 00 49 00 4E 00 45 00 45 00 52 00 E\0x00N\0x00G\0x00I\0x00 N\0x00E\0x00E\0x00R\0x00
[110] 49 00 4E 00 47 00 01 00 06 00 50 00 44 00 43 00 I\0x00N\0x00G\0x00\0x01\0x00 \0x06\0x00P\0x00D\0x00C\0x00
[120] 04 00 1E 00 66 00 69 00 6C 00 65 00 73 00 2E 00 \0x04\0x00\0x1e\0x00f\0x00i\0x00 l\0x00e\0x00s\0x00.\0x00
[130] 76 00 70 00 6E 00 2E 00 61 00 76 00 2E 00 68 00 v\0x00p\0x00n\0x00.\0x00 a\0x00v\0x00.\0x00h\0x00
[140] 75 00 03 00 28 00 72 00 67 00 79 00 75 00 2E 00 u\0x00\0x03\0x00(\0x00r\0x00 g\0x00y\0x00u\0x00.\0x00
[150] 66 00 69 00 6C 00 65 00 73 00 2E 00 76 00 70 00 f\0x00i\0x00l\0x00e\0x00 s\0x00.\0x00v\0x00p\0x00
[160] 6E 00 2E 00 61 00 76 00 2E 00 68 00 75 00 08 00 n\0x00.\0x00a\0x00v\0x00 .\0x00h\0x00u\0x00\0x08\0x00
[170] 30 00 30 00 00 00 00 00 00 00 00 00 00 00 00 30 0\0x000\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x000
[180] 00 00 9D 0B 7D 7F 17 45 A6 EC CA D1 ED E3 40 4E \0x00\0x00\0x9d\0x0b}\0x7f\0x17E \0xa6\0xec\0xca\0xd1\0xed\0xe3@N
[190] 7A 07 64 7B 0A 30 E4 83 D2 88 82 61 45 B7 3D 1F z\0x07d{\0x0a0\0xe4\0x83 \0xd2\0x88\0x82aE\0xb7=\0x1f
[1A0] BF DD 0A 00 10 00 00 00 00 00 00 00 00 00 00 00 \0xbf\0xdd\0x0a\0x00\0x10\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[1B0] 00 00 00 00 00 00 09 00 42 00 63 00 69 00 66 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x09\0x00 B\0x00c\0x00i\0x00f\0x00
[1C0] 73 00 2F 00 52 00 47 00 59 00 55 00 46 00 49 00 s\0x00/\0x00R\0x00G\0x00 Y\0x00U\0x00F\0x00I\0x00
[1D0] 4C 00 45 00 53 00 2E 00 63 00 61 00 65 00 2D 00 L\0x00E\0x00S\0x00.\0x00 c\0x00a\0x00e\0x00-\0x00
[1E0] 65 00 6E 00 67 00 69 00 6E 00 65 00 65 00 72 00 e\0x00n\0x00g\0x00i\0x00 n\0x00e\0x00e\0x00r\0x00
[1F0] 69 00 6E 00 67 00 2E 00 68 00 75 00 00 00 00 00 i\0x00n\0x00g\0x00.\0x00 h\0x00u\0x00\0x00\0x00\0x00\0x00
[200] 00 00 00 00 BC A9 27 72 CB C1 87 68 99 FF AC 7C \0x00\0x00\0x00\0x00\0xbc\0xa9'r \0xcb\0xc1\0x87h\0x99\0xff\0xac|
[210] DD 56 F9 10 00 00 00 00 00 \0xddV\0xf9\0x10\0x00\0x00\0x00\0x00 \0x00
10:00:04.218434 IP (tos 0x8, ttl 64, id 35545, offset 0, flags [DF], proto TCP (6), length 162)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xe8c7 (correct), seq 488:610, ack 880, win 4486, length 122
SMB PACKET: SMBsesssetupX (REPLY)
SMB Command = 0x73
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 65535 (0xffff)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12608 (0x3140)
Word Count = 4 (0x4)
[000] FF 00 00 00 00 00 09 00 \0xff\0x00\0x00\0x00\0x00\0x00\0x09\0x00
smb_bcc=75
[000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 \0xa1\0x070\0x05\0xa0\0x03\0x0a\0x01 \0x00U\0x00n\0x00i\0x00x
[010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 \0x00\0x00\0x00S\0x00a\0x00m \0x00b\0x00a\0x00 \0x003
[020] 00 2E 00 36 00 2E 00 36 00 00 00 43 00 41 00 45 \0x00.\0x006\0x00.\0x006 \0x00\0x00\0x00C\0x00A\0x00E
[030] 00 2D 00 45 00 4E 00 47 00 49 00 4E 00 45 00 45 \0x00-\0x00E\0x00N\0x00G \0x00I\0x00N\0x00E\0x00E
[040] 00 52 00 49 00 4E 00 47 00 00 00 \0x00R\0x00I\0x00N\0x00G \0x00\0x00\0x00
10:00:04.218819 IP (tos 0x0, ttl 128, id 7405, offset 0, flags [DF], proto TCP (6), length 128, bad cksum 0 (->83be)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3f (incorrect -> 0xbec5), seq 880:968, ack 610, win 16272, length 88
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12672 (0x3180)
Word Count = 4 (0x4)
Com2=0xFF
Off2=84 (0x54)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=41
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 50 00 43 00 24 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00P\0x00C\0x00$
[020] 00 00 00 3F 3F 3F 3F 3F 00 \0x00\0x00\0x00????? \0x00
10:00:04.221340 IP (tos 0x8, ttl 64, id 35546, offset 0, flags [DF], proto TCP (6), length 100)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x23b7 (correct), seq 610:670, ack 968, win 4486, length 60
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12672 (0x3180)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 01 00 FF 01 00 00 FF 01 00 00 \0x01\0x00\0xff\0x01\0x00\0x00\0xff\0x01 \0x00\0x00
smb_bcc=7
ServiceType=IPC
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
10:00:04.221659 IP (tos 0x0, ttl 128, id 7406, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->83ad)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0x6326), seq 968:1072, ack 670, win 16257, length 104
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 3624 (0xe28)
UID = 100 (0x64)
MID = 12736 (0x31c0)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=14
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x12019F
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x400040
ImpersonationLevel=0x2
SecurityFlags=1 (0x1)
smb_bcc=17
Path=\srvsvc
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
10:00:04.221880 IP (tos 0x8, ttl 64, id 35547, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x50e2 (correct), seq 670:809, ack 1072, win 4486, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 3624 (0xe28)
UID = 100 (0x64)
MID = 12736 (0x31c0)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17384 (0x43e8)
CreateAction=0x1
CreateTime=NULL
LastAccessTime=NULL
LastWriteTime=NULL
ChangeTime=NULL
ExtFileAttributes=0x80
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x2
DeviceState=0x5FF
Directory=0 (0x0)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:04.222066 IP (tos 0x0, ttl 128, id 7407, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->83c8)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x03c4), seq 1072:1148, ack 809, win 16223, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 3624 (0xe28)
UID = 100 (0x64)
MID = 12800 (0x3200)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] E8 43 ED 03 \0xe8C\0xed\0x03
Data=
10:00:04.222183 IP (tos 0x8, ttl 64, id 35548, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0cb1 (correct), seq 809:897, ack 1148, win 4486, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 3624 (0xe28)
UID = 100 (0x64)
MID = 12800 (0x3200)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x10\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 01 00 00 00 \0x01\0x00\0x00\0x00\0x01\0x00\0x00\0x00
10:00:04.222380 IP (tos 0x0, ttl 128, id 7408, offset 0, flags [DF], proto TCP (6), length 268, bad cksum 0 (->832f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5acb (incorrect -> 0x5173), seq 1148:1376, ack 897, win 16201, length 228
SMB PACKET: SMBwriteX (REQUEST)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12864 (0x3240)
Word Count = 14 (0xe)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17384 (0x43e8)
Offset=0 (0x0)
TimeOut=-1 (0xffffffff)
WMode=0x8
CountLeft=160 (0xa0)
Res=0x0
DataSize=160 (0xa0)
DataOff=64 (0x40)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=161
smb_buf[]=
[000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 \0xee\0x05\0x00\0x0b\0x03\0x10\0x00\0x00 \0x00\0xa0\0x00\0x00\0x00\0x02\0x00\0x00
[010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 \0x00\0xb8\0x10\0xb8\0x10\0x00\0x00\0x00 \0x00\0x03\0x00\0x00\0x00\0x00\0x00\0x01
[020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 \0x00\0xc8O2Kp\0x16\0xd3 \0x01\0x12xZG\0xbfn\0xe1
[030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 \0x88\0x03\0x00\0x00\0x00\0x04]\0x88 \0x8a\0xeb\0x1c\0xc9\0x11\0x9f\0xe8\0x08
[040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 C8 4F 32 \0x00+\0x10H`\0x02\0x00\0x00 \0x00\0x01\0x00\0x01\0x00\0xc8O2
[050] 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 00 00 Kp\0x16\0xd3\0x01\0x12xZ G\0xbfn\0xe1\0x88\0x03\0x00\0x00
[060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC \0x003\0x05qq\0xba\0xbe7 I\0x83\0x19\0xb5\0xdb\0xef\0x9c\0xcc
[070] 36 01 00 00 00 02 00 01 00 C8 4F 32 4B 70 16 D3 6\0x01\0x00\0x00\0x00\0x02\0x00\0x01 \0x00\0xc8O2Kp\0x16\0xd3
[080] 01 12 78 5A 47 BF 6E E1 88 03 00 00 00 2C 1C B7 \0x01\0x12xZG\0xbfn\0xe1 \0x88\0x03\0x00\0x00\0x00,\0x1c\0xb7
[090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l\0x12\0x98@E\0x03\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x01\0x00\0x00
[0A0] 00 \0x00
10:00:04.222525 IP (tos 0x8, ttl 64, id 35549, offset 0, flags [DF], proto TCP (6), length 91)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xfad7 (correct), seq 897:948, ack 1376, win 4786, length 51
SMB PACKET: SMBwriteX (REPLY)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12864 (0x3240)
Word Count = 6 (0x6)
Com2=0xFF
Off2=0 (0x0)
Count=160 (0xa0)
Remaining=0 (0x0)
Res=0x0
smb_bcc=0
10:00:04.222652 IP (tos 0x0, ttl 128, id 7409, offset 0, flags [DF], proto TCP (6), length 103, bad cksum 0 (->83d3)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a26 (incorrect -> 0x574b), seq 1376:1439, ack 948, win 16188, length 63
SMB PACKET: SMBreadX (REQUEST)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12928 (0x3280)
Word Count = 12 (0xc)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17384 (0x43e8)
Offset=0 (0x0)
MaxCount=1024 (0x400)
MinCount=1024 (0x400)
TimeOut=-1 (0xffffffff)
CountLeft=1024 (0x400)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=0
10:00:04.222741 IP (tos 0x8, ttl 64, id 35550, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8223 (correct), seq 948:1079, ack 1439, win 4786, length 131
SMB PACKET: SMBreadX (REPLY)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12928 (0x3280)
Word Count = 12 (0xc)
Com2=0xFF
Off2=0 (0x0)
Remaining=0 (0x0)
Res=0x0
DataSize=68 (0x44)
DataOff=59 (0x3b)
Res=(0x0,0x0,0x0,0x0)
Data: (2 bytes)
[000] 00 04 \0x00\0x04
smb_bcc=68
smb_buf[]=
[000] 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 00 \0x05\0x00\0x0c\0x03\0x10\0x00\0x00\0x00 D\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C \0xb8\0x10\0xb8\0x10\0xf0S\0x00\0x00 \0x0d\0x00\PIPE\
[020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc\0x00\0x00 \0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 \0x04]\0x88\0x8a\0xeb\0x1c\0xc9\0x11 \0x9f\0xe8\0x08\0x00+\0x10H`
[040] 02 00 00 00 \0x02\0x00\0x00\0x00
10:00:04.222850 IP (tos 0x0, ttl 128, id 7410, offset 0, flags [DF], proto TCP (6), length 200, bad cksum 0 (->8371)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a87 (incorrect -> 0xc295), seq 1439:1599, ack 1079, win 16155, length 160
SMB PACKET: SMBwriteX (REQUEST)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12992 (0x32c0)
Word Count = 14 (0xe)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17384 (0x43e8)
Offset=0 (0x0)
TimeOut=-1 (0xffffffff)
WMode=0x8
CountLeft=92 (0x5c)
Res=0x0
DataSize=92 (0x5c)
DataOff=64 (0x40)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=93
smb_buf[]=
[000] EE 05 00 00 03 10 00 00 00 5C 00 00 00 02 00 00 \0xee\0x05\0x00\0x00\0x03\0x10\0x00\0x00 \0x00\\0x00\0x00\0x00\0x02\0x00\0x00
[010] 00 44 00 00 00 00 00 0F 00 00 00 02 00 0C 00 00 \0x00D\0x00\0x00\0x00\0x00\0x00\0x0f \0x00\0x00\0x00\0x02\0x00\0x0c\0x00\0x00
[020] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 52 00 47 \0x00\0x00\0x00\0x00\0x00\0x0c\0x00\0x00 \0x00\\0x00\\0x00R\0x00G
[030] 00 59 00 55 00 46 00 49 00 4C 00 45 00 53 00 00 \0x00Y\0x00U\0x00F\0x00I \0x00L\0x00E\0x00S\0x00\0x00
[040] 00 01 00 00 00 01 00 00 00 04 00 02 00 00 00 00 \0x00\0x01\0x00\0x00\0x00\0x01\0x00\0x00 \0x00\0x04\0x00\0x02\0x00\0x00\0x00\0x00
[050] 00 00 00 00 00 FF FF FF FF 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0xff\0xff\0xff \0xff\0x00\0x00\0x00\0x00
10:00:04.223920 IP (tos 0x8, ttl 64, id 35551, offset 0, flags [DF], proto TCP (6), length 91)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x785a (correct), seq 1079:1130, ack 1599, win 5086, length 51
SMB PACKET: SMBwriteX (REPLY)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 12992 (0x32c0)
Word Count = 6 (0x6)
Com2=0xFF
Off2=0 (0x0)
Count=92 (0x5c)
Remaining=0 (0x0)
Res=0x0
smb_bcc=0
10:00:04.224110 IP (tos 0x0, ttl 128, id 7411, offset 0, flags [DF], proto TCP (6), length 103, bad cksum 0 (->83d1)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a26 (incorrect -> 0xd5e3), seq 1599:1662, ack 1130, win 16142, length 63
SMB PACKET: SMBreadX (REQUEST)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13056 (0x3300)
Word Count = 12 (0xc)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17384 (0x43e8)
Offset=0 (0x0)
MaxCount=1024 (0x400)
MinCount=1024 (0x400)
TimeOut=-1 (0xffffffff)
CountLeft=1024 (0x400)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=0
10:00:04.224276 IP (tos 0x8, ttl 64, id 35552, offset 0, flags [DF], proto TCP (6), length 1127)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x04b0 (correct), seq 1130:2217, ack 1662, win 5086, length 1087
SMB PACKET: SMBreadX (REPLY)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13056 (0x3300)
Word Count = 12 (0xc)
Com2=0xFF
Off2=0 (0x0)
Remaining=0 (0x0)
Res=0x0
DataSize=1024 (0x400)
DataOff=59 (0x3b)
Res=(0x0,0x0,0x0,0x0)
Data: (2 bytes)
[000] 00 04 \0x00\0x04
smb_bcc=1024
smb_buf[]=
[000] 05 00 02 03 10 00 00 00 EC 0B 00 00 02 00 00 00 \0x05\0x00\0x02\0x03\0x10\0x00\0x00\0x00 \0xec\0x0b\0x00\0x00\0x02\0x00\0x00\0x00
[010] D4 0B 00 00 00 00 00 00 01 00 00 00 01 00 00 00 \0xd4\0x0b\0x00\0x00\0x00\0x00\0x00\0x00 \0x01\0x00\0x00\0x00\0x01\0x00\0x00\0x00
[020] 08 00 02 00 15 00 00 00 0C 00 02 00 15 00 00 00 \0x08\0x00\0x02\0x00\0x15\0x00\0x00\0x00 \0x0c\0x00\0x02\0x00\0x15\0x00\0x00\0x00
[030] 10 00 02 00 00 00 00 00 14 00 02 00 18 00 02 00 \0x10\0x00\0x02\0x00\0x00\0x00\0x00\0x00 \0x14\0x00\0x02\0x00\0x18\0x00\0x02\0x00
[040] 00 00 00 00 1C 00 02 00 20 00 02 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x1c\0x00\0x02\0x00 \0x00\0x02\0x00\0x00\0x00\0x00\0x00
[050] 24 00 02 00 28 00 02 00 00 00 00 00 2C 00 02 00 $\0x00\0x02\0x00(\0x00\0x02\0x00 \0x00\0x00\0x00\0x00,\0x00\0x02\0x00
[060] 30 00 02 00 00 00 00 00 34 00 02 00 38 00 02 00 0\0x00\0x02\0x00\0x00\0x00\0x00\0x00 4\0x00\0x02\0x008\0x00\0x02\0x00
[070] 00 00 00 00 3C 00 02 00 40 00 02 00 00 00 00 00 \0x00\0x00\0x00\0x00<\0x00\0x02\0x00 @\0x00\0x02\0x00\0x00\0x00\0x00\0x00
[080] 44 00 02 00 48 00 02 00 00 00 00 00 4C 00 02 00 D\0x00\0x02\0x00H\0x00\0x02\0x00 \0x00\0x00\0x00\0x00L\0x00\0x02\0x00
[090] 50 00 02 00 00 00 00 00 54 00 02 00 58 00 02 00 P\0x00\0x02\0x00\0x00\0x00\0x00\0x00 T\0x00\0x02\0x00X\0x00\0x02\0x00
[0A0] 00 00 00 00 5C 00 02 00 60 00 02 00 00 00 00 00 \0x00\0x00\0x00\0x00\\0x00\0x02\0x00 `\0x00\0x02\0x00\0x00\0x00\0x00\0x00
[0B0] 64 00 02 00 68 00 02 00 00 00 00 00 6C 00 02 00 d\0x00\0x02\0x00h\0x00\0x02\0x00 \0x00\0x00\0x00\0x00l\0x00\0x02\0x00
[0C0] 70 00 02 00 00 00 00 00 74 00 02 00 78 00 02 00 p\0x00\0x02\0x00\0x00\0x00\0x00\0x00 t\0x00\0x02\0x00x\0x00\0x02\0x00
[0D0] 00 00 00 00 7C 00 02 00 80 00 02 00 00 00 00 00 \0x00\0x00\0x00\0x00|\0x00\0x02\0x00 \0x80\0x00\0x02\0x00\0x00\0x00\0x00\0x00
[0E0] 84 00 02 00 88 00 02 00 00 00 00 00 8C 00 02 00 \0x84\0x00\0x02\0x00\0x88\0x00\0x02\0x00 \0x00\0x00\0x00\0x00\0x8c\0x00\0x02\0x00
[0F0] 90 00 02 00 00 00 00 00 94 00 02 00 98 00 02 00 \0x90\0x00\0x02\0x00\0x00\0x00\0x00\0x00 \0x94\0x00\0x02\0x00\0x98\0x00\0x02\0x00
[100] 00 00 00 00 9C 00 02 00 A0 00 02 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x9c\0x00\0x02\0x00 \0xa0\0x00\0x02\0x00\0x00\0x00\0x00\0x00
[110] A4 00 02 00 A8 00 02 00 00 00 00 00 AC 00 02 00 \0xa4\0x00\0x02\0x00\0xa8\0x00\0x02\0x00 \0x00\0x00\0x00\0x00\0xac\0x00\0x02\0x00
[120] B0 00 02 00 03 00 00 80 B4 00 02 00 0C 00 00 00 \0xb0\0x00\0x02\0x00\0x03\0x00\0x00\0x80 \0xb4\0x00\0x02\0x00\0x0c\0x00\0x00\0x00
[130] 00 00 00 00 0C 00 00 00 69 00 6C 00 6D 00 73 00 \0x00\0x00\0x00\0x00\0x0c\0x00\0x00\0x00 i\0x00l\0x00m\0x00s\0x00
[140] 2D 00 64 00 65 00 73 00 69 00 67 00 6E 00 00 00 -\0x00d\0x00e\0x00s\0x00 i\0x00g\0x00n\0x00\0x00\0x00
[150] 50 00 00 00 00 00 00 00 50 00 00 00 69 00 6C 00 P\0x00\0x00\0x00\0x00\0x00\0x00\0x00 P\0x00\0x00\0x00i\0x00l\0x00
[160] 6D 00 73 00 20 00 75 00 69 00 20 00 72 00 65 00 m\0x00s\0x00 \0x00u\0x00 i\0x00 \0x00r\0x00e\0x00
[170] 64 00 65 00 73 00 69 00 67 00 6E 00 20 00 6D 00 d\0x00e\0x00s\0x00i\0x00 g\0x00n\0x00 \0x00m\0x00
[180] 6F 00 63 00 6B 00 75 00 70 00 20 00 61 00 72 00 o\0x00c\0x00k\0x00u\0x00 p\0x00 \0x00a\0x00r\0x00
[190] 65 00 61 00 2C 00 20 00 73 00 65 00 65 00 20 00 e\0x00a\0x00,\0x00 \0x00 s\0x00e\0x00e\0x00 \0x00
[1A0] 68 00 74 00 74 00 70 00 73 00 3A 00 2F 00 2F 00 h\0x00t\0x00t\0x00p\0x00 s\0x00:\0x00/\0x00/\0x00
[1B0] 74 00 72 00 61 00 63 00 2E 00 63 00 61 00 65 00 t\0x00r\0x00a\0x00c\0x00 .\0x00c\0x00a\0x00e\0x00
[1C0] 2D 00 65 00 6E 00 67 00 69 00 6E 00 65 00 65 00 -\0x00e\0x00n\0x00g\0x00 i\0x00n\0x00e\0x00e\0x00
[1D0] 72 00 69 00 6E 00 67 00 2E 00 68 00 75 00 2F 00 r\0x00i\0x00n\0x00g\0x00 .\0x00h\0x00u\0x00/\0x00
[1E0] 49 00 54 00 2F 00 74 00 69 00 63 00 6B 00 65 00 I\0x00T\0x00/\0x00t\0x00 i\0x00c\0x00k\0x00e\0x00
[1F0] 74 00 2F 00 31 00 30 00 35 00 00 00 18 00 00 00 t\0x00/\0x001\0x000\0x00 5\0x00\0x00\0x00\0x18\0x00\0x00\0x00
[200] 00 00 00 00 18 00 00 00 76 00 69 00 73 00 75 00 \0x00\0x00\0x00\0x00\0x18\0x00\0x00\0x00 v\0x00i\0x00s\0x00u\0x00
[210] 61 00 6C 00 2D 00 72 00 65 00 70 00 6F 00 72 00 a\0x00l\0x00-\0x00r\0x00 e\0x00p\0x00o\0x00r\0x00
[220] 74 00 73 00 2D 00 69 00 6E 00 63 00 6F 00 6D 00 t\0x00s\0x00-\0x00i\0x00 n\0x00c\0x00o\0x00m\0x00
[230] 69 00 6E 00 67 00 00 00 5A 00 00 00 00 00 00 00 i\0x00n\0x00g\0x00\0x00\0x00 Z\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[240] 5A 00 00 00 56 00 69 00 73 00 75 00 61 00 6C 00 Z\0x00\0x00\0x00V\0x00i\0x00 s\0x00u\0x00a\0x00l\0x00
[250] 20 00 72 00 65 00 70 00 6F 00 72 00 74 00 73 00 \0x00r\0x00e\0x00p\0x00 o\0x00r\0x00t\0x00s\0x00
[260] 20 00 70 00 75 00 62 00 6C 00 69 00 73 00 68 00 \0x00p\0x00u\0x00b\0x00 l\0x00i\0x00s\0x00h\0x00
[270] 65 00 64 00 20 00 62 00 79 00 20 00 4D 00 6F 00 e\0x00d\0x00 \0x00b\0x00 y\0x00 \0x00M\0x00o\0x00
[280] 6E 00 74 00 72 00 65 00 61 00 6C 00 20 00 61 00 n\0x00t\0x00r\0x00e\0x00 a\0x00l\0x00 \0x00a\0x00
[290] 6E 00 64 00 20 00 72 00 65 00 70 00 6C 00 69 00 n\0x00d\0x00 \0x00r\0x00 e\0x00p\0x00l\0x00i\0x00
[2A0] 63 00 61 00 74 00 65 00 64 00 20 00 61 00 75 00 c\0x00a\0x00t\0x00e\0x00 d\0x00 \0x00a\0x00u\0x00
[2B0] 74 00 6F 00 6D 00 61 00 74 00 69 00 63 00 61 00 t\0x00o\0x00m\0x00a\0x00 t\0x00i\0x00c\0x00a\0x00
[2C0] 6C 00 6C 00 79 00 20 00 74 00 6F 00 20 00 42 00 l\0x00l\0x00y\0x00 \0x00 t\0x00o\0x00 \0x00B\0x00
[2D0] 75 00 64 00 61 00 70 00 65 00 73 00 74 00 2E 00 u\0x00d\0x00a\0x00p\0x00 e\0x00s\0x00t\0x00.\0x00
[2E0] 20 00 52 00 65 00 61 00 64 00 2D 00 6F 00 6E 00 \0x00R\0x00e\0x00a\0x00 d\0x00-\0x00o\0x00n\0x00
[2F0] 6C 00 79 00 21 00 00 00 04 00 00 00 00 00 00 00 l\0x00y\0x00!\0x00\0x00\0x00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[300] 04 00 00 00 63 00 67 00 66 00 00 00 1D 00 00 00 \0x04\0x00\0x00\0x00c\0x00g\0x00 f\0x00\0x00\0x00\0x1d\0x00\0x00\0x00
[310] 00 00 00 00 1D 00 00 00 43 00 6F 00 6D 00 6D 00 \0x00\0x00\0x00\0x00\0x1d\0x00\0x00\0x00 C\0x00o\0x00m\0x00m\0x00
[320] 6F 00 6E 00 20 00 66 00 69 00 6C 00 65 00 73 00 o\0x00n\0x00 \0x00f\0x00 i\0x00l\0x00e\0x00s\0x00
[330] 20 00 6F 00 66 00 20 00 74 00 68 00 65 00 20 00 \0x00o\0x00f\0x00 \0x00 t\0x00h\0x00e\0x00 \0x00
[340] 43 00 47 00 46 00 20 00 74 00 65 00 61 00 6D 00 C\0x00G\0x00F\0x00 \0x00 t\0x00e\0x00a\0x00m\0x00
[350] 00 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 00 \0x00\0x00\0x00\0x00\0x0f\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x0f\0x00\0x00\0x00
[360] 76 00 69 00 73 00 75 00 61 00 6C 00 2D 00 73 00 v\0x00i\0x00s\0x00u\0x00 a\0x00l\0x00-\0x00s\0x00
[370] 79 00 73 00 74 00 65 00 6D 00 73 00 00 00 00 00 y\0x00s\0x00t\0x00e\0x00 m\0x00s\0x00\0x00\0x00\0x00\0x00
[380] 28 00 00 00 00 00 00 00 28 00 00 00 43 00 6F 00 (\0x00\0x00\0x00\0x00\0x00\0x00\0x00 (\0x00\0x00\0x00C\0x00o\0x00
[390] 6D 00 6D 00 6F 00 6E 00 20 00 66 00 69 00 6C 00 m\0x00m\0x00o\0x00n\0x00 \0x00f\0x00i\0x00l\0x00
[3A0] 65 00 73 00 20 00 6F 00 66 00 20 00 74 00 68 00 e\0x00s\0x00 \0x00o\0x00 f\0x00 \0x00t\0x00h\0x00
[3B0] 65 00 20 00 56 00 69 00 73 00 75 00 61 00 6C 00 e\0x00 \0x00V\0x00i\0x00 s\0x00u\0x00a\0x00l\0x00
[3C0] 20 00 53 00 79 00 73 00 74 00 65 00 6D 00 73 00 \0x00S\0x00y\0x00s\0x00 t\0x00e\0x00m\0x00s\0x00
[3D0] 20 00 74 00 65 00 61 00 6D 00 00 00 04 00 00 00 \0x00t\0x00e\0x00a\0x00 m\0x00\0x00\0x00\0x04\0x00\0x00\0x00
[3E0] 00 00 00 00 04 00 00 00 69 00 73 00 73 00 00 00 \0x00\0x00\0x00\0x00\0x04\0x00\0x00\0x00 i\0x00s\0x00s\0x00\0x00\0x00
[3F0] 2E 00 00 00 00 00 00 00 2E 00 00 00 46 00 69 00 .\0x00\0x00\0x00\0x00\0x00\0x00\0x00 .\0x00\0x00\0x00F\0x00i\0x00
10:00:04.224418 IP (tos 0x0, ttl 128, id 7412, offset 0, flags [DF], proto TCP (6), length 103, bad cksum 0 (->83d0)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a26 (incorrect -> 0x8486), seq 1662:1725, ack 2217, win 16425, length 63
SMB PACKET: SMBreadX (REQUEST)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13120 (0x3340)
Word Count = 12 (0xc)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17384 (0x43e8)
Offset=0 (0x0)
MaxCount=2028 (0x7ec)
MinCount=2028 (0x7ec)
TimeOut=-1 (0xffffffff)
CountLeft=2028 (0x7ec)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=0
10:00:04.224575 IP (tos 0x8, ttl 64, id 35553, offset 0, flags [DF], proto TCP (6), length 1500)
192.168.0.58.445 > 192.168.1.110.49276: Flags [.], cksum 0xf7b6 (correct), seq 2217:3677, ack 1725, win 5086, length 1460WARNING: Packet is continued in later TCP segments
SMB PACKET: SMBreadX (REPLY)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13120 (0x3340)
Word Count = 12 (0xc)
Com2=0xFF
Off2=0 (0x0)
Remaining=0 (0x0)
Res=0x0
DataSize=2028 (0x7ec)
DataOff=59 (0x3b)
Res=(0x0,0x0,0x0,0x0)
Data: (2 bytes)
[000] EC 07 \0xec\0x07
smb_bcc=2028
smb_buf[]=
[000] 6C 00 65 00 73 00 20 00 72 00 65 00 6C 00 61 00 l\0x00e\0x00s\0x00 \0x00 r\0x00e\0x00l\0x00a\0x00
[010] 74 00 65 00 64 00 20 00 74 00 6F 00 20 00 74 00 t\0x00e\0x00d\0x00 \0x00 t\0x00o\0x00 \0x00t\0x00
[020] 68 00 65 00 20 00 63 00 61 00 65 00 2F 00 6D 00 h\0x00e\0x00 \0x00c\0x00 a\0x00e\0x00/\0x00m\0x00
[030] 74 00 6C 00 5F 00 63 00 6F 00 72 00 65 00 2F 00 t\0x00l\0x00_\0x00c\0x00 o\0x00r\0x00e\0x00/\0x00
[040] 69 00 73 00 73 00 20 00 70 00 72 00 6F 00 6A 00 i\0x00s\0x00s\0x00 \0x00 p\0x00r\0x00o\0x00j\0x00
[050] 65 00 63 00 74 00 00 00 0A 00 00 00 00 00 00 00 e\0x00c\0x00t\0x00\0x00\0x00 \0x0a\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[060] 0A 00 00 00 61 00 31 00 30 00 39 00 2D 00 70 00 \0x0a\0x00\0x00\0x00a\0x001\0x00 0\0x009\0x00-\0x00p\0x00
[070] 6F 00 72 00 74 00 00 00 27 00 00 00 00 00 00 00 o\0x00r\0x00t\0x00\0x00\0x00 '\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[080] 27 00 00 00 46 00 69 00 6C 00 65 00 73 00 20 00 '\0x00\0x00\0x00F\0x00i\0x00 l\0x00e\0x00s\0x00 \0x00
[090] 72 00 65 00 6C 00 61 00 74 00 65 00 64 00 20 00 r\0x00e\0x00l\0x00a\0x00 t\0x00e\0x00d\0x00 \0x00
[0A0] 74 00 6F 00 20 00 74 00 68 00 65 00 20 00 61 00 t\0x00o\0x00 \0x00t\0x00 h\0x00e\0x00 \0x00a\0x00
[0B0] 31 00 30 00 39 00 2D 00 70 00 6F 00 72 00 74 00 1\0x000\0x009\0x00-\0x00 p\0x00o\0x00r\0x00t\0x00
[0C0] 20 00 70 00 72 00 6F 00 6A 00 65 00 63 00 74 00 \0x00p\0x00r\0x00o\0x00 j\0x00e\0x00c\0x00t\0x00
[0D0] 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 00 \0x00\0x00\0x00\0x00\0x04\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x04\0x00\0x00\0x00
[0E0] 67 00 6F 00 6D 00 00 00 3C 00 00 00 00 00 00 00 g\0x00o\0x00m\0x00\0x00\0x00 <\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[0F0] 3C 00 00 00 46 00 69 00 6C 00 65 00 73 00 20 00 <\0x00\0x00\0x00F\0x00i\0x00 l\0x00e\0x00s\0x00 \0x00
[100] 72 00 65 00 6C 00 61 00 74 00 65 00 64 00 20 00 r\0x00e\0x00l\0x00a\0x00 t\0x00e\0x00d\0x00 \0x00
[110] 74 00 6F 00 20 00 4D 00 6F 00 6E 00 74 00 72 00 t\0x00o\0x00 \0x00M\0x00 o\0x00n\0x00t\0x00r\0x00
[120] 65 00 61 00 6C 00 20 00 27 00 47 00 4F 00 4D 00 e\0x00a\0x00l\0x00 \0x00 '\0x00G\0x00O\0x00M\0x00
[130] 27 00 20 00 70 00 72 00 6F 00 63 00 65 00 73 00 '\0x00 \0x00p\0x00r\0x00 o\0x00c\0x00e\0x00s\0x00
[140] 73 00 20 00 69 00 6D 00 70 00 72 00 6F 00 76 00 s\0x00 \0x00i\0x00m\0x00 p\0x00r\0x00o\0x00v\0x00
[150] 65 00 6D 00 65 00 6E 00 74 00 20 00 70 00 72 00 e\0x00m\0x00e\0x00n\0x00 t\0x00 \0x00p\0x00r\0x00
[160] 6F 00 6A 00 65 00 63 00 74 00 00 00 09 00 00 00 o\0x00j\0x00e\0x00c\0x00 t\0x00\0x00\0x00\0x09\0x00\0x00\0x00
[170] 00 00 00 00 09 00 00 00 63 00 64 00 62 00 2D 00 \0x00\0x00\0x00\0x00\0x09\0x00\0x00\0x00 c\0x00d\0x00b\0x00-\0x00
[180] 6D 00 61 00 6C 00 69 00 00 00 00 00 2C 00 00 00 m\0x00a\0x00l\0x00i\0x00 \0x00\0x00\0x00\0x00,\0x00\0x00\0x00
[190] 00 00 00 00 2C 00 00 00 46 00 69 00 6C 00 65 00 \0x00\0x00\0x00\0x00,\0x00\0x00\0x00 F\0x00i\0x00l\0x00e\0x00
[1A0] 73 00 20 00 72 00 65 00 6C 00 61 00 74 00 65 00 s\0x00 \0x00r\0x00e\0x00 l\0x00a\0x00t\0x00e\0x00
[1B0] 64 00 20 00 74 00 6F 00 20 00 63 00 61 00 65 00 d\0x00 \0x00t\0x00o\0x00 \0x00c\0x00a\0x00e\0x00
[1C0] 2F 00 70 00 72 00 65 00 73 00 61 00 67 00 69 00 /\0x00p\0x00r\0x00e\0x00 s\0x00a\0x00g\0x00i\0x00
[1D0] 73 00 2F 00 71 00 61 00 74 00 61 00 72 00 2D 00 s\0x00/\0x00q\0x00a\0x00 t\0x00a\0x00r\0x00-\0x00
[1E0] 75 00 70 00 67 00 72 00 61 00 64 00 65 00 00 00 u\0x00p\0x00g\0x00r\0x00 a\0x00d\0x00e\0x00\0x00\0x00
[1F0] 0E 00 00 00 00 00 00 00 0E 00 00 00 71 00 61 00 \0x0e\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x0e\0x00\0x00\0x00q\0x00a\0x00
[200] 74 00 61 00 72 00 2D 00 75 00 70 00 67 00 72 00 t\0x00a\0x00r\0x00-\0x00 u\0x00p\0x00g\0x00r\0x00
[210] 61 00 64 00 65 00 00 00 2C 00 00 00 00 00 00 00 a\0x00d\0x00e\0x00\0x00\0x00 ,\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[220] 2C 00 00 00 46 00 69 00 6C 00 65 00 73 00 20 00 ,\0x00\0x00\0x00F\0x00i\0x00 l\0x00e\0x00s\0x00 \0x00
[230] 72 00 65 00 6C 00 61 00 74 00 65 00 64 00 20 00 r\0x00e\0x00l\0x00a\0x00 t\0x00e\0x00d\0x00 \0x00
[240] 74 00 6F 00 20 00 63 00 61 00 65 00 2F 00 70 00 t\0x00o\0x00 \0x00c\0x00 a\0x00e\0x00/\0x00p\0x00
[250] 72 00 65 00 73 00 61 00 67 00 69 00 73 00 2F 00 r\0x00e\0x00s\0x00a\0x00 g\0x00i\0x00s\0x00/\0x00
[260] 71 00 61 00 74 00 61 00 72 00 2D 00 75 00 70 00 q\0x00a\0x00t\0x00a\0x00 r\0x00-\0x00u\0x00p\0x00
[270] 67 00 72 00 61 00 64 00 65 00 00 00 09 00 00 00 g\0x00r\0x00a\0x00d\0x00 e\0x00\0x00\0x00\0x09\0x00\0x00\0x00
[280] 00 00 00 00 09 00 00 00 63 00 31 00 36 00 30 00 \0x00\0x00\0x00\0x00\0x09\0x00\0x00\0x00 c\0x001\0x006\0x000\0x00
[290] 2D 00 6E 00 76 00 67 00 00 00 00 00 2B 00 00 00 -\0x00n\0x00v\0x00g\0x00 \0x00\0x00\0x00\0x00+\0x00\0x00\0x00
[2A0] 00 00 00 00 2B 00 00 00 54 00 65 00 6D 00 70 00 \0x00\0x00\0x00\0x00+\0x00\0x00\0x00 T\0x00e\0x00m\0x00p\0x00
[2B0] 6F 00 72 00 61 00 72 00 79 00 20 00 73 00 68 00 o\0x00r\0x00a\0x00r\0x00 y\0x00 \0x00s\0x00h\0x00
[2C0] 61 00 72 00 65 00 20 00 6F 00 66 00 20 00 63 00 a\0x00r\0x00e\0x00 \0x00 o\0x00f\0x00 \0x00c\0x00
[2D0] 31 00 36 00 30 00 2D 00 6E 00 76 00 67 00 20 00 1\0x006\0x000\0x00-\0x00 n\0x00v\0x00g\0x00 \0x00
[2E0] 69 00 6E 00 63 00 6F 00 6D 00 69 00 6E 00 67 00 i\0x00n\0x00c\0x00o\0x00 m\0x00i\0x00n\0x00g\0x00
[2F0] 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 00 00 \0x00f\0x00i\0x00l\0x00 e\0x00s\0x00\0x00\0x00\0x00\0x00
[300] 09 00 00 00 00 00 00 00 09 00 00 00 74 00 65 00 \0x09\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x09\0x00\0x00\0x00t\0x00e\0x00
[310] 78 00 74 00 75 00 72 00 65 00 73 00 00 00 00 00 x\0x00t\0x00u\0x00r\0x00 e\0x00s\0x00\0x00\0x00\0x00\0x00
[320] 4B 00 00 00 00 00 00 00 4B 00 00 00 52 00 65 00 K\0x00\0x00\0x00\0x00\0x00\0x00\0x00 K\0x00\0x00\0x00R\0x00e\0x00
[330] 70 00 6F 00 73 00 69 00 74 00 6F 00 72 00 79 00 p\0x00o\0x00s\0x00i\0x00 t\0x00o\0x00r\0x00y\0x00
[340] 20 00 6F 00 66 00 20 00 61 00 70 00 70 00 72 00 \0x00o\0x00f\0x00 \0x00 a\0x00p\0x00p\0x00r\0x00
[350] 6F 00 70 00 72 00 69 00 61 00 74 00 65 00 6C 00 o\0x00p\0x00r\0x00i\0x00 a\0x00t\0x00e\0x00l\0x00
[360] 79 00 20 00 6C 00 69 00 63 00 65 00 6E 00 73 00 y\0x00 \0x00l\0x00i\0x00 c\0x00e\0x00n\0x00s\0x00
[370] 65 00 64 00 20 00 74 00 65 00 78 00 74 00 75 00 e\0x00d\0x00 \0x00t\0x00 e\0x00x\0x00t\0x00u\0x00
[380] 72 00 65 00 73 00 20 00 66 00 6F 00 72 00 20 00 r\0x00e\0x00s\0x00 \0x00 f\0x00o\0x00r\0x00 \0x00
[390] 75 00 73 00 65 00 20 00 69 00 6E 00 20 00 67 00 u\0x00s\0x00e\0x00 \0x00 i\0x00n\0x00 \0x00g\0x00
[3A0] 72 00 61 00 70 00 68 00 69 00 63 00 73 00 20 00 r\0x00a\0x00p\0x00h\0x00 i\0x00c\0x00s\0x00 \0x00
[3B0] 70 00 72 00 6F 00 6A 00 65 00 63 00 74 00 73 00 p\0x00r\0x00o\0x00j\0x00 e\0x00c\0x00t\0x00s\0x00
[3C0] 00 00 00 00 12 00 00 00 00 00 00 00 12 00 00 00 \0x00\0x00\0x00\0x00\0x12\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x12\0x00\0x00\0x00
[3D0] 6C 00 69 00 74 00 68 00 6F 00 73 00 2D 00 63 00 l\0x00i\0x00t\0x00h\0x00 o\0x00s\0x00-\0x00c\0x00
[3E0] 64 00 62 00 2D 00 66 00 72 00 61 00 6E 00 63 00 d\0x00b\0x00-\0x00f\0x00 r\0x00a\0x00n\0x00c\0x00
[3F0] 65 00 00 00 21 00 00 00 00 00 00 00 21 00 00 00 e\0x00\0x00\0x00!\0x00\0x00\0x00 \0x00\0x00\0x00\0x00!\0x00\0x00\0x00
[400] 46 00 72 00 61 00 6E 00 63 00 65 00 20 00 43 00 F\0x00r\0x00a\0x00n\0x00 c\0x00e\0x00 \0x00C\0x00
[410] 44 00 42 00 20 00 70 00 72 00 6F 00 6A 00 65 00 D\0x00B\0x00 \0x00p\0x00 r\0x00o\0x00j\0x00e\0x00
[420] 63 00 74 00 20 00 72 00 65 00 6C 00 61 00 74 00 c\0x00t\0x00 \0x00r\0x00 e\0x00l\0x00a\0x00t\0x00
[430] 65 00 64 00 20 00 66 00 69 00 6C 00 65 00 73 00 e\0x00d\0x00 \0x00f\0x00 i\0x00l\0x00e\0x00s\0x00
[440] 00 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 \0x00\0x00\0x00\0x00\0x15\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x15\0x00\0x00\0x00
[450] 6C 00 69 00 74 00 68 00 6F 00 73 00 2D 00 63 00 l\0x00i\0x00t\0x00h\0x00 o\0x00s\0x00-\0x00c\0x00
[460] 64 00 62 00 2D 00 61 00 75 00 73 00 74 00 72 00 d\0x00b\0x00-\0x00a\0x00 u\0x00s\0x00t\0x00r\0x00
[470] 61 00 6C 00 69 00 61 00 00 00 00 00 24 00 00 00 a\0x00l\0x00i\0x00a\0x00 \0x00\0x00\0x00\0x00$\0x00\0x00\0x00
[480] 00 00 00 00 24 00 00 00 41 00 75 00 73 00 74 00 \0x00\0x00\0x00\0x00$\0x00\0x00\0x00 A\0x00u\0x00s\0x00t\0x00
[490] 72 00 61 00 6C 00 69 00 61 00 20 00 43 00 44 00 r\0x00a\0x00l\0x00i\0x00 a\0x00 \0x00C\0x00D\0x00
[4A0] 42 00 20 00 70 00 72 00 6F 00 6A 00 65 00 63 00 B\0x00 \0x00p\0x00r\0x00 o\0x00j\0x00e\0x00c\0x00
[4B0] 74 00 20 00 72 00 65 00 6C 00 61 00 74 00 65 00 t\0x00 \0x00r\0x00e\0x00 l\0x00a\0x00t\0x00e\0x00
[4C0] 64 00 20 00 66 00 69 00 6C 00 65 00 73 00 00 00 d\0x00 \0x00f\0x00i\0x00 l\0x00e\0x00s\0x00\0x00\0x00
[4D0] 08 00 00 00 00 00 00 00 08 00 00 00 67 00 61 00 \0x08\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x08\0x00\0x00\0x00g\0x00a\0x00
[4E0] 6C 00 6C 00 65 00 72 00 79 00 00 00 23 00 00 00 l\0x00l\0x00e\0x00r\0x00 y\0x00\0x00\0x00#\0x00\0x00\0x00
[4F0] 00 00 00 00 23 00 00 00 68 00 74 00 74 00 70 00 \0x00\0x00\0x00\0x00#\0x00\0x00\0x00 h\0x00t\0x00t\0x00p\0x00
[500] 3A 00 2F 00 2F 00 67 00 61 00 6C 00 6C 00 65 00 :\0x00/\0x00/\0x00g\0x00 a\0x00l\0x00l\0x00e\0x00
[510] 72 00 79 00 2E 00 63 00 61 00 65 00 2D 00 65 00 r\0x00y\0x00.\0x00c\0x00 a\0x00e\0x00-\0x00e\0x00
[520] 6E 00 67 00 69 00 6E 00 65 00 65 00 72 00 69 00 n\0x00g\0x00i\0x00n\0x00 e\0x00e\0x00r\0x00i\0x00
[530] 6E 00 67 00 2E 00 68 00 75 00 2F 00 00 00 00 00 n\0x00g\0x00.\0x00h\0x00 u\0x00/\0x00\0x00\0x00\0x00\0x00
[540] 09 00 00 00 00 00 00 00 09 00 00 00 6E 00 65 00 \0x09\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x09\0x00\0x00\0x00n\0x00e\0x00
[550] 74 00 6C 00 6F 00 67 00 6F 00 6E 00 00 00 00 00 t\0x00l\0x00o\0x00g\0x00 o\0x00n\0x00\0x00\0x00\0x00\0x00
[560] 0E 00 00 00 00 00 00 00 0E 00 00 00 6C 00 6F 00 \0x0e\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x0e\0x00\0x00\0x00l\0x00o\0x00
[570] 67 00 69 00 6E g\0x00i\0x00n
10:00:04.224648 IP (tos 0x8, ttl 64, id 35554, offset 0, flags [DF], proto TCP (6), length 671)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc595 (correct), seq 3677:4308, ack 1725, win 5086, length 631SMB-over-TCP packet:(raw data or continuation?)
10:00:04.224668 IP (tos 0x0, ttl 128, id 7413, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->840e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xebd1), seq 1725, ack 4308, win 16425, length 0
10:00:04.224899 IP (tos 0x0, ttl 128, id 7414, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->83e0)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x66e2), seq 1725:1770, ack 4308, win 16425, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13184 (0x3380)
Word Count = 3 (0x3)
Handle=17384 (0x43e8)
Time=NULL
smb_bcc=0
10:00:04.225045 IP (tos 0x8, ttl 64, id 35555, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdd84 (correct), seq 4308:4347, ack 1770, win 5086, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13184 (0x3380)
Word Count = 0 (0x0)
smb_bcc=0
10:00:04.316703 IP (tos 0x0, ttl 128, id 7426, offset 0, flags [DF], proto TCP (6), length 156, bad cksum 0 (->838d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a5b (incorrect -> 0x640d), seq 1770:1886, ack 4347, win 16415, length 116
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13248 (0x33c0)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=44 data_length=0
TotParam=44 (0x2c)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=44 (0x2c)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=47
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x61, 0x31)
Path=09-portData=
10:00:04.316716 IP (tos 0x0, ttl 128, id 7427, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->838e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0x9da3), seq 1886:2000, ack 4347, win 16415, length 114
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13313 (0x3401)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=42 data_length=0
TotParam=42 (0x2a)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=42 (0x2a)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=45
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x63, 0x31)
Path=60-nvgData=
10:00:04.316911 IP (tos 0x0, ttl 128, id 7428, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->838d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0xd530), seq 2000:2114, ack 4347, win 16415, length 114
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13378 (0x3442)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=42 data_length=0
TotParam=42 (0x2a)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=42 (0x2a)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=45
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x63, 0x64)
Path=b-maliData=
10:00:04.316999 IP (tos 0x8, ttl 64, id 35556, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x544f (correct), seq 4347:4386, ack 2000, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13248 (0x33c0)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.317100 IP (tos 0x0, ttl 128, id 7429, offset 0, flags [DF], proto TCP (6), length 138, bad cksum 0 (->839c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a49 (incorrect -> 0x5d82), seq 2114:2212, ack 4386, win 16405, length 98
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13440 (0x3480)
Word Count = 4 (0x4)
Com2=0xFF
Off2=94 (0x5e)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=51
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 41 00 31 00 30 00 39 \0x00L\0x00E\0x00S\0x00\ \0x00A\0x001\0x000\0x009
[020] 00 2D 00 50 00 4F 00 52 00 54 00 00 00 3F 3F 3F \0x00-\0x00P\0x00O\0x00R \0x00T\0x00\0x00\0x00???
[030] 3F 3F 00 ??\0x00
10:00:04.317201 IP (tos 0x8, ttl 64, id 35557, offset 0, flags [DF], proto TCP (6), length 118)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xace8 (correct), seq 4386:4464, ack 2212, win 5086, length 78
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13313 (0x3401)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.317265 IP (tos 0x0, ttl 128, id 7430, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->8395)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0x1d38), seq 2212:2316, ack 4464, win 16386, length 104
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13506 (0x34c2)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=32 data_length=0
TotParam=32 (0x20)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=32 (0x20)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=35
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x63, 0x67)
Path=fData=
10:00:04.317293 IP (tos 0x0, ttl 128, id 7431, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->839c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0x3685), seq 2316:2412, ack 4464, win 16386, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13569 (0x3501)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 31 00 36 00 30 \0x00L\0x00E\0x00S\0x00\ \0x00C\0x001\0x006\0x000
[020] 00 2D 00 4E 00 56 00 47 00 00 00 3F 3F 3F 3F 3F \0x00-\0x00N\0x00V\0x00G \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.317312 IP (tos 0x0, ttl 128, id 7432, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->839b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0xcd24), seq 2412:2508, ack 4464, win 16386, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13635 (0x3543)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 44 00 42 00 2D \0x00L\0x00E\0x00S\0x00\ \0x00C\0x00D\0x00B\0x00-
[020] 00 4D 00 41 00 4C 00 49 00 00 00 3F 3F 3F 3F 3F \0x00M\0x00A\0x00L\0x00I \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.318478 IP (tos 0x8, ttl 64, id 35558, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xa9e2 (correct), seq 4464:4503, ack 2508, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13440 (0x3480)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.318554 IP (tos 0x0, ttl 128, id 7433, offset 0, flags [DF], proto TCP (6), length 138, bad cksum 0 (->8398)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a49 (incorrect -> 0x5b9f), seq 2508:2606, ack 4503, win 16376, length 98
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13696 (0x3580)
Word Count = 4 (0x4)
Com2=0xFF
Off2=94 (0x5e)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=51
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 41 00 31 00 30 00 39 \0x00L\0x00E\0x00S\0x00\ \0x00A\0x001\0x000\0x009
[020] 00 2D 00 50 00 4F 00 52 00 54 00 00 00 3F 3F 3F \0x00-\0x00P\0x00O\0x00R \0x00T\0x00\0x00\0x00???
[030] 3F 3F 00 ??\0x00
10:00:04.318654 IP (tos 0x8, ttl 64, id 35559, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x4f54 (correct), seq 4503:4542, ack 2606, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13506 (0x34c2)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.318750 IP (tos 0x0, ttl 128, id 7434, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->83a3)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0x9651), seq 2606:2692, ack 4542, win 16366, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13762 (0x35c2)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 47 00 46 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00C\0x00G\0x00F\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.320186 IP (tos 0x8, ttl 64, id 35560, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x27dc (correct), seq 4542:4581, ack 2692, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13569 (0x3501)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.320266 IP (tos 0x0, ttl 128, id 7435, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->8398)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0x34b5), seq 2692:2788, ack 4581, win 16356, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13825 (0x3601)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 31 00 36 00 30 \0x00L\0x00E\0x00S\0x00\ \0x00C\0x001\0x006\0x000
[020] 00 2D 00 4E 00 56 00 47 00 00 00 3F 3F 3F 3F 3F \0x00-\0x00N\0x00V\0x00G \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.321748 IP (tos 0x8, ttl 64, id 35561, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xe554 (correct), seq 4581:4620, ack 2788, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13635 (0x3543)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.335911 IP (tos 0x0, ttl 128, id 7436, offset 0, flags [DF], proto TCP (6), length 148, bad cksum 0 (->838b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a53 (incorrect -> 0xa06c), seq 2788:2896, ack 4620, win 16347, length 108
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13891 (0x3643)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=36 data_length=0
TotParam=36 (0x24)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=36 (0x24)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=39
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x77, 0x61)
Path=rezData=
10:00:04.336023 IP (tos 0x8, ttl 64, id 35562, offset 0, flags [DF], proto TCP (6), length 157)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5a65 (correct), seq 4620:4737, ack 2896, win 5086, length 117
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13696 (0x3580)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.336147 IP (tos 0x0, ttl 128, id 7437, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->8396)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0x8c73), seq 2896:2992, ack 4737, win 16317, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13953 (0x3681)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 44 00 42 00 2D \0x00L\0x00E\0x00S\0x00\ \0x00C\0x00D\0x00B\0x00-
[020] 00 4D 00 41 00 4C 00 49 00 00 00 3F 3F 3F 3F 3F \0x00M\0x00A\0x00L\0x00I \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.336163 IP (tos 0x0, ttl 128, id 7438, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->839f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0x943c), seq 2992:3078, ack 4737, win 16317, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14018 (0x36c2)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 43 00 47 00 46 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00C\0x00G\0x00F\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.336309 IP (tos 0x8, ttl 64, id 35563, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xcbe6 (correct), seq 4737:4776, ack 2992, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 13891 (0x3643)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.336417 IP (tos 0x0, ttl 128, id 7439, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->839a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x99b7), seq 3078:3168, ack 4776, win 16308, length 90
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14083 (0x3703)
Word Count = 4 (0x4)
Com2=0xFF
Off2=86 (0x56)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=43
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 57 00 41 00 52 00 45 \0x00L\0x00E\0x00S\0x00\ \0x00W\0x00A\0x00R\0x00E
[020] 00 5A 00 00 00 3F 3F 3F 3F 3F 00 \0x00Z\0x00\0x00\0x00??? ??\0x00
10:00:04.337648 IP (tos 0x8, ttl 64, id 35564, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xa514 (correct), seq 4776:4815, ack 3168, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 13953 (0x3681)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.542621 IP (tos 0x0, ttl 128, id 7440, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->83f3)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xe4b2), seq 3168, ack 4815, win 16298, length 0
10:00:04.542772 IP (tos 0x8, ttl 64, id 35565, offset 0, flags [DF], proto TCP (6), length 145)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9aec (correct), seq 4815:4920, ack 3168, win 5086, length 105
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14018 (0x36c2)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.545487 IP (tos 0x0, ttl 128, id 7441, offset 0, flags [DF], proto TCP (6), length 148, bad cksum 0 (->8386)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a53 (incorrect -> 0xa8a6), seq 3168:3276, ack 4920, win 16272, length 108
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14147 (0x3743)
Word Count = 4 (0x4)
Com2=0xFF
Off2=104 (0x68)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=61
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 56 00 49 00 53 00 55 \0x00L\0x00E\0x00S\0x00\ \0x00V\0x00I\0x00S\0x00U
[020] 00 41 00 4C 00 2D 00 53 00 59 00 53 00 54 00 45 \0x00A\0x00L\0x00-\0x00S \0x00Y\0x00S\0x00T\0x00E
[030] 00 4D 00 53 00 00 00 3F 3F 3F 3F 3F 00 \0x00M\0x00S\0x00\0x00\0x00? ????\0x00
10:00:04.553520 IP (tos 0x8, ttl 64, id 35566, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0f93 (correct), seq 4920:4986, ack 3276, win 5086, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14147 (0x3743)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.559218 IP (tos 0x0, ttl 128, id 7442, offset 0, flags [DF], proto TCP (6), length 152, bad cksum 0 (->8381)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a57 (incorrect -> 0x815c), seq 3276:3388, ack 4986, win 16255, length 112
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14211 (0x3783)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=40 data_length=0
TotParam=40 (0x28)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=40 (0x28)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=43
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x74, 0x72)
Path=ansitData=
10:00:04.559540 IP (tos 0x8, ttl 64, id 35567, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8960 (correct), seq 4986:5025, ack 3388, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14211 (0x3783)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.559826 IP (tos 0x0, ttl 128, id 7443, offset 0, flags [DF], proto TCP (6), length 134, bad cksum 0 (->8392)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a45 (incorrect -> 0x3bb6), seq 3388:3482, ack 5025, win 16245, length 94
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14275 (0x37c3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=90 (0x5a)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=47
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 54 00 52 00 41 00 4E \0x00L\0x00E\0x00S\0x00\ \0x00T\0x00R\0x00A\0x00N
[020] 00 53 00 49 00 54 00 00 00 3F 3F 3F 3F 3F 00 \0x00S\0x00I\0x00T\0x00\0x00 \0x00?????\0x00
10:00:04.572890 IP (tos 0x8, ttl 64, id 35568, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8d53 (correct), seq 5025:5091, ack 3482, win 5086, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14275 (0x37c3)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 0D 00 FF 01 1F 10 00 00 00 00 \0x0d\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.575460 IP (tos 0x0, ttl 128, id 7444, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->838f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0x9c1d), seq 3482:3578, ack 5091, win 16229, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14339 (0x3803)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 54 00 45 00 58 00 54 \0x00L\0x00E\0x00S\0x00\ \0x00T\0x00E\0x00X\0x00T
[020] 00 55 00 52 00 45 00 53 00 00 00 3F 3F 3F 3F 3F \0x00U\0x00R\0x00E\0x00S \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.582064 IP (tos 0x8, ttl 64, id 35569, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x4bb9 (correct), seq 5091:5157, ack 3578, win 5086, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14339 (0x3803)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.585781 IP (tos 0x0, ttl 128, id 7445, offset 0, flags [DF], proto TCP (6), length 164, bad cksum 0 (->8372)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a63 (incorrect -> 0x966f), seq 3578:3702, ack 5157, win 16212, length 124
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14403 (0x3843)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=52 data_length=0
TotParam=52 (0x34)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=52 (0x34)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=55
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x71, 0x61)
Path=tar-upgradeData=
10:00:04.586058 IP (tos 0x8, ttl 64, id 35570, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc77a (correct), seq 5157:5196, ack 3702, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14403 (0x3843)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.586348 IP (tos 0x0, ttl 128, id 7446, offset 0, flags [DF], proto TCP (6), length 146, bad cksum 0 (->8383)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a51 (incorrect -> 0xf0c8), seq 3702:3808, ack 5196, win 16203, length 106
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14467 (0x3883)
Word Count = 4 (0x4)
Com2=0xFF
Off2=102 (0x66)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=59
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 51 00 41 00 54 00 41 \0x00L\0x00E\0x00S\0x00\ \0x00Q\0x00A\0x00T\0x00A
[020] 00 52 00 2D 00 55 00 50 00 47 00 52 00 41 00 44 \0x00R\0x00-\0x00U\0x00P \0x00G\0x00R\0x00A\0x00D
[030] 00 45 00 00 00 3F 3F 3F 3F 3F 00 \0x00E\0x00\0x00\0x00??? ??\0x00
10:00:04.588217 IP (tos 0x8, ttl 64, id 35571, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9eee (correct), seq 5196:5235, ack 3808, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14467 (0x3883)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.588582 IP (tos 0x0, ttl 128, id 7447, offset 0, flags [DF], proto TCP (6), length 146, bad cksum 0 (->8382)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a51 (incorrect -> 0xb041), seq 3808:3914, ack 5235, win 16193, length 106
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14531 (0x38c3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=102 (0x66)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=59
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 51 00 41 00 54 00 41 \0x00L\0x00E\0x00S\0x00\ \0x00Q\0x00A\0x00T\0x00A
[020] 00 52 00 2D 00 55 00 50 00 47 00 52 00 41 00 44 \0x00R\0x00-\0x00U\0x00P \0x00G\0x00R\0x00A\0x00D
[030] 00 45 00 00 00 3F 3F 3F 3F 3F 00 \0x00E\0x00\0x00\0x00??? ??\0x00
10:00:04.590070 IP (tos 0x8, ttl 64, id 35572, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5e5d (correct), seq 5235:5274, ack 3914, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14531 (0x38c3)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.592598 IP (tos 0x0, ttl 128, id 7448, offset 0, flags [DF], proto TCP (6), length 150, bad cksum 0 (->837d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a55 (incorrect -> 0x970f), seq 3914:4024, ack 5274, win 16183, length 110
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14595 (0x3903)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=38 data_length=0
TotParam=38 (0x26)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=38 (0x26)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=41
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x6F, 0x66)
Path=ficeData=
10:00:04.592864 IP (tos 0x8, ttl 64, id 35573, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x05c3 (correct), seq 5274:5313, ack 4024, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14595 (0x3903)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.593142 IP (tos 0x0, ttl 128, id 7449, offset 0, flags [DF], proto TCP (6), length 132, bad cksum 0 (->838e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a43 (incorrect -> 0x3169), seq 4024:4116, ack 5313, win 16173, length 92
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14659 (0x3943)
Word Count = 4 (0x4)
Com2=0xFF
Off2=88 (0x58)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=45
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4F 00 46 00 46 00 49 \0x00L\0x00E\0x00S\0x00\ \0x00O\0x00F\0x00F\0x00I
[020] 00 43 00 45 00 00 00 3F 3F 3F 3F 3F 00 \0x00C\0x00E\0x00\0x00\0x00? ????\0x00
10:00:04.594533 IP (tos 0x8, ttl 64, id 35574, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdd44 (correct), seq 5313:5352, ack 4116, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14659 (0x3943)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.594898 IP (tos 0x0, ttl 128, id 7450, offset 0, flags [DF], proto TCP (6), length 132, bad cksum 0 (->838d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a43 (incorrect -> 0xf0ee), seq 4116:4208, ack 5352, win 16164, length 92
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14723 (0x3983)
Word Count = 4 (0x4)
Com2=0xFF
Off2=88 (0x58)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=45
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4F 00 46 00 46 00 49 \0x00L\0x00E\0x00S\0x00\ \0x00O\0x00F\0x00F\0x00I
[020] 00 43 00 45 00 00 00 3F 3F 3F 3F 3F 00 \0x00C\0x00E\0x00\0x00\0x00? ????\0x00
10:00:04.596358 IP (tos 0x8, ttl 64, id 35575, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9cc1 (correct), seq 5352:5391, ack 4208, win 5086, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14723 (0x3983)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.599213 IP (tos 0x0, ttl 128, id 7451, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->8376)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0xdb7b), seq 4208:4322, ack 5391, win 16154, length 114
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14787 (0x39c3)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=42 data_length=0
TotParam=42 (0x2a)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=42 (0x2a)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=45
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x6E, 0x65)
Path=tlogonData=
10:00:04.599457 IP (tos 0x8, ttl 64, id 35576, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x4423 (correct), seq 5391:5430, ack 4322, win 5086, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14787 (0x39c3)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.599715 IP (tos 0x0, ttl 128, id 7452, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->8387)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0xb5d5), seq 4322:4418, ack 5430, win 16144, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14851 (0x3a03)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4E 00 45 00 54 00 4C \0x00L\0x00E\0x00S\0x00\ \0x00N\0x00E\0x00T\0x00L
[020] 00 4F 00 47 00 4F 00 4E 00 00 00 3F 3F 3F 3F 3F \0x00O\0x00G\0x00O\0x00N \0x00\0x00\0x00?????
[030] 00 \0x00
10:00:04.604529 IP (tos 0x8, ttl 64, id 35577, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x4614 (correct), seq 5430:5496, ack 4418, win 5086, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 6 (0x6)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14851 (0x3a03)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 0D 00 FF 01 1F 10 00 00 00 00 \0x0d\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.607063 IP (tos 0x0, ttl 128, id 7453, offset 0, flags [DF], proto TCP (6), length 172, bad cksum 0 (->8362)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a6b (incorrect -> 0x3afd), seq 4418:4550, ack 5496, win 16128, length 132
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14915 (0x3a43)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=60 data_length=0
TotParam=60 (0x3c)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=60 (0x3c)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=63
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x6C, 0x69)
Path=thos-cdb-franceData=
10:00:04.607377 IP (tos 0x8, ttl 64, id 35578, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc1a9 (correct), seq 5496:5535, ack 4550, win 5386, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 14915 (0x3a43)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.607638 IP (tos 0x0, ttl 128, id 7454, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->8373)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0xf557), seq 4550:4664, ack 5535, win 16118, length 114
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14979 (0x3a83)
Word Count = 4 (0x4)
Com2=0xFF
Off2=110 (0x6e)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=67
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4C 00 49 00 54 00 48 \0x00L\0x00E\0x00S\0x00\ \0x00L\0x00I\0x00T\0x00H
[020] 00 4F 00 53 00 2D 00 43 00 44 00 42 00 2D 00 46 \0x00O\0x00S\0x00-\0x00C \0x00D\0x00B\0x00-\0x00F
[030] 00 52 00 41 00 4E 00 43 00 45 00 00 00 3F 3F 3F \0x00R\0x00A\0x00N\0x00C \0x00E\0x00\0x00\0x00???
[040] 3F 3F 00 ??\0x00
10:00:04.609074 IP (tos 0x8, ttl 64, id 35579, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9915 (correct), seq 5535:5574, ack 4664, win 5386, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 14979 (0x3a83)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.609421 IP (tos 0x0, ttl 128, id 7455, offset 0, flags [DF], proto TCP (6), length 154, bad cksum 0 (->8372)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a59 (incorrect -> 0xb4c8), seq 4664:4778, ack 5574, win 16108, length 114
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15043 (0x3ac3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=110 (0x6e)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=67
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4C 00 49 00 54 00 48 \0x00L\0x00E\0x00S\0x00\ \0x00L\0x00I\0x00T\0x00H
[020] 00 4F 00 53 00 2D 00 43 00 44 00 42 00 2D 00 46 \0x00O\0x00S\0x00-\0x00C \0x00D\0x00B\0x00-\0x00F
[030] 00 52 00 41 00 4E 00 43 00 45 00 00 00 3F 3F 3F \0x00R\0x00A\0x00N\0x00C \0x00E\0x00\0x00\0x00???
[040] 3F 3F 00 ??\0x00
10:00:04.610786 IP (tos 0x8, ttl 64, id 35580, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x587c (correct), seq 5574:5613, ack 4778, win 5386, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15043 (0x3ac3)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
[2014/08/28 10:00:04.611339, 0] lib/access.c:338(allow_access) Denied connection from 192.168.1.110 (192.168.1.110)
[2014/08/28 10:00:04.616103, 0] lib/access.c:338(allow_access) Denied connection from 192.168.1.110 (192.168.1.110)
10:00:04.613292 IP (tos 0x0, ttl 128, id 7456, offset 0, flags [DF], proto TCP (6), length 178, bad cksum 0 (->8359)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a71 (incorrect -> 0x221e), seq 4778:4916, ack 5613, win 16098, length 138
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15107 (0x3b03)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=66 data_length=0
TotParam=66 (0x42)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=66 (0x42)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=69
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x6C, 0x69)
Path=thos-cdb-australiaData=
10:00:04.613575 IP (tos 0x8, ttl 64, id 35581, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xfe99 (correct), seq 5613:5652, ack 4916, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15107 (0x3b03)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.613858 IP (tos 0x0, ttl 128, id 7457, offset 0, flags [DF], proto TCP (6), length 160, bad cksum 0 (->836a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a5f (incorrect -> 0x3c78), seq 4916:5036, ack 5652, win 16089, length 120
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15171 (0x3b43)
Word Count = 4 (0x4)
Com2=0xFF
Off2=116 (0x74)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=73
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4C 00 49 00 54 00 48 \0x00L\0x00E\0x00S\0x00\ \0x00L\0x00I\0x00T\0x00H
[020] 00 4F 00 53 00 2D 00 43 00 44 00 42 00 2D 00 41 \0x00O\0x00S\0x00-\0x00C \0x00D\0x00B\0x00-\0x00A
[030] 00 55 00 53 00 54 00 52 00 41 00 4C 00 49 00 41 \0x00U\0x00S\0x00T\0x00R \0x00A\0x00L\0x00I\0x00A
[040] 00 00 00 3F 3F 3F 3F 3F 00 \0x00\0x00\0x00????? \0x00
10:00:04.615333 IP (tos 0x8, ttl 64, id 35582, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xd5ff (correct), seq 5652:5691, ack 5036, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15171 (0x3b43)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.615695 IP (tos 0x0, ttl 128, id 7458, offset 0, flags [DF], proto TCP (6), length 160, bad cksum 0 (->8369)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a5f (incorrect -> 0xfbe2), seq 5036:5156, ack 5691, win 16079, length 120
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15235 (0x3b83)
Word Count = 4 (0x4)
Com2=0xFF
Off2=116 (0x74)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=73
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 4C 00 49 00 54 00 48 \0x00L\0x00E\0x00S\0x00\ \0x00L\0x00I\0x00T\0x00H
[020] 00 4F 00 53 00 2D 00 43 00 44 00 42 00 2D 00 41 \0x00O\0x00S\0x00-\0x00C \0x00D\0x00B\0x00-\0x00A
[030] 00 55 00 53 00 54 00 52 00 41 00 4C 00 49 00 41 \0x00U\0x00S\0x00T\0x00R \0x00A\0x00L\0x00I\0x00A
[040] 00 00 00 3F 3F 3F 3F 3F 00 \0x00\0x00\0x00????? \0x00
10:00:04.617544 IP (tos 0x8, ttl 64, id 35583, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9560 (correct), seq 5691:5730, ack 5156, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15235 (0x3b83)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.620027 IP (tos 0x0, ttl 128, id 7459, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->8378)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0xedfb), seq 5156:5260, ack 5730, win 16069, length 104
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15299 (0x3bc3)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=32 data_length=0
TotParam=32 (0x20)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=32 (0x20)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=35
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x69, 0x73)
Path=sData=
10:00:04.620348 IP (tos 0x8, ttl 64, id 35584, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x3ccc (correct), seq 5730:5769, ack 5260, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15299 (0x3bc3)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.620625 IP (tos 0x0, ttl 128, id 7460, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->8389)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0x26e7), seq 5260:5346, ack 5769, win 16425, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15363 (0x3c03)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 53 00 53 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00S\0x00S\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.622037 IP (tos 0x8, ttl 64, id 35585, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1454 (correct), seq 5769:5808, ack 5346, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15363 (0x3c03)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.622399 IP (tos 0x0, ttl 128, id 7461, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->8388)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0xe673), seq 5346:5432, ack 5808, win 16415, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15427 (0x3c43)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 53 00 53 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00S\0x00S\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.623809 IP (tos 0x8, ttl 64, id 35586, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xd3d6 (correct), seq 5808:5847, ack 5432, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15427 (0x3c43)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.626354 IP (tos 0x0, ttl 128, id 7462, offset 0, flags [DF], proto TCP (6), length 160, bad cksum 0 (->8365)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a5f (incorrect -> 0x1dcf), seq 5432:5552, ack 5847, win 16405, length 120
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15491 (0x3c83)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=48 data_length=0
TotParam=48 (0x30)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=48 (0x30)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=51
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x69, 0x6C)
Path=ms-designData=
10:00:04.626615 IP (tos 0x8, ttl 64, id 35587, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7b32 (correct), seq 5847:5886, ack 5552, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15491 (0x3c83)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.626895 IP (tos 0x0, ttl 128, id 7463, offset 0, flags [DF], proto TCP (6), length 142, bad cksum 0 (->8376)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4d (incorrect -> 0x3829), seq 5552:5654, ack 5886, win 16395, length 102
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15555 (0x3cc3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=98 (0x62)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=55
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 4C 00 4D 00 53 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00L\0x00M\0x00S
[020] 00 2D 00 44 00 45 00 53 00 49 00 47 00 4E 00 00 \0x00-\0x00D\0x00E\0x00S \0x00I\0x00G\0x00N\0x00\0x00
[030] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.628344 IP (tos 0x8, ttl 64, id 35588, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x52aa (correct), seq 5886:5925, ack 5654, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15555 (0x3cc3)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.628706 IP (tos 0x0, ttl 128, id 7464, offset 0, flags [DF], proto TCP (6), length 142, bad cksum 0 (->8375)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4d (incorrect -> 0xf7a4), seq 5654:5756, ack 5925, win 16386, length 102
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15619 (0x3d03)
Word Count = 4 (0x4)
Com2=0xFF
Off2=98 (0x62)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=55
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 49 00 4C 00 4D 00 53 \0x00L\0x00E\0x00S\0x00\ \0x00I\0x00L\0x00M\0x00S
[020] 00 2D 00 44 00 45 00 53 00 49 00 47 00 4E 00 00 \0x00-\0x00D\0x00E\0x00S \0x00I\0x00G\0x00N\0x00\0x00
[030] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.630073 IP (tos 0x8, ttl 64, id 35589, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x121d (correct), seq 5925:5964, ack 5756, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15619 (0x3d03)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.632532 IP (tos 0x0, ttl 128, id 7465, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->8384)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0xf063), seq 5756:5842, ack 5964, win 16376, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15683 (0x3d43)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 47 00 4F 00 4D 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00G\0x00O\0x00M\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:00:04.640844 IP (tos 0x8, ttl 64, id 35590, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xfb1a (correct), seq 5964:6030, ack 5842, win 5686, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15683 (0x3d43)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.644389 IP (tos 0x0, ttl 128, id 7466, offset 0, flags [DF], proto TCP (6), length 152, bad cksum 0 (->8369)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a57 (incorrect -> 0x87d4), seq 5842:5954, ack 6030, win 16359, length 112
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15747 (0x3d83)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=40 data_length=0
TotParam=40 (0x28)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=40 (0x28)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=43
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x67, 0x61)
Path=lleryData=
10:00:04.644696 IP (tos 0x8, ttl 64, id 35591, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x78e8 (correct), seq 6030:6069, ack 5954, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15747 (0x3d83)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.644937 IP (tos 0x0, ttl 128, id 7467, offset 0, flags [DF], proto TCP (6), length 134, bad cksum 0 (->837a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a45 (incorrect -> 0x422d), seq 5954:6048, ack 6069, win 16350, length 94
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15811 (0x3dc3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=90 (0x5a)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=47
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 47 00 41 00 4C 00 4C \0x00L\0x00E\0x00S\0x00\ \0x00G\0x00A\0x00L\0x00L
[020] 00 45 00 52 00 59 00 00 00 3F 3F 3F 3F 3F 00 \0x00E\0x00R\0x00Y\0x00\0x00 \0x00?????\0x00
10:00:04.650358 IP (tos 0x8, ttl 64, id 35592, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x78db (correct), seq 6069:6135, ack 6048, win 5686, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 8 (0x8)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15811 (0x3dc3)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 0D 00 FF 01 1F 10 00 00 00 00 \0x0d\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:04.653167 IP (tos 0x0, ttl 128, id 7468, offset 0, flags [DF], proto TCP (6), length 164, bad cksum 0 (->835b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a63 (incorrect -> 0x5378), seq 6048:6172, ack 6135, win 16333, length 124
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15875 (0x3e03)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=52 data_length=0
TotParam=52 (0x34)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=52 (0x34)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=55
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x65, 0x78)
Path=portcontrolData=
10:00:04.653450 IP (tos 0x8, ttl 64, id 35593, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf7a4 (correct), seq 6135:6174, ack 6172, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 15875 (0x3e03)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.653653 IP (tos 0x0, ttl 128, id 7469, offset 0, flags [DF], proto TCP (6), length 146, bad cksum 0 (->836c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a51 (incorrect -> 0xcdd2), seq 6172:6278, ack 6174, win 16323, length 106
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15939 (0x3e43)
Word Count = 4 (0x4)
Com2=0xFF
Off2=102 (0x66)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=59
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 45 00 58 00 50 00 4F \0x00L\0x00E\0x00S\0x00\ \0x00E\0x00X\0x00P\0x00O
[020] 00 52 00 54 00 43 00 4F 00 4E 00 54 00 52 00 4F \0x00R\0x00T\0x00C\0x00O \0x00N\0x00T\0x00R\0x00O
[030] 00 4C 00 00 00 3F 3F 3F 3F 3F 00 \0x00L\0x00\0x00\0x00??? ??\0x00
10:00:04.655011 IP (tos 0x8, ttl 64, id 35594, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xcf18 (correct), seq 6174:6213, ack 6278, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 15939 (0x3e43)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.655330 IP (tos 0x0, ttl 128, id 7470, offset 0, flags [DF], proto TCP (6), length 146, bad cksum 0 (->836b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a51 (incorrect -> 0x8d4a), seq 6278:6384, ack 6213, win 16314, length 106
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16003 (0x3e83)
Word Count = 4 (0x4)
Com2=0xFF
Off2=102 (0x66)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=59
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 45 00 58 00 50 00 4F \0x00L\0x00E\0x00S\0x00\ \0x00E\0x00X\0x00P\0x00O
[020] 00 52 00 54 00 43 00 4F 00 4E 00 54 00 52 00 4F \0x00R\0x00T\0x00C\0x00O \0x00N\0x00T\0x00R\0x00O
[030] 00 4C 00 00 00 3F 3F 3F 3F 3F 00 \0x00L\0x00\0x00\0x00??? ??\0x00
10:00:04.656687 IP (tos 0x8, ttl 64, id 35595, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8e87 (correct), seq 6213:6252, ack 6384, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16003 (0x3e83)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.659140 IP (tos 0x0, ttl 128, id 7471, offset 0, flags [DF], proto TCP (6), length 150, bad cksum 0 (->8366)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a55 (incorrect -> 0xd218), seq 6384:6494, ack 6252, win 16304, length 110
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16067 (0x3ec3)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=38 data_length=0
TotParam=38 (0x26)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=38 (0x26)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=41
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x64, 0x65)
Path=bianData=
10:00:04.659446 IP (tos 0x8, ttl 64, id 35596, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x35ed (correct), seq 6252:6291, ack 6494, win 5686, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16067 (0x3ec3)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:04.659700 IP (tos 0x0, ttl 128, id 7472, offset 0, flags [DF], proto TCP (6), length 132, bad cksum 0 (->8377)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a43 (incorrect -> 0x6c72), seq 6494:6586, ack 6291, win 16294, length 92
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16131 (0x3f03)
Word Count = 4 (0x4)
Com2=0xFF
Off2=88 (0x58)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=45
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 44 00 45 00 42 00 49 \0x00L\0x00E\0x00S\0x00\ \0x00D\0x00E\0x00B\0x00I
[020] 00 41 00 4E 00 00 00 3F 3F 3F 3F 3F 00 \0x00A\0x00N\0x00\0x00\0x00? ????\0x00
10:00:04.661077 IP (tos 0x8, ttl 64, id 35597, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0d6f (correct), seq 6291:6330, ack 6586, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16131 (0x3f03)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.661398 IP (tos 0x0, ttl 128, id 7473, offset 0, flags [DF], proto TCP (6), length 132, bad cksum 0 (->8376)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a43 (incorrect -> 0x2bf9), seq 6586:6678, ack 6330, win 16284, length 92
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16195 (0x3f43)
Word Count = 4 (0x4)
Com2=0xFF
Off2=88 (0x58)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=45
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 44 00 45 00 42 00 49 \0x00L\0x00E\0x00S\0x00\ \0x00D\0x00E\0x00B\0x00I
[020] 00 41 00 4E 00 00 00 3F 3F 3F 3F 3F 00 \0x00A\0x00N\0x00\0x00\0x00? ????\0x00
10:00:04.662851 IP (tos 0x8, ttl 64, id 35598, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xcceb (correct), seq 6330:6369, ack 6678, win 5686, length 39
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x22
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16195 (0x3f43)
Word Count = 0 (0x0)
NTError = STATUS_ACCESS_DENIED
smb_bcc=0
10:00:04.862655 IP (tos 0x0, ttl 128, id 7487, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->83c4)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xd101), seq 6678, ack 6369, win 16275, length 0
10:00:11.046805 IP (tos 0x0, ttl 128, id 7648, offset 0, flags [DF], proto TCP (6), length 184, bad cksum 0 (->8293)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a77 (incorrect -> 0x21e9), seq 6678:6822, ack 6369, win 16275, length 144
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16259 (0x3f83)
Word Count = 15 (0xf)
TRANSACT2_OPEN param_length=72 data_length=0
TotParam=72 (0x48)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=4096 (0x1000)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=72 (0x48)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=75
Flags2=0x4
Mode=0x5C
SearchAttrib=HIDDEN DIR
Attrib=READONLY HIDDEN SYSTEM
Time=Mon Feb 25 00:02:42 1980
OFun=0x46
Size=4980809 (0x4c0049)
Res=(0x45, 0x53, 0x5C, 0x76, 0x69)
Path=sual-reports-incomingData=
10:00:11.047269 IP (tos 0x8, ttl 64, id 35599, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7303 (correct), seq 6369:6408, ack 6822, win 5986, length 39
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x25
Error code = 49152 (0xc000)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16259 (0x3f83)
Word Count = 0 (0x0)
NTError = STATUS_NOT_FOUND
TRANSACT2_OPEN
Trans2Interim
10:00:11.047377 IP (tos 0x0, ttl 128, id 7649, offset 0, flags [DF], proto TCP (6), length 166, bad cksum 0 (->82a4)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a65 (incorrect -> 0x9c44), seq 6822:6948, ack 6408, win 16265, length 126
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16323 (0x3fc3)
Word Count = 4 (0x4)
Com2=0xFF
Off2=122 (0x7a)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=79
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 56 00 49 00 53 00 55 \0x00L\0x00E\0x00S\0x00\ \0x00V\0x00I\0x00S\0x00U
[020] 00 41 00 4C 00 2D 00 52 00 45 00 50 00 4F 00 52 \0x00A\0x00L\0x00-\0x00R \0x00E\0x00P\0x00O\0x00R
[030] 00 54 00 53 00 2D 00 49 00 4E 00 43 00 4F 00 4D \0x00T\0x00S\0x00-\0x00I \0x00N\0x00C\0x00O\0x00M
[040] 00 49 00 4E 00 47 00 00 00 3F 3F 3F 3F 3F 00 \0x00I\0x00N\0x00G\0x00\0x00 \0x00?????\0x00
10:00:11.053548 IP (tos 0x8, ttl 64, id 35600, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x71d6 (correct), seq 6408:6474, ack 6948, win 5986, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 9 (0x9)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16323 (0x3fc3)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 0D 00 FF 01 1F 10 00 00 00 00 \0x0d\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:00:11.053789 IP (tos 0x0, ttl 128, id 7650, offset 0, flags [DF], proto TCP (6), length 120, bad cksum 0 (->82d1)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a37 (incorrect -> 0x84b6), seq 6948:7028, ack 6474, win 16248, length 80
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16387 (0x4003)
Word Count = 15 (0xf)
TRANSACT2_QPATHINFO param_length=8 data_length=0
TotParam=8 (0x8)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=40 (0x28)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=8 (0x8)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=11
Parameters=
Data: (8 bytes)
[000] EC 03 00 00 00 00 00 00 \0xec\0x03\0x00\0x00\0x00\0x00\0x00\0x00
Data=
10:00:11.054338 IP (tos 0x8, ttl 64, id 35601, offset 0, flags [DF], proto TCP (6), length 144)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x6941 (correct), seq 6474:6578, ack 7028, win 5986, length 104
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16387 (0x4003)
Word Count = 10 (0xa)
TRANSACT2_QPATHINFO param_length=2 data_length=40
TotParam=2 (0x2)
TotData=40 (0x28)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=40 (0x28)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=45
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (40 bytes)
[000] CC 2C 69 D4 9C A1 CF 01 CC 2C 69 D4 9C A1 CF 01 \0xcc,i\0xd4\0x9c\0xa1\0xcf\0x01 \0xcc,i\0xd4\0x9c\0xa1\0xcf\0x01
[010] 1B 88 3A AC CC C1 CF 01 1B 88 3A AC CC C1 CF 01 \0x1b\0x88:\0xac\0xcc\0xc1\0xcf\0x01 \0x1b\0x88:\0xac\0xcc\0xc1\0xcf\0x01
[020] 10 00 00 00 00 00 00 00 \0x10\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:11.054396 IP (tos 0x0, ttl 128, id 7651, offset 0, flags [DF], proto TCP (6), length 120, bad cksum 0 (->82d0)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a37 (incorrect -> 0x4328), seq 7028:7108, ack 6578, win 16222, length 80
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16451 (0x4043)
Word Count = 15 (0xf)
TRANSACT2_QPATHINFO param_length=8 data_length=0
TotParam=8 (0x8)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=8 (0x8)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=11
Parameters=
Data: (8 bytes)
[000] ED 03 00 00 00 00 00 00 \0xed\0x03\0x00\0x00\0x00\0x00\0x00\0x00
Data=
10:00:11.054602 IP (tos 0x8, ttl 64, id 35602, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5f11 (correct), seq 6578:6666, ack 7108, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16451 (0x4043)
Word Count = 10 (0xa)
TRANSACT2_QPATHINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:11.126983 IP (tos 0x0, ttl 128, id 7652, offset 0, flags [none], proto UDP (17), length 55, bad cksum 0 (->c141)!)
192.168.1.110.49519 > 192.168.1.254.53: [bad udp cksum 0x5bc5 -> 0xd023!] 54716+ SOA? SERVERNAM. (27)
10:00:11.246848 IP (tos 0x0, ttl 128, id 7653, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->831e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xce75), seq 7108, ack 6666, win 16200, length 0
10:00:12.127011 IP (tos 0x0, ttl 128, id 7670, offset 0, flags [none], proto UDP (17), length 55, bad cksum 0 (->c12f)!)
192.168.1.110.49519 > 192.168.1.254.53: [bad udp cksum 0x5bc5 -> 0xd023!] 54716+ SOA? SERVERNAM. (27)
10:00:13.127126 IP (tos 0x0, ttl 128, id 7711, offset 0, flags [none], proto UDP (17), length 55, bad cksum 0 (->c106)!)
192.168.1.110.49519 > 192.168.1.254.53: [bad udp cksum 0x5bc5 -> 0xd023!] 54716+ SOA? SERVERNAM. (27)
10:00:14.056984 IP (tos 0x0, ttl 128, id 7738, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->826f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xef22), seq 7108:7198, ack 6666, win 16200, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16515 (0x4083)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.057826 IP (tos 0x8, ttl 64, id 35603, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xae4e (correct), seq 6666:6805, ack 7198, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16515 (0x4083)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17386 (0x43ea)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.058010 IP (tos 0x0, ttl 128, id 7739, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->827c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xd8b0), seq 7198:7274, ack 6805, win 16166, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16579 (0x40c3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EA 43 EE 03 \0xeaC\0xee\0x03
Data=
10:00:14.058213 IP (tos 0x8, ttl 64, id 35604, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdcd8 (correct), seq 6805:6877, ack 7274, win 5986, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16579 (0x40c3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:14.058430 IP (tos 0x0, ttl 128, id 7740, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->827b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x991e), seq 7274:7350, ack 6877, win 16148, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16643 (0x4103)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EA 43 ED 03 \0xeaC\0xed\0x03
Data=
10:00:14.058567 IP (tos 0x8, ttl 64, id 35605, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9ef3 (correct), seq 6877:6965, ack 7350, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16643 (0x4103)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.058718 IP (tos 0x0, ttl 128, id 7741, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8299)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x7ea3), seq 7350:7395, ack 6965, win 16126, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16707 (0x4143)
Word Count = 3 (0x3)
Handle=17386 (0x43ea)
Time=NULL
smb_bcc=0
10:00:14.058897 IP (tos 0x8, ttl 64, id 35606, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf098 (correct), seq 6965:7004, ack 7395, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16707 (0x4143)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.061218 IP (tos 0x0, ttl 128, id 7742, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->826b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xef04), seq 7395:7485, ack 7004, win 16116, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16771 (0x4183)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.061926 IP (tos 0x8, ttl 64, id 35607, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc441 (correct), seq 7004:7143, ack 7485, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16771 (0x4183)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17388 (0x43ec)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.062080 IP (tos 0x0, ttl 128, id 7743, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8278)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xd693), seq 7485:7561, ack 7143, win 16081, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16835 (0x41c3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EC 43 EE 03 \0xecC\0xee\0x03
Data=
10:00:14.062467 IP (tos 0x8, ttl 64, id 35608, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdc66 (correct), seq 7143:7215, ack 7561, win 5986, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16835 (0x41c3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:14.062752 IP (tos 0x0, ttl 128, id 7744, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8277)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x9701), seq 7561:7637, ack 7215, win 16063, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16899 (0x4203)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EC 43 ED 03 \0xecC\0xed\0x03
Data=
10:00:14.062946 IP (tos 0x8, ttl 64, id 35609, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9e81 (correct), seq 7215:7303, ack 7637, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 16899 (0x4203)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.063099 IP (tos 0x0, ttl 128, id 7745, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8295)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x7d04), seq 7637:7682, ack 7303, win 16425, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16963 (0x4243)
Word Count = 3 (0x3)
Handle=17388 (0x43ec)
Time=NULL
smb_bcc=0
10:00:14.063277 IP (tos 0x8, ttl 64, id 35610, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf026 (correct), seq 7303:7342, ack 7682, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 16963 (0x4243)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.065785 IP (tos 0x0, ttl 128, id 7746, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8267)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xed67), seq 7682:7772, ack 7342, win 16415, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17027 (0x4283)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.066505 IP (tos 0x8, ttl 64, id 35611, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1058 (correct), seq 7342:7481, ack 7772, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17027 (0x4283)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17390 (0x43ee)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.066669 IP (tos 0x0, ttl 128, id 7747, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8274)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xd2f6), seq 7772:7848, ack 7481, win 16380, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17091 (0x42c3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EE 43 EE 03 \0xeeC\0xee\0x03
Data=
10:00:14.066855 IP (tos 0x8, ttl 64, id 35612, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdbf4 (correct), seq 7481:7553, ack 7848, win 5986, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17091 (0x42c3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:14.067062 IP (tos 0x0, ttl 128, id 7748, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8273)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x9364), seq 7848:7924, ack 7553, win 16362, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17155 (0x4303)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] EE 43 ED 03 \0xeeC\0xed\0x03
Data=
10:00:14.067198 IP (tos 0x8, ttl 64, id 35613, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9e0f (correct), seq 7553:7641, ack 7924, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17155 (0x4303)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.067349 IP (tos 0x0, ttl 128, id 7749, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8291)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x7ce5), seq 7924:7969, ack 7641, win 16340, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17219 (0x4343)
Word Count = 3 (0x3)
Handle=17390 (0x43ee)
Time=NULL
smb_bcc=0
10:00:14.067515 IP (tos 0x8, ttl 64, id 35614, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xefb4 (correct), seq 7641:7680, ack 7969, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17219 (0x4343)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.073595 IP (tos 0x0, ttl 128, id 7750, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8263)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xe64c), seq 7969:8059, ack 7680, win 16330, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17283 (0x4383)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.074154 IP (tos 0x8, ttl 64, id 35615, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xa0f8 (correct), seq 7680:7819, ack 8059, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17283 (0x4383)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17392 (0x43f0)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.074430 IP (tos 0x0, ttl 128, id 7751, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8270)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xcbc8), seq 8059:8135, ack 7819, win 16296, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17347 (0x43c3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F0 43 ED 03 \0xf0C\0xed\0x03
Data=
10:00:14.074616 IP (tos 0x8, ttl 64, id 35616, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xd831 (correct), seq 7819:7907, ack 8135, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17347 (0x43c3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.074776 IP (tos 0x0, ttl 128, id 7752, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->828e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xb747), seq 8135:8180, ack 7907, win 16274, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17411 (0x4403)
Word Count = 3 (0x3)
Handle=17392 (0x43f0)
Time=NULL
smb_bcc=0
10:00:14.074912 IP (tos 0x8, ttl 64, id 35617, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x29d7 (correct), seq 7907:7946, ack 8180, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17411 (0x4403)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.077012 IP (tos 0x0, ttl 128, id 7753, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8260)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x27af), seq 8180:8270, ack 7946, win 16264, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17475 (0x4443)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.077588 IP (tos 0x8, ttl 64, id 35618, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf77f (correct), seq 7946:8085, ack 8270, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17475 (0x4443)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17394 (0x43f2)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.077850 IP (tos 0x0, ttl 128, id 7754, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->826d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x0a2e), seq 8270:8346, ack 8085, win 16229, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17539 (0x4483)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F2 43 ED 03 \0xf2C\0xed\0x03
Data=
10:00:14.078045 IP (tos 0x8, ttl 64, id 35619, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1854 (correct), seq 8085:8173, ack 8346, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17539 (0x4483)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.078241 IP (tos 0x0, ttl 128, id 7755, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->828b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xf7aa), seq 8346:8391, ack 8173, win 16207, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17603 (0x44c3)
Word Count = 3 (0x3)
Handle=17394 (0x43f2)
Time=NULL
smb_bcc=0
10:00:14.078385 IP (tos 0x8, ttl 64, id 35620, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x69f9 (correct), seq 8173:8212, ack 8391, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17603 (0x44c3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.081033 IP (tos 0x0, ttl 128, id 7756, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->825d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x6814), seq 8391:8481, ack 8212, win 16197, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17667 (0x4503)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.081569 IP (tos 0x8, ttl 64, id 35621, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x842a (correct), seq 8212:8351, ack 8481, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17667 (0x4503)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17396 (0x43f4)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.081827 IP (tos 0x0, ttl 128, id 7757, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->826a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x4892), seq 8481:8557, ack 8351, win 16163, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17731 (0x4543)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F4 43 ED 03 \0xf4C\0xed\0x03
Data=
10:00:14.082037 IP (tos 0x8, ttl 64, id 35622, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5876 (correct), seq 8351:8439, ack 8557, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 17731 (0x4543)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.082202 IP (tos 0x0, ttl 128, id 7758, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8288)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x380d), seq 8557:8602, ack 8439, win 16141, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17795 (0x4583)
Word Count = 3 (0x3)
Handle=17396 (0x43f4)
Time=NULL
smb_bcc=0
10:00:14.082371 IP (tos 0x8, ttl 64, id 35623, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xaa1b (correct), seq 8439:8478, ack 8602, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17795 (0x4583)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.086772 IP (tos 0x0, ttl 128, id 7759, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->825a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xbb69), seq 8602:8692, ack 8478, win 16131, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 17859 (0x45c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=3 (0x3)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.087298 IP (tos 0x8, ttl 64, id 35624, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7150 (correct), seq 8478:8617, ack 8692, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 17859 (0x45c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17398 (0x43f6)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.087546 IP (tos 0x0, ttl 128, id 7760, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8267)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x9ce8), seq 8692:8768, ack 8617, win 16096, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 17923 (0x4603)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F6 43 ED 03 \0xf6C\0xed\0x03
Data=
10:00:14.087726 IP (tos 0x8, ttl 64, id 35625, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xae89 (correct), seq 8617:8705, ack 8768, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 17923 (0x4603)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.087903 IP (tos 0x0, ttl 128, id 7761, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8285)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x7270), seq 8768:8813, ack 8705, win 16074, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17987 (0x4643)
Word Count = 3 (0x3)
Handle=17398 (0x43f6)
Time=NULL
smb_bcc=0
10:00:14.088083 IP (tos 0x8, ttl 64, id 35626, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xe43d (correct), seq 8705:8744, ack 8813, win 5986, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 17987 (0x4643)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.088487 IP (tos 0x0, ttl 128, id 7762, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->8249)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0x4fa0), seq 8813:8917, ack 8744, win 16064, length 104
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18051 (0x4683)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=14
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x12019F
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x400040
ImpersonationLevel=0x2
SecurityFlags=1 (0x1)
smb_bcc=17
Path=\srvsvc
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
10:00:14.088740 IP (tos 0x8, ttl 64, id 35627, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x26c0 (correct), seq 8744:8883, ack 8917, win 5986, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18051 (0x4683)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17399 (0x43f7)
CreateAction=0x1
CreateTime=NULL
LastAccessTime=NULL
LastWriteTime=NULL
ChangeTime=NULL
ExtFileAttributes=0x80
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x2
DeviceState=0x5FF
Directory=0 (0x0)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.088860 IP (tos 0x0, ttl 128, id 7763, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8264)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xdeb3), seq 8917:8993, ack 8883, win 16425, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18115 (0x46c3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F7 43 ED 03 \0xf7C\0xed\0x03
Data=
10:00:14.088969 IP (tos 0x8, ttl 64, id 35628, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf18e (correct), seq 8883:8971, ack 8993, win 5986, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18115 (0x46c3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x10\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 01 00 00 00 \0x01\0x00\0x00\0x00\0x01\0x00\0x00\0x00
10:00:14.089126 IP (tos 0x0, ttl 128, id 7764, offset 0, flags [DF], proto TCP (6), length 268, bad cksum 0 (->81cb)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5acb (incorrect -> 0x4f56), seq 8993:9221, ack 8971, win 16403, length 228
SMB PACKET: SMBwriteX (REQUEST)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18179 (0x4703)
Word Count = 14 (0xe)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17399 (0x43f7)
Offset=0 (0x0)
TimeOut=-1 (0xffffffff)
WMode=0x8
CountLeft=160 (0xa0)
Res=0x0
DataSize=160 (0xa0)
DataOff=64 (0x40)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=161
smb_buf[]=
[000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 \0xee\0x05\0x00\0x0b\0x03\0x10\0x00\0x00 \0x00\0xa0\0x00\0x00\0x00\0x02\0x00\0x00
[010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 \0x00\0xb8\0x10\0xb8\0x10\0x00\0x00\0x00 \0x00\0x03\0x00\0x00\0x00\0x00\0x00\0x01
[020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 \0x00\0xc8O2Kp\0x16\0xd3 \0x01\0x12xZG\0xbfn\0xe1
[030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 \0x88\0x03\0x00\0x00\0x00\0x04]\0x88 \0x8a\0xeb\0x1c\0xc9\0x11\0x9f\0xe8\0x08
[040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 C8 4F 32 \0x00+\0x10H`\0x02\0x00\0x00 \0x00\0x01\0x00\0x01\0x00\0xc8O2
[050] 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 00 00 Kp\0x16\0xd3\0x01\0x12xZ G\0xbfn\0xe1\0x88\0x03\0x00\0x00
[060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC \0x003\0x05qq\0xba\0xbe7 I\0x83\0x19\0xb5\0xdb\0xef\0x9c\0xcc
[070] 36 01 00 00 00 02 00 01 00 C8 4F 32 4B 70 16 D3 6\0x01\0x00\0x00\0x00\0x02\0x00\0x01 \0x00\0xc8O2Kp\0x16\0xd3
[080] 01 12 78 5A 47 BF 6E E1 88 03 00 00 00 2C 1C B7 \0x01\0x12xZG\0xbfn\0xe1 \0x88\0x03\0x00\0x00\0x00,\0x1c\0xb7
[090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l\0x12\0x98@E\0x03\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x01\0x00\0x00
[0A0] 00 \0x00
10:00:14.089373 IP (tos 0x8, ttl 64, id 35629, offset 0, flags [DF], proto TCP (6), length 91)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf3b7 (correct), seq 8971:9022, ack 9221, win 6286, length 51
SMB PACKET: SMBwriteX (REPLY)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18179 (0x4703)
Word Count = 6 (0x6)
Com2=0xFF
Off2=0 (0x0)
Count=160 (0xa0)
Remaining=0 (0x0)
Res=0x0
smb_bcc=0
10:00:14.089554 IP (tos 0x0, ttl 128, id 7765, offset 0, flags [DF], proto TCP (6), length 103, bad cksum 0 (->826f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a26 (incorrect -> 0x552e), seq 9221:9284, ack 9022, win 16390, length 63
SMB PACKET: SMBreadX (REQUEST)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18243 (0x4743)
Word Count = 12 (0xc)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17399 (0x43f7)
Offset=0 (0x0)
MaxCount=1024 (0x400)
MinCount=1024 (0x400)
TimeOut=-1 (0xffffffff)
CountLeft=1024 (0x400)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.089720 IP (tos 0x8, ttl 64, id 35630, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7b03 (correct), seq 9022:9153, ack 9284, win 6286, length 131
SMB PACKET: SMBreadX (REPLY)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18243 (0x4743)
Word Count = 12 (0xc)
Com2=0xFF
Off2=0 (0x0)
Remaining=0 (0x0)
Res=0x0
DataSize=68 (0x44)
DataOff=59 (0x3b)
Res=(0x0,0x0,0x0,0x0)
Data: (2 bytes)
[000] 00 04 \0x00\0x04
smb_bcc=68
smb_buf[]=
[000] 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 00 \0x05\0x00\0x0c\0x03\0x10\0x00\0x00\0x00 D\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C \0xb8\0x10\0xb8\0x10\0xf0S\0x00\0x00 \0x0d\0x00\PIPE\
[020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc\0x00\0x00 \0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 \0x04]\0x88\0x8a\0xeb\0x1c\0xc9\0x11 \0x9f\0xe8\0x08\0x00+\0x10H`
[040] 02 00 00 00 \0x02\0x00\0x00\0x00
10:00:14.089812 IP (tos 0x0, ttl 128, id 7766, offset 0, flags [DF], proto TCP (6), length 212, bad cksum 0 (->8201)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a93 (incorrect -> 0x0999), seq 9284:9456, ack 9153, win 16357, length 172
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18307 (0x4783)
Word Count = 16 (0x10)
TotParamCnt=0 (0x0)
TotDataCnt=84 (0x54)
MaxParmCnt=0 (0x0)
MaxDataCnt=1024 (0x400)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=84 (0x54)
DataCnt=84 (0x54)
DataOff=84 (0x54)
SUCnt=2 (0x2)
Data: (4 bytes)
[000] 26 00 F7 43 &\0x00\0xf7C
smb_bcc=101
Name=\PIPE\
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
Data Data: (84 bytes)
[000] 05 00 00 03 10 00 00 00 54 00 00 00 02 00 00 00 \0x05\0x00\0x00\0x03\0x10\0x00\0x00\0x00 T\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] 3C 00 00 00 00 00 10 00 00 00 02 00 0A 00 00 00 <\0x00\0x00\0x00\0x00\0x00\0x10\0x00 \0x00\0x00\0x02\0x00\0x0a\0x00\0x00\0x00
[020] 00 00 00 00 0A 00 00 00 52 00 47 00 59 00 55 00 \0x00\0x00\0x00\0x00\0x0a\0x00\0x00\0x00 R\0x00G\0x00Y\0x00U\0x00
[030] 46 00 49 00 4C 00 45 00 53 00 00 00 04 00 00 00 F\0x00I\0x00L\0x00E\0x00 S\0x00\0x00\0x00\0x04\0x00\0x00\0x00
[040] 00 00 00 00 04 00 00 00 67 00 6F 00 6D 00 00 00 \0x00\0x00\0x00\0x00\0x04\0x00\0x00\0x00 g\0x00o\0x00m\0x00\0x00\0x00
[050] 01 00 00 00 \0x01\0x00\0x00\0x00
10:00:14.090150 IP (tos 0x8, ttl 64, id 35631, offset 0, flags [DF], proto TCP (6), length 300)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0ef1 (correct), seq 9153:9413, ack 9456, win 6586, length 260
SMB PACKET: SMBtrans (REPLY)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18307 (0x4783)
Word Count = 10 (0xa)
TotParamCnt=0 (0x0)
TotDataCnt=200 (0xc8)
Res1=0 (0x0)
ParamCnt=0 (0x0)
ParamOff=56 (0x38)
Res2=0 (0x0)
DataCnt=200 (0xc8)
DataOff=56 (0x38)
Res3=0 (0x0)
Lsetup=0 (0x0)
smb_bcc=201
Unknown Data: (1 bytes)
[000] 00 \0x00
Data Data: (200 bytes)
[000] 05 00 02 03 10 00 00 00 C8 00 00 00 02 00 00 00 \0x05\0x00\0x02\0x03\0x10\0x00\0x00\0x00 \0xc8\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] B0 00 00 00 00 00 00 00 01 00 00 00 04 00 02 00 \0xb0\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x01\0x00\0x00\0x00\0x04\0x00\0x02\0x00
[020] 08 00 02 00 00 00 00 00 0C 00 02 00 04 00 00 00 \0x08\0x00\0x02\0x00\0x00\0x00\0x00\0x00 \0x0c\0x00\0x02\0x00\0x04\0x00\0x00\0x00
[030] 00 00 00 00 04 00 00 00 67 00 6F 00 6D 00 00 00 \0x00\0x00\0x00\0x00\0x04\0x00\0x00\0x00 g\0x00o\0x00m\0x00\0x00\0x00
[040] 3C 00 00 00 00 00 00 00 3C 00 00 00 46 00 69 00 <\0x00\0x00\0x00\0x00\0x00\0x00\0x00 <\0x00\0x00\0x00F\0x00i\0x00
[050] 6C 00 65 00 73 00 20 00 72 00 65 00 6C 00 61 00 l\0x00e\0x00s\0x00 \0x00 r\0x00e\0x00l\0x00a\0x00
[060] 74 00 65 00 64 00 20 00 74 00 6F 00 20 00 4D 00 t\0x00e\0x00d\0x00 \0x00 t\0x00o\0x00 \0x00M\0x00
[070] 6F 00 6E 00 74 00 72 00 65 00 61 00 6C 00 20 00 o\0x00n\0x00t\0x00r\0x00 e\0x00a\0x00l\0x00 \0x00
[080] 27 00 47 00 4F 00 4D 00 27 00 20 00 70 00 72 00 '\0x00G\0x00O\0x00M\0x00 '\0x00 \0x00p\0x00r\0x00
[090] 6F 00 63 00 65 00 73 00 73 00 20 00 69 00 6D 00 o\0x00c\0x00e\0x00s\0x00 s\0x00 \0x00i\0x00m\0x00
[0A0] 70 00 72 00 6F 00 76 00 65 00 6D 00 65 00 6E 00 p\0x00r\0x00o\0x00v\0x00 e\0x00m\0x00e\0x00n\0x00
[0B0] 74 00 20 00 70 00 72 00 6F 00 6A 00 65 00 63 00 t\0x00 \0x00p\0x00r\0x00 o\0x00j\0x00e\0x00c\0x00
[0C0] 74 00 00 00 00 00 00 00 t\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:14.090338 IP (tos 0x0, ttl 128, id 7767, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->827f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xf21f), seq 9456:9501, ack 9413, win 16292, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18371 (0x47c3)
Word Count = 3 (0x3)
Handle=17399 (0x43f7)
Time=NULL
smb_bcc=0
10:00:14.090453 IP (tos 0x8, ttl 64, id 35632, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x6270 (correct), seq 9413:9452, ack 9501, win 6586, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18371 (0x47c3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.091480 IP (tos 0x0, ttl 128, id 7768, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8251)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x7680), seq 9501:9591, ack 9452, win 16282, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18435 (0x4803)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=3 (0x3)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.091956 IP (tos 0x8, ttl 64, id 35633, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8f92 (correct), seq 9452:9591, ack 9591, win 6586, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18435 (0x4803)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17401 (0x43f9)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.092238 IP (tos 0x0, ttl 128, id 7769, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->825e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x55fd), seq 9591:9667, ack 9591, win 16248, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18499 (0x4843)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] F9 43 ED 03 \0xf9C\0xed\0x03
Data=
10:00:14.092412 IP (tos 0x8, ttl 64, id 35634, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x68de (correct), seq 9591:9679, ack 9667, win 6586, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18499 (0x4843)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.092588 IP (tos 0x0, ttl 128, id 7770, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->827c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x2e82), seq 9667:9712, ack 9679, win 16226, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18563 (0x4883)
Word Count = 3 (0x3)
Handle=17401 (0x43f9)
Time=NULL
smb_bcc=0
10:00:14.092752 IP (tos 0x8, ttl 64, id 35635, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9e92 (correct), seq 9679:9718, ack 9712, win 6586, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18563 (0x4883)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.093111 IP (tos 0x0, ttl 128, id 7771, offset 0, flags [DF], proto TCP (6), length 144, bad cksum 0 (->8240)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a4f (incorrect -> 0x07b5), seq 9712:9816, ack 9718, win 16216, length 104
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18627 (0x48c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=14
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x12019F
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x400040
ImpersonationLevel=0x2
SecurityFlags=1 (0x1)
smb_bcc=17
Path=\srvsvc
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
10:00:14.093300 IP (tos 0x8, ttl 64, id 35636, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xda14 (correct), seq 9718:9857, ack 9816, win 6586, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18627 (0x48c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17402 (0x43fa)
CreateAction=0x1
CreateTime=NULL
LastAccessTime=NULL
LastWriteTime=NULL
ChangeTime=NULL
ExtFileAttributes=0x80
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x2
DeviceState=0x5FF
Directory=0 (0x0)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.093388 IP (tos 0x0, ttl 128, id 7772, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->825b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x9554), seq 9816:9892, ack 9857, win 16181, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18691 (0x4903)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] FA 43 ED 03 \0xfaC\0xed\0x03
Data=
10:00:14.093530 IP (tos 0x8, ttl 64, id 35637, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xa7e3 (correct), seq 9857:9945, ack 9892, win 6586, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18691 (0x4903)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x10\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 01 00 00 00 \0x01\0x00\0x00\0x00\0x01\0x00\0x00\0x00
10:00:14.093674 IP (tos 0x0, ttl 128, id 7773, offset 0, flags [DF], proto TCP (6), length 268, bad cksum 0 (->81c2)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5acb (incorrect -> 0x08f4), seq 9892:10120, ack 9945, win 16159, length 228
SMB PACKET: SMBwriteX (REQUEST)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18755 (0x4943)
Word Count = 14 (0xe)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17402 (0x43fa)
Offset=0 (0x0)
TimeOut=-1 (0xffffffff)
WMode=0x8
CountLeft=160 (0xa0)
Res=0x0
DataSize=160 (0xa0)
DataOff=64 (0x40)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=161
smb_buf[]=
[000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 \0xee\0x05\0x00\0x0b\0x03\0x10\0x00\0x00 \0x00\0xa0\0x00\0x00\0x00\0x02\0x00\0x00
[010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 \0x00\0xb8\0x10\0xb8\0x10\0x00\0x00\0x00 \0x00\0x03\0x00\0x00\0x00\0x00\0x00\0x01
[020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 \0x00\0xc8O2Kp\0x16\0xd3 \0x01\0x12xZG\0xbfn\0xe1
[030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 \0x88\0x03\0x00\0x00\0x00\0x04]\0x88 \0x8a\0xeb\0x1c\0xc9\0x11\0x9f\0xe8\0x08
[040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 C8 4F 32 \0x00+\0x10H`\0x02\0x00\0x00 \0x00\0x01\0x00\0x01\0x00\0xc8O2
[050] 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 00 00 Kp\0x16\0xd3\0x01\0x12xZ G\0xbfn\0xe1\0x88\0x03\0x00\0x00
[060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC \0x003\0x05qq\0xba\0xbe7 I\0x83\0x19\0xb5\0xdb\0xef\0x9c\0xcc
[070] 36 01 00 00 00 02 00 01 00 C8 4F 32 4B 70 16 D3 6\0x01\0x00\0x00\0x00\0x02\0x00\0x01 \0x00\0xc8O2Kp\0x16\0xd3
[080] 01 12 78 5A 47 BF 6E E1 88 03 00 00 00 2C 1C B7 \0x01\0x12xZG\0xbfn\0xe1 \0x88\0x03\0x00\0x00\0x00,\0x1c\0xb7
[090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l\0x12\0x98@E\0x03\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x01\0x00\0x00
[0A0] 00 \0x00
10:00:14.093859 IP (tos 0x8, ttl 64, id 35638, offset 0, flags [DF], proto TCP (6), length 91)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xaa0c (correct), seq 9945:9996, ack 10120, win 6886, length 51
SMB PACKET: SMBwriteX (REPLY)
SMB Command = 0x2F
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18755 (0x4943)
Word Count = 6 (0x6)
Com2=0xFF
Off2=0 (0x0)
Count=160 (0xa0)
Remaining=0 (0x0)
Res=0x0
smb_bcc=0
10:00:14.093980 IP (tos 0x0, ttl 128, id 7774, offset 0, flags [DF], proto TCP (6), length 103, bad cksum 0 (->8266)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a26 (incorrect -> 0x0ecc), seq 10120:10183, ack 9996, win 16146, length 63
SMB PACKET: SMBreadX (REQUEST)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18819 (0x4983)
Word Count = 12 (0xc)
Com2=0xFF
Off2=57054 (0xdede)
Handle=17402 (0x43fa)
Offset=0 (0x0)
MaxCount=1024 (0x400)
MinCount=1024 (0x400)
TimeOut=-1 (0xffffffff)
CountLeft=1024 (0x400)
Data: (4 bytes)
[000] 00 00 00 00 \0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.094133 IP (tos 0x8, ttl 64, id 35639, offset 0, flags [DF], proto TCP (6), length 171)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x3158 (correct), seq 9996:10127, ack 10183, win 6886, length 131
SMB PACKET: SMBreadX (REPLY)
SMB Command = 0x2E
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18819 (0x4983)
Word Count = 12 (0xc)
Com2=0xFF
Off2=0 (0x0)
Remaining=0 (0x0)
Res=0x0
DataSize=68 (0x44)
DataOff=59 (0x3b)
Res=(0x0,0x0,0x0,0x0)
Data: (2 bytes)
[000] 00 04 \0x00\0x04
smb_bcc=68
smb_buf[]=
[000] 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 00 \0x05\0x00\0x0c\0x03\0x10\0x00\0x00\0x00 D\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C \0xb8\0x10\0xb8\0x10\0xf0S\0x00\0x00 \0x0d\0x00\PIPE\
[020] 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 00 srvsvc\0x00\0x00 \0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 \0x04]\0x88\0x8a\0xeb\0x1c\0xc9\0x11 \0x9f\0xe8\0x08\0x00+\0x10H`
[040] 02 00 00 00 \0x02\0x00\0x00\0x00
10:00:14.094215 IP (tos 0x0, ttl 128, id 7775, offset 0, flags [DF], proto TCP (6), length 236, bad cksum 0 (->81e0)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5aab (incorrect -> 0xe6b8), seq 10183:10379, ack 10127, win 16114, length 196
SMB PACKET: SMBtrans (REQUEST)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18883 (0x49c3)
Word Count = 16 (0x10)
TotParamCnt=0 (0x0)
TotDataCnt=108 (0x6c)
MaxParmCnt=0 (0x0)
MaxDataCnt=1024 (0x400)
MaxSCnt=0 (0x0)
TransFlags=0x0
Res1=0x0
Res2=0x0
Res3=0x0
ParamCnt=0 (0x0)
ParamOff=84 (0x54)
DataCnt=108 (0x6c)
DataOff=84 (0x54)
SUCnt=2 (0x2)
Data: (4 bytes)
[000] 26 00 FA 43 &\0x00\0xfaC
smb_bcc=125
Name=\PIPE\
Data: (3 bytes)
[000] 00 00 00 \0x00\0x00\0x00
Data Data: (108 bytes)
[000] 05 00 00 03 10 00 00 00 6C 00 00 00 02 00 00 00 \0x05\0x00\0x00\0x03\0x10\0x00\0x00\0x00 l\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] 54 00 00 00 00 00 10 00 00 00 02 00 0A 00 00 00 T\0x00\0x00\0x00\0x00\0x00\0x10\0x00 \0x00\0x00\0x02\0x00\0x0a\0x00\0x00\0x00
[020] 00 00 00 00 0A 00 00 00 52 00 47 00 59 00 55 00 \0x00\0x00\0x00\0x00\0x0a\0x00\0x00\0x00 R\0x00G\0x00Y\0x00U\0x00
[030] 46 00 49 00 4C 00 45 00 53 00 00 00 0F 00 00 00 F\0x00I\0x00L\0x00E\0x00 S\0x00\0x00\0x00\0x0f\0x00\0x00\0x00
[040] 00 00 00 00 0F 00 00 00 76 00 69 00 73 00 75 00 \0x00\0x00\0x00\0x00\0x0f\0x00\0x00\0x00 v\0x00i\0x00s\0x00u\0x00
[050] 61 00 6C 00 2D 00 73 00 79 00 73 00 74 00 65 00 a\0x00l\0x00-\0x00s\0x00 y\0x00s\0x00t\0x00e\0x00
[060] 6D 00 73 00 00 00 00 00 01 00 00 00 m\0x00s\0x00\0x00\0x00\0x00\0x00 \0x01\0x00\0x00\0x00
10:00:14.094446 IP (tos 0x8, ttl 64, id 35640, offset 0, flags [DF], proto TCP (6), length 284)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xb280 (correct), seq 10127:10371, ack 10379, win 7186, length 244
SMB PACKET: SMBtrans (REPLY)
SMB Command = 0x25
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 4156 (0x103c)
UID = 100 (0x64)
MID = 18883 (0x49c3)
Word Count = 10 (0xa)
TotParamCnt=0 (0x0)
TotDataCnt=184 (0xb8)
Res1=0 (0x0)
ParamCnt=0 (0x0)
ParamOff=56 (0x38)
Res2=0 (0x0)
DataCnt=184 (0xb8)
DataOff=56 (0x38)
Res3=0 (0x0)
Lsetup=0 (0x0)
smb_bcc=185
Unknown Data: (1 bytes)
[000] 00 \0x00
Data Data: (184 bytes)
[000] 05 00 02 03 10 00 00 00 B8 00 00 00 02 00 00 00 \0x05\0x00\0x02\0x03\0x10\0x00\0x00\0x00 \0xb8\0x00\0x00\0x00\0x02\0x00\0x00\0x00
[010] A0 00 00 00 00 00 00 00 01 00 00 00 04 00 02 00 \0xa0\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x01\0x00\0x00\0x00\0x04\0x00\0x02\0x00
[020] 08 00 02 00 00 00 00 00 0C 00 02 00 0F 00 00 00 \0x08\0x00\0x02\0x00\0x00\0x00\0x00\0x00 \0x0c\0x00\0x02\0x00\0x0f\0x00\0x00\0x00
[030] 00 00 00 00 0F 00 00 00 76 00 69 00 73 00 75 00 \0x00\0x00\0x00\0x00\0x0f\0x00\0x00\0x00 v\0x00i\0x00s\0x00u\0x00
[040] 61 00 6C 00 2D 00 73 00 79 00 73 00 74 00 65 00 a\0x00l\0x00-\0x00s\0x00 y\0x00s\0x00t\0x00e\0x00
[050] 6D 00 73 00 00 00 00 00 28 00 00 00 00 00 00 00 m\0x00s\0x00\0x00\0x00\0x00\0x00 (\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[060] 28 00 00 00 43 00 6F 00 6D 00 6D 00 6F 00 6E 00 (\0x00\0x00\0x00C\0x00o\0x00 m\0x00m\0x00o\0x00n\0x00
[070] 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 6F 00 \0x00f\0x00i\0x00l\0x00 e\0x00s\0x00 \0x00o\0x00
[080] 66 00 20 00 74 00 68 00 65 00 20 00 56 00 69 00 f\0x00 \0x00t\0x00h\0x00 e\0x00 \0x00V\0x00i\0x00
[090] 73 00 75 00 61 00 6C 00 20 00 53 00 79 00 73 00 s\0x00u\0x00a\0x00l\0x00 \0x00S\0x00y\0x00s\0x00
[0A0] 74 00 65 00 6D 00 73 00 20 00 74 00 65 00 61 00 t\0x00e\0x00m\0x00s\0x00 \0x00t\0x00e\0x00a\0x00
[0B0] 6D 00 00 00 00 00 00 00 m\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:00:14.094623 IP (tos 0x0, ttl 128, id 7776, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8276)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xaa3c), seq 10379:10424, ack 10371, win 16425, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18947 (0x4a03)
Word Count = 3 (0x3)
Handle=17402 (0x43fa)
Time=NULL
smb_bcc=0
10:00:14.094769 IP (tos 0x8, ttl 64, id 35641, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x18bd (correct), seq 10371:10410, ack 10424, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 18947 (0x4a03)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.096118 IP (tos 0x0, ttl 128, id 7777, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8248)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x12ae), seq 10424:10514, ack 10410, win 16415, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19011 (0x4a43)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.096605 IP (tos 0x8, ttl 64, id 35642, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xbc00 (correct), seq 10410:10549, ack 10514, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19011 (0x4a43)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17404 (0x43fc)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.096759 IP (tos 0x0, ttl 128, id 7778, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8255)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xeb2c), seq 10514:10590, ack 10549, win 16380, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19075 (0x4a83)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] FC 43 ED 03 \0xfcC\0xed\0x03
Data=
10:00:14.096966 IP (tos 0x8, ttl 64, id 35643, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xff39 (correct), seq 10549:10637, ack 10590, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19075 (0x4a83)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.097077 IP (tos 0x0, ttl 128, id 7779, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8273)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xe29f), seq 10590:10635, ack 10637, win 16358, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19139 (0x4ac3)
Word Count = 3 (0x3)
Handle=17404 (0x43fc)
Time=NULL
smb_bcc=0
10:00:14.097208 IP (tos 0x8, ttl 64, id 35644, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x50df (correct), seq 10637:10676, ack 10635, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19139 (0x4ac3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.097352 IP (tos 0x0, ttl 128, id 7780, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8245)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x5113), seq 10635:10725, ack 10676, win 16348, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19203 (0x4b03)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.097638 IP (tos 0x8, ttl 64, id 35645, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf822 (correct), seq 10676:10815, ack 10725, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19203 (0x4b03)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17406 (0x43fe)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.097753 IP (tos 0x0, ttl 128, id 7781, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8252)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x2791), seq 10725:10801, ack 10815, win 16314, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19267 (0x4b43)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] FE 43 ED 03 \0xfeC\0xed\0x03
Data=
10:00:14.097912 IP (tos 0x8, ttl 64, id 35646, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x3d5c (correct), seq 10815:10903, ack 10801, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19267 (0x4b43)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.098014 IP (tos 0x0, ttl 128, id 7782, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8270)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x2102), seq 10801:10846, ack 10903, win 16292, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19331 (0x4b83)
Word Count = 3 (0x3)
Handle=17406 (0x43fe)
Time=NULL
smb_bcc=0
10:00:14.098170 IP (tos 0x8, ttl 64, id 35647, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8f01 (correct), seq 10903:10942, ack 10846, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19331 (0x4b83)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.099246 IP (tos 0x0, ttl 128, id 7783, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8242)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x9377), seq 10846:10936, ack 10942, win 16282, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19395 (0x4bc3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.099685 IP (tos 0x8, ttl 64, id 35648, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9f32 (correct), seq 10942:11081, ack 10936, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19395 (0x4bc3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17408 (0x4400)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.099811 IP (tos 0x0, ttl 128, id 7784, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->824f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x67f6), seq 10936:11012, ack 11081, win 16247, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19459 (0x4c03)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 00 44 ED 03 \0x00D\0xed\0x03
Data=
10:00:14.100130 IP (tos 0x8, ttl 64, id 35649, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7f7e (correct), seq 11081:11169, ack 11012, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19459 (0x4c03)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.100227 IP (tos 0x0, ttl 128, id 7785, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->826d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x6365), seq 11012:11057, ack 11169, win 16225, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19523 (0x4c43)
Word Count = 3 (0x3)
Handle=17408 (0x4400)
Time=NULL
smb_bcc=0
10:00:14.100402 IP (tos 0x8, ttl 64, id 35650, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xd123 (correct), seq 11169:11208, ack 11057, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19523 (0x4c43)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.100534 IP (tos 0x0, ttl 128, id 7786, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->823f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xd1dc), seq 11057:11147, ack 11208, win 16215, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19587 (0x4c83)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.100857 IP (tos 0x8, ttl 64, id 35651, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdb54 (correct), seq 11208:11347, ack 11147, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19587 (0x4c83)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17410 (0x4402)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.100978 IP (tos 0x0, ttl 128, id 7787, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->824c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xa45a), seq 11147:11223, ack 11347, win 16181, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19651 (0x4cc3)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 02 44 ED 03 \0x02D\0xed\0x03
Data=
10:00:14.101111 IP (tos 0x8, ttl 64, id 35652, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xbda0 (correct), seq 11347:11435, ack 11223, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19651 (0x4cc3)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.101192 IP (tos 0x0, ttl 128, id 7788, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->826a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xa1c7), seq 11223:11268, ack 11435, win 16159, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19715 (0x4d03)
Word Count = 3 (0x3)
Handle=17410 (0x4402)
Time=NULL
smb_bcc=0
10:00:14.101347 IP (tos 0x8, ttl 64, id 35653, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0f46 (correct), seq 11435:11474, ack 11268, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19715 (0x4d03)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.103068 IP (tos 0x0, ttl 128, id 7789, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->823c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x0c41), seq 11268:11358, ack 11474, win 16149, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19779 (0x4d43)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.103581 IP (tos 0x8, ttl 64, id 35654, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xac89 (correct), seq 11474:11613, ack 11358, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19779 (0x4d43)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17412 (0x4404)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.103707 IP (tos 0x0, ttl 128, id 7790, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8249)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xdcbf), seq 11358:11434, ack 11613, win 16114, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19843 (0x4d83)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 04 44 ED 03 \0x04D\0xed\0x03
Data=
10:00:14.103874 IP (tos 0x8, ttl 64, id 35655, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xf7c2 (correct), seq 11613:11701, ack 11434, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19843 (0x4d83)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.103944 IP (tos 0x0, ttl 128, id 7791, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8267)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0xdc2a), seq 11434:11479, ack 11701, win 16092, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19907 (0x4dc3)
Word Count = 3 (0x3)
Handle=17412 (0x4404)
Time=NULL
smb_bcc=0
10:00:14.104078 IP (tos 0x8, ttl 64, id 35656, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x4968 (correct), seq 11701:11740, ack 11479, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 19907 (0x4dc3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.105128 IP (tos 0x0, ttl 128, id 7792, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8239)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x4ca6), seq 11479:11569, ack 11740, win 16082, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19971 (0x4e03)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.105644 IP (tos 0x8, ttl 64, id 35657, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0311 (correct), seq 11740:11879, ack 11569, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 19971 (0x4e03)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17414 (0x4406)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.105771 IP (tos 0x0, ttl 128, id 7793, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8246)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x19ab), seq 11569:11645, ack 11879, win 16425, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20035 (0x4e43)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 06 44 ED 03 \0x06D\0xed\0x03
Data=
10:00:14.105936 IP (tos 0x8, ttl 64, id 35658, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x37e5 (correct), seq 11879:11967, ack 11645, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20035 (0x4e43)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.106028 IP (tos 0x0, ttl 128, id 7794, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8264)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x1b14), seq 11645:11690, ack 11967, win 16403, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20099 (0x4e83)
Word Count = 3 (0x3)
Handle=17414 (0x4406)
Time=NULL
smb_bcc=0
10:00:14.106318 IP (tos 0x8, ttl 64, id 35659, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x898a (correct), seq 11967:12006, ack 11690, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20099 (0x4e83)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.107614 IP (tos 0x0, ttl 128, id 7795, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->8236)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x8b91), seq 11690:11780, ack 12006, win 16393, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20163 (0x4ec3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:00:14.108107 IP (tos 0x8, ttl 64, id 35660, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8fbb (correct), seq 12006:12145, ack 11780, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20163 (0x4ec3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17416 (0x4408)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:00:14.108229 IP (tos 0x0, ttl 128, id 7796, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->8243)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x5810), seq 11780:11856, ack 12145, win 16358, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20227 (0x4f03)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 08 44 ED 03 \0x08D\0xed\0x03
Data=
10:00:14.108404 IP (tos 0x8, ttl 64, id 35661, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7807 (correct), seq 12145:12233, ack 11856, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20227 (0x4f03)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:00:14.108493 IP (tos 0x0, ttl 128, id 7797, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->8261)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x5b77), seq 11856:11901, ack 12233, win 16336, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20291 (0x4f43)
Word Count = 3 (0x3)
Handle=17416 (0x4408)
Time=NULL
smb_bcc=0
10:00:14.108651 IP (tos 0x8, ttl 64, id 35662, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc9ac (correct), seq 12233:12272, ack 11901, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20291 (0x4f43)
Word Count = 0 (0x0)
smb_bcc=0
10:00:14.156038 IP (tos 0x0, ttl 64, id 9851, offset 0, flags [DF], proto UDP (17), length 55)
192.168.1.254.53 > 192.168.1.110.49519: [udp sum ok] 54716 NXDomain* q: SOA? SERVERNAM. 0/0/0 (27)
10:00:14.167615 IP (tos 0x0, ttl 128, id 7798, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->8281)!)
192.168.1.110.49295 > 192.168.0.58.445: Flags [S], cksum 0x59f3 (incorrect -> 0x3e36), seq 475977832, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
10:00:14.167835 IP (tos 0x8, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.58.445 > 192.168.1.110.49295: Flags [S.], cksum 0x0fbe (correct), seq 2180617061, ack 475977833, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 2], length 0
10:00:14.167908 IP (tos 0x0, ttl 128, id 7799, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->828c)!)
192.168.1.110.49295 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0x496a), seq 1, ack 1, win 16425, length 0
10:00:14.167968 IP (tos 0x0, ttl 128, id 7800, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->828b)!)
192.168.1.110.49295 > 192.168.0.58.445: Flags [R.], cksum 0x59e7 (incorrect -> 0x898f), seq 1, ack 1, win 0, length 0
10:00:14.306621 IP (tos 0x0, ttl 128, id 7801, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->828a)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xa558), seq 11901, ack 12272, win 16326, length 0
10:00:15.156174 IP (tos 0x0, ttl 64, id 9852, offset 0, flags [DF], proto UDP (17), length 55)
192.168.1.254.53 > 192.168.1.110.49519: [udp sum ok] 54716 NXDomain* q: SOA? SERVERNAM. 0/0/0 (27)
10:00:16.156111 IP (tos 0x0, ttl 64, id 9853, offset 0, flags [DF], proto UDP (17), length 55)
192.168.1.254.53 > 192.168.1.110.49519: [udp sum ok] 54716 NXDomain* q: SOA? SERVERNAM. 0/0/0 (27)
10:00:17.855780 IP (tos 0x0, ttl 128, id 7900, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->8200)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xf640), seq 11901:11940, ack 12272, win 16326, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20355 (0x4f83)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.856247 IP (tos 0x8, ttl 64, id 35663, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1d5e (correct), seq 12272:12311, ack 11940, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20355 (0x4f83)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.856333 IP (tos 0x0, ttl 128, id 7901, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->81ff)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xb3fb), seq 11940:11979, ack 12311, win 16317, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20419 (0x4fc3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.856572 IP (tos 0x8, ttl 64, id 35664, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xdb0f (correct), seq 12311:12350, ack 11979, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 4 (0x4)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20419 (0x4fc3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.856694 IP (tos 0x0, ttl 128, id 7902, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->81fe)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x71b7), seq 11979:12018, ack 12350, win 16307, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 6 (0x6)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20483 (0x5003)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.856949 IP (tos 0x8, ttl 64, id 35665, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x98c1 (correct), seq 12350:12389, ack 12018, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 6 (0x6)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20483 (0x5003)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.857111 IP (tos 0x0, ttl 128, id 7903, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->81fd)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x2f73), seq 12018:12057, ack 12389, win 16297, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 8 (0x8)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20547 (0x5043)
Word Count = 0 (0x0)
smb_bcc=0
10:00:17.857297 IP (tos 0x8, ttl 64, id 35666, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5673 (correct), seq 12389:12428, ack 12057, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 8 (0x8)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20547 (0x5043)
Word Count = 0 (0x0)
smb_bcc=0
10:00:18.057579 IP (tos 0x0, ttl 128, id 7904, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->8223)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xa447), seq 12057, ack 12428, win 16287, length 0
10:00:29.855452 IP (tos 0x0, ttl 128, id 8221, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->80bf)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xf62e), seq 12057:12096, ack 12428, win 16287, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20611 (0x5083)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.855927 IP (tos 0x8, ttl 64, id 35667, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1d25 (correct), seq 12428:12467, ack 12096, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20611 (0x5083)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.855981 IP (tos 0x0, ttl 128, id 8222, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->80be)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xafe9), seq 12096:12135, ack 12467, win 16278, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20675 (0x50c3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.856539 IP (tos 0x8, ttl 64, id 35668, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xd6d6 (correct), seq 12467:12506, ack 12135, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 7 (0x7)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20675 (0x50c3)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.856579 IP (tos 0x0, ttl 128, id 8223, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->80bd)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x71a5), seq 12135:12174, ack 12506, win 16268, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20739 (0x5103)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.856817 IP (tos 0x8, ttl 64, id 35669, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x9888 (correct), seq 12506:12545, ack 12174, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 5 (0x5)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20739 (0x5103)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.856837 IP (tos 0x0, ttl 128, id 8224, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->80bc)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x3361), seq 12174:12213, ack 12545, win 16258, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20803 (0x5143)
Word Count = 0 (0x0)
smb_bcc=0
10:00:29.857053 IP (tos 0x8, ttl 64, id 35670, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x5a3a (correct), seq 12545:12584, ack 12213, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20803 (0x5143)
Word Count = 0 (0x0)
smb_bcc=0
10:00:30.059374 IP (tos 0x0, ttl 128, id 8227, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->80e0)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0xa336), seq 12213, ack 12584, win 16248, length 0
10:00:31.838948 IP (tos 0x0, ttl 128, id 8281, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->809e)!)
192.168.1.110.49328 > 192.168.0.58.389: Flags [S], cksum 0x59f3 (incorrect -> 0x5bb1), seq 3771922057, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:00:31.839153 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.389 > 192.168.1.110.49328: Flags [R.], cksum 0xbc70 (correct), seq 0, ack 3771922058, win 0, length 0
10:00:32.338737 IP (tos 0x0, ttl 128, id 8284, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->809b)!)
192.168.1.110.49328 > 192.168.0.58.389: Flags [S], cksum 0x59f3 (incorrect -> 0x5bb1), seq 3771922057, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:00:32.338908 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.389 > 192.168.1.110.49328: Flags [R.], cksum 0xbc70 (correct), seq 0, ack 1, win 0, length 0
10:00:32.838778 IP (tos 0x0, ttl 128, id 8312, offset 0, flags [DF], proto TCP (6), length 48, bad cksum 0 (->8083)!)
192.168.1.110.49328 > 192.168.0.58.389: Flags [S], cksum 0x59ef (incorrect -> 0x6fc0), seq 3771922057, win 8192, options [mss 1460,nop,nop,sackOK], length 0
10:00:32.838971 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.58.389 > 192.168.1.110.49328: Flags [R.], cksum 0xbc70 (correct), seq 0, ack 1, win 0, length 0
10:03:39.147316 IP (tos 0x0, ttl 128, id 17228, offset 0, flags [DF], proto TCP (6), length 126, bad cksum 0 (->5d61)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a3d (incorrect -> 0x7dba), seq 12213:12299, ack 12584, win 16248, length 86
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20867 (0x5183)
Word Count = 4 (0x4)
Com2=0xFF
Off2=82 (0x52)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=39
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 47 00 4F 00 4D 00 00 \0x00L\0x00E\0x00S\0x00\ \0x00G\0x00O\0x00M\0x00\0x00
[020] 00 3F 3F 3F 3F 3F 00 \0x00?????\0x00
10:03:39.155716 IP (tos 0x8, ttl 64, id 35671, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8815 (correct), seq 12584:12650, ack 12299, win 7186, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 20867 (0x5183)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:03:39.156046 IP (tos 0x0, ttl 128, id 17229, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d5c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x894a), seq 12299:12389, ack 12650, win 16232, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20931 (0x51c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.156675 IP (tos 0x8, ttl 64, id 35672, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x23e6 (correct), seq 12650:12789, ack 12389, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20931 (0x51c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17418 (0x440a)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.156733 IP (tos 0x0, ttl 128, id 17230, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d69)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x52d9), seq 12389:12465, ack 12789, win 16197, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20995 (0x5203)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 0A 44 EE 03 \0x0aD\0xee\0x03
Data=
10:03:39.156910 IP (tos 0x8, ttl 64, id 35673, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7270 (correct), seq 12789:12861, ack 12465, win 7186, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 20995 (0x5203)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:03:39.157061 IP (tos 0x0, ttl 128, id 17231, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d68)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x1347), seq 12465:12541, ack 12861, win 16179, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21059 (0x5243)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 0A 44 ED 03 \0x0aD\0xed\0x03
Data=
10:03:39.157222 IP (tos 0x8, ttl 64, id 35674, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x348b (correct), seq 12861:12949, ack 12541, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21059 (0x5243)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.157305 IP (tos 0x0, ttl 128, id 17232, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d86)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x18ac), seq 12541:12586, ack 12949, win 16157, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21123 (0x5283)
Word Count = 3 (0x3)
Handle=17418 (0x440a)
Time=NULL
smb_bcc=0
10:03:39.157432 IP (tos 0x8, ttl 64, id 35675, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8630 (correct), seq 12949:12988, ack 12586, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21123 (0x5283)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.157756 IP (tos 0x0, ttl 128, id 17233, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d58)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x062f), seq 12586:12676, ack 12988, win 16147, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21187 (0x52c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.158055 IP (tos 0x8, ttl 64, id 35676, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x1f74 (correct), seq 12988:13127, ack 12676, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21187 (0x52c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17420 (0x440c)
CreateAction=0x1
CreateTime=Tue Feb 5 17:30:37 2013
LastAccessTime=Tue Feb 5 17:30:37 2013
LastWriteTime=Mon Feb 10 16:33:50 2014
ChangeTime=Mon Feb 10 16:33:50 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.158177 IP (tos 0x0, ttl 128, id 17234, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d65)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x4fab), seq 12676:12752, ack 13127, win 16113, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21251 (0x5303)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 0C 44 ED 03 \0x0cD\0xed\0x03
Data=
10:03:39.158338 IP (tos 0x8, ttl 64, id 35677, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x72ad (correct), seq 13127:13215, ack 12752, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21251 (0x5303)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.158430 IP (tos 0x0, ttl 128, id 17235, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d83)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x570e), seq 12752:12797, ack 13215, win 16091, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21315 (0x5343)
Word Count = 3 (0x3)
Handle=17420 (0x440c)
Time=NULL
smb_bcc=0
10:03:39.158658 IP (tos 0x8, ttl 64, id 35678, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xc452 (correct), seq 13215:13254, ack 12797, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21315 (0x5343)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.165107 IP (tos 0x0, ttl 128, id 17236, offset 0, flags [DF], proto TCP (6), length 136, bad cksum 0 (->5d4f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a47 (incorrect -> 0xd84f), seq 12797:12893, ack 13254, win 16081, length 96
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21379 (0x5383)
Word Count = 4 (0x4)
Com2=0xFF
Off2=92 (0x5c)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=49
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 54 00 45 00 58 00 54 \0x00L\0x00E\0x00S\0x00\ \0x00T\0x00E\0x00X\0x00T
[020] 00 55 00 52 00 45 00 53 00 00 00 3F 3F 3F 3F 3F \0x00U\0x00R\0x00E\0x00S \0x00\0x00\0x00?????
[030] 00 \0x00
10:03:39.170606 IP (tos 0x8, ttl 64, id 35679, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8223 (correct), seq 13254:13320, ack 12893, win 7186, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21379 (0x5383)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:03:39.171372 IP (tos 0x0, ttl 128, id 17237, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d54)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x8400), seq 12893:12983, ack 13320, win 16064, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21443 (0x53c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.171684 IP (tos 0x8, ttl 64, id 35680, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x3259 (correct), seq 13320:13459, ack 12983, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21443 (0x53c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17422 (0x440e)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.171830 IP (tos 0x0, ttl 128, id 17238, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d61)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x4803), seq 12983:13059, ack 13459, win 16425, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21507 (0x5403)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 0E 44 EE 03 \0x0eD\0xee\0x03
Data=
10:03:39.172112 IP (tos 0x8, ttl 64, id 35681, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x6c7e (correct), seq 13459:13531, ack 13059, win 7186, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21507 (0x5403)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:03:39.172398 IP (tos 0x0, ttl 128, id 17239, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d60)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x0871), seq 13059:13135, ack 13531, win 16407, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21571 (0x5443)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 0E 44 ED 03 \0x0eD\0xed\0x03
Data=
10:03:39.172565 IP (tos 0x8, ttl 64, id 35682, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x2e99 (correct), seq 13531:13619, ack 13135, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21571 (0x5443)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.172679 IP (tos 0x0, ttl 128, id 17240, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d7e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x11d2), seq 13135:13180, ack 13619, win 16385, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21635 (0x5483)
Word Count = 3 (0x3)
Handle=17422 (0x440e)
Time=NULL
smb_bcc=0
10:03:39.172788 IP (tos 0x8, ttl 64, id 35683, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x803e (correct), seq 13619:13658, ack 13180, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21635 (0x5483)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.173168 IP (tos 0x0, ttl 128, id 17241, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d50)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x0058), seq 13180:13270, ack 13658, win 16375, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21699 (0x54c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.173372 IP (tos 0x8, ttl 64, id 35684, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x2de7 (correct), seq 13658:13797, ack 13270, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21699 (0x54c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17424 (0x4410)
CreateAction=0x1
CreateTime=Sun Feb 5 23:39:58 2012
LastAccessTime=Sun Feb 5 23:39:58 2012
LastWriteTime=Sun Feb 5 23:49:24 2012
ChangeTime=Sun Feb 5 23:49:24 2012
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.173494 IP (tos 0x0, ttl 128, id 17242, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d5d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x44d6), seq 13270:13346, ack 13797, win 16340, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21763 (0x5503)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 10 44 ED 03 \0x10D\0xed\0x03
Data=
10:03:39.173604 IP (tos 0x8, ttl 64, id 35685, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x6cbb (correct), seq 13797:13885, ack 13346, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21763 (0x5503)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.173709 IP (tos 0x0, ttl 128, id 17243, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d7b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x5035), seq 13346:13391, ack 13885, win 16318, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21827 (0x5543)
Word Count = 3 (0x3)
Handle=17424 (0x4410)
Time=NULL
smb_bcc=0
10:03:39.173810 IP (tos 0x8, ttl 64, id 35686, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xbe60 (correct), seq 13885:13924, ack 13391, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21827 (0x5543)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.174698 IP (tos 0x0, ttl 128, id 17244, offset 0, flags [DF], proto TCP (6), length 148, bad cksum 0 (->5d3b)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a53 (incorrect -> 0x1d49), seq 13391:13499, ack 13924, win 16308, length 108
SMB PACKET: SMBtconX (REQUEST)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21891 (0x5583)
Word Count = 4 (0x4)
Com2=0xFF
Off2=104 (0x68)
Flags=0x8
PassLen=1 (0x1)
Passwd&Path&Device=
smb_bcc=61
smb_buf[]=
[000] 00 5C 00 5C 00 52 00 47 00 59 00 55 00 46 00 49 \0x00\\0x00\\0x00R\0x00G \0x00Y\0x00U\0x00F\0x00I
[010] 00 4C 00 45 00 53 00 5C 00 56 00 49 00 53 00 55 \0x00L\0x00E\0x00S\0x00\ \0x00V\0x00I\0x00S\0x00U
[020] 00 41 00 4C 00 2D 00 53 00 59 00 53 00 54 00 45 \0x00A\0x00L\0x00-\0x00S \0x00Y\0x00S\0x00T\0x00E
[030] 00 4D 00 53 00 00 00 3F 3F 3F 3F 3F 00 \0x00M\0x00S\0x00\0x00\0x00? ????\0x00
10:03:39.180422 IP (tos 0x8, ttl 64, id 35687, offset 0, flags [DF], proto TCP (6), length 106)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7c25 (correct), seq 13924:13990, ack 13499, win 7186, length 66
SMB PACKET: SMBtconX (REPLY)
SMB Command = 0x75
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 21891 (0x5583)
Word Count = 7 (0x7)
Com2=0xFF
Off2=0 (0x0)
Data: (10 bytes)
[000] 05 00 FF 01 1F 10 00 00 00 00 \0x05\0x00\0xff\0x01\0x1f\0x10\0x00\0x00 \0x00\0x00
smb_bcc=13
ServiceType=A:
Data: (10 bytes)
[000] 4E 00 54 00 46 00 53 00 00 00 N\0x00T\0x00F\0x00S\0x00 \0x00\0x00
10:03:39.180851 IP (tos 0x0, ttl 128, id 17245, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d4c)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0x7d1e), seq 13499:13589, ack 13990, win 16292, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21955 (0x55c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100080
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.181177 IP (tos 0x8, ttl 64, id 35688, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x76e3 (correct), seq 13990:14129, ack 13589, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 21955 (0x55c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17426 (0x4412)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.181272 IP (tos 0x0, ttl 128, id 17246, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d59)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x3ead), seq 13589:13665, ack 14129, win 16257, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22019 (0x5603)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=8 (0x8)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 12 44 EE 03 \0x12D\0xee\0x03
Data=
10:03:39.181396 IP (tos 0x8, ttl 64, id 35689, offset 0, flags [DF], proto TCP (6), length 112)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x6680 (correct), seq 14129:14201, ack 13665, win 7186, length 72
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22019 (0x5603)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=8
TotParam=2 (0x2)
TotData=8 (0x8)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=8 (0x8)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=13
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (8 bytes)
[000] 04 00 00 00 00 00 00 00 \0x04\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:03:39.181587 IP (tos 0x0, ttl 128, id 17247, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d58)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0xff1a), seq 13665:13741, ack 14201, win 16239, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22083 (0x5643)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 12 44 ED 03 \0x12D\0xed\0x03
Data=
10:03:39.181703 IP (tos 0x8, ttl 64, id 35690, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x289b (correct), seq 14201:14289, ack 13741, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22083 (0x5643)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.181841 IP (tos 0x0, ttl 128, id 17248, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d76)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x0c78), seq 13741:13786, ack 14289, win 16217, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22147 (0x5683)
Word Count = 3 (0x3)
Handle=17426 (0x4412)
Time=NULL
smb_bcc=0
10:03:39.181929 IP (tos 0x8, ttl 64, id 35691, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7a40 (correct), seq 14289:14328, ack 13786, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22147 (0x5683)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.182351 IP (tos 0x0, ttl 128, id 17249, offset 0, flags [DF], proto TCP (6), length 130, bad cksum 0 (->5d48)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a41 (incorrect -> 0xfb01), seq 13786:13876, ack 14328, win 16207, length 90
SMB PACKET: SMBntcreateX (REQUEST)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22211 (0x56c3)
Word Count = 24 (0x18)
Com2=0xFF
Off2=57054 (0xdede)
Res=0 (0x0)
NameLen=0
Flags=0x10
RootDirectoryFid=0 (0x0)
AccessMask=0x100000
AllocationSize=0 (0x0)
ExtFileAttributes=0x0
ShareAccess=0x7
CreateDisposition=0x1
CreateOptions=0x0
ImpersonationLevel=0x2
SecurityFlags=0 (0x0)
smb_bcc=3
Path=
Data: (1 bytes)
[000] 00 \0x00
10:03:39.182638 IP (tos 0x8, ttl 64, id 35692, offset 0, flags [DF], proto TCP (6), length 179)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x7271 (correct), seq 14328:14467, ack 13876, win 7186, length 139
SMB PACKET: SMBntcreateX (REPLY)
SMB Command = 0xA2
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22211 (0x56c3)
Word Count = 42 (0x2a)
Com2=0xFF
Off2=0 (0x0)
OplockLevel=0 (0x0)
Fid=17428 (0x4414)
CreateAction=0x1
CreateTime=Tue Feb 25 15:58:09 2014
LastAccessTime=Tue Feb 25 15:58:09 2014
LastWriteTime=Tue Aug 19 12:21:29 2014
ChangeTime=Tue Aug 19 12:21:29 2014
ExtFileAttributes=0x10
AllocationSize=0 (0x0)
EndOfFile=0 (0x0)
FileType=0x0
DeviceState=0x7
Directory=1 (0x1)
Data: (16 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
smb_bcc=0
10:03:39.182840 IP (tos 0x0, ttl 128, id 17250, offset 0, flags [DF], proto TCP (6), length 116, bad cksum 0 (->5d55)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a33 (incorrect -> 0x3b7f), seq 13876:13952, ack 14467, win 16173, length 76
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22275 (0x5703)
Word Count = 15 (0xf)
TRANSACT2_QFILEINFO param_length=4 data_length=0
TotParam=4 (0x4)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=4 (0x4)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=7
Parameters=
Data: (4 bytes)
[000] 14 44 ED 03 \0x14D\0xed\0x03
Data=
10:03:39.182960 IP (tos 0x8, ttl 64, id 35693, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x66bd (correct), seq 14467:14555, ack 13952, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22275 (0x5703)
Word Count = 10 (0xa)
TRANSACT2_QFILEINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:03:39.183075 IP (tos 0x0, ttl 128, id 17251, offset 0, flags [DF], proto TCP (6), length 85, bad cksum 0 (->5d73)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a14 (incorrect -> 0x4ada), seq 13952:13997, ack 14555, win 16151, length 45
SMB PACKET: SMBclose (REQUEST)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22339 (0x5743)
Word Count = 3 (0x3)
Handle=17428 (0x4414)
Time=NULL
smb_bcc=0
10:03:39.183185 IP (tos 0x8, ttl 64, id 35694, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xb862 (correct), seq 14555:14594, ack 13997, win 7186, length 39
SMB PACKET: SMBclose (REPLY)
SMB Command = 0x4
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22339 (0x5743)
Word Count = 0 (0x0)
smb_bcc=0
10:03:39.377095 IP (tos 0x0, ttl 128, id 17254, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->5d9d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0x94cf), seq 13997, ack 14594, win 16141, length 0
10:03:53.852269 IP (tos 0x0, ttl 128, id 17757, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->5b7f)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xe6af), seq 13997:14036, ack 14594, win 16141, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22403 (0x5783)
Word Count = 0 (0x0)
smb_bcc=0
10:03:53.852701 IP (tos 0x8, ttl 64, id 35695, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x0d14 (correct), seq 14594:14633, ack 14036, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 1 (0x1)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22403 (0x5783)
Word Count = 0 (0x0)
smb_bcc=0
10:03:53.852841 IP (tos 0x0, ttl 128, id 17758, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->5b7e)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0xa56b), seq 14036:14075, ack 14633, win 16131, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22467 (0x57c3)
Word Count = 0 (0x0)
smb_bcc=0
10:03:53.853201 IP (tos 0x8, ttl 64, id 35696, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xcbc5 (correct), seq 14633:14672, ack 14075, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 2 (0x2)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22467 (0x57c3)
Word Count = 0 (0x0)
smb_bcc=0
10:03:53.853272 IP (tos 0x0, ttl 128, id 17759, offset 0, flags [DF], proto TCP (6), length 79, bad cksum 0 (->5b7d)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a0e (incorrect -> 0x6427), seq 14075:14114, ack 14672, win 16121, length 39
SMB PACKET: SMBtdis (REQUEST)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22531 (0x5803)
Word Count = 0 (0x0)
smb_bcc=0
10:03:53.853665 IP (tos 0x8, ttl 64, id 35697, offset 0, flags [DF], proto TCP (6), length 79)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0x8a77 (correct), seq 14672:14711, ack 14114, win 7186, length 39
SMB PACKET: SMBtdis (REPLY)
SMB Command = 0x71
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 3 (0x3)
Proc ID = 65279 (0xfeff)
UID = 100 (0x64)
MID = 22531 (0x5803)
Word Count = 0 (0x0)
smb_bcc=0
10:03:54.053271 IP (tos 0x0, ttl 128, id 17774, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->5b95)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0x9402), seq 14114, ack 14711, win 16112, length 0
10:04:11.043413 IP (tos 0x0, ttl 128, id 18286, offset 0, flags [DF], proto TCP (6), length 120, bad cksum 0 (->5945)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a37 (incorrect -> 0x08fb), seq 14114:14194, ack 14711, win 16112, length 80
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22595 (0x5843)
Word Count = 15 (0xf)
TRANSACT2_QPATHINFO param_length=8 data_length=0
TotParam=8 (0x8)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=40 (0x28)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=8 (0x8)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=11
Parameters=
Data: (8 bytes)
[000] EC 03 00 00 00 00 00 00 \0xec\0x03\0x00\0x00\0x00\0x00\0x00\0x00
Data=
10:04:11.043927 IP (tos 0x8, ttl 64, id 35698, offset 0, flags [DF], proto TCP (6), length 144)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xe84d (correct), seq 14711:14815, ack 14194, win 7186, length 104
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22595 (0x5843)
Word Count = 10 (0xa)
TRANSACT2_QPATHINFO param_length=2 data_length=40
TotParam=2 (0x2)
TotData=40 (0x28)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=40 (0x28)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=45
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (40 bytes)
[000] CC 2C 69 D4 9C A1 CF 01 CC 2C 69 D4 9C A1 CF 01 \0xcc,i\0xd4\0x9c\0xa1\0xcf\0x01 \0xcc,i\0xd4\0x9c\0xa1\0xcf\0x01
[010] 1B 88 3A AC CC C1 CF 01 1B 88 3A AC CC C1 CF 01 \0x1b\0x88:\0xac\0xcc\0xc1\0xcf\0x01 \0x1b\0x88:\0xac\0xcc\0xc1\0xcf\0x01
[020] 10 00 00 00 00 00 00 00 \0x10\0x00\0x00\0x00\0x00\0x00\0x00\0x00
10:04:11.044025 IP (tos 0x0, ttl 128, id 18287, offset 0, flags [DF], proto TCP (6), length 120, bad cksum 0 (->5944)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [P.], cksum 0x5a37 (incorrect -> 0xc76c), seq 14194:14274, ack 14815, win 16086, length 80
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22659 (0x5883)
Word Count = 15 (0xf)
TRANSACT2_QPATHINFO param_length=8 data_length=0
TotParam=8 (0x8)
TotData=0 (0x0)
MaxParam=2 (0x2)
MaxData=24 (0x18)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=8 (0x8)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=11
Parameters=
Data: (8 bytes)
[000] ED 03 00 00 00 00 00 00 \0xed\0x03\0x00\0x00\0x00\0x00\0x00\0x00
Data=
10:04:11.044566 IP (tos 0x8, ttl 64, id 35699, offset 0, flags [DF], proto TCP (6), length 128)
192.168.0.58.445 > 192.168.1.110.49276: Flags [P.], cksum 0xde1d (correct), seq 14815:14903, ack 14274, win 7186, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x88
Flags2 = 0x3
Tree ID = 9 (0x9)
Proc ID = 344 (0x158)
UID = 100 (0x64)
MID = 22659 (0x5883)
Word Count = 10 (0xa)
TRANSACT2_QPATHINFO param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Parameters=
Data: (2 bytes)
[000] 00 00 \0x00\0x00
Data=
Data: (24 bytes)
[000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00
[010] 01 00 00 00 00 01 00 00 \0x01\0x00\0x00\0x00\0x00\0x01\0x00\0x00
10:04:11.243198 IP (tos 0x0, ttl 128, id 18288, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->5993)!)
192.168.1.110.49276 > 192.168.0.58.445: Flags [.], cksum 0x59e7 (incorrect -> 0x92d2), seq 14274, ack 14903, win 16064, length 0