Frame 141 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.884579000 Time delta from previous packet: 0.156342000 seconds Time relative to first packet: 81112.359375000 seconds Frame Number: 141 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc7ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3744 (incorrect, should be 0x2d9f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: 139 (139), Seq: 14575601, Ack: 0, Len: 0 Source port: 33220 (33220) Destination port: 139 (139) Sequence number: 14575601 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x6da7 (incorrect, should be 0x6402) Options: (8 bytes) Maximum segment size: 1400 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c7 ee 40 00 71 06 37 44 04 40 dd 2a ac 10 .0..@.q.7D.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f1 00 00 00 00 70 02 ........g.....p. 0030 20 00 6d a7 00 00 02 04 05 78 01 01 04 02 .m......x.... Frame 142 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.891677000 Time delta from previous packet: 0.007098000 seconds Time relative to first packet: 81112.366473000 seconds Frame Number: 142 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x028b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeea7 (incorrect, should be 0xe502) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: 139 (139), Dst Port: 33220 (33220), Seq: 2174707732, Ack: 14575602, Len: 0 Source port: 139 (139) Destination port: 33220 (33220) Sequence number: 2174707732 Acknowledgement number: 14575602 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16800 Checksum: 0x6206 (incorrect, should be 0x5861) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 8b 40 00 7f 06 ee a7 ac 10 86 bf 04 40 .0..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 14 00 de 67 f2 70 12 .*......h...g.p. 0030 41 a0 62 06 00 00 02 04 05 b4 01 01 04 02 A.b........... Frame 143 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.982886000 Time delta from previous packet: 0.091209000 seconds Time relative to first packet: 81112.457682000 seconds Frame Number: 143 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xccee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x324c (incorrect, should be 0x28a7) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: 139 (139), Seq: 14575602, Ack: 2174707733, Len: 0 Source port: 33220 (33220) Destination port: 139 (139) Sequence number: 14575602 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0xaf9a (incorrect, should be 0xa5f5) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cc ee 40 00 71 06 32 4c 04 40 dd 2a ac 10 .(..@.q.2L.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 10 ........g...h.P. 0030 20 d0 af 9a 00 00 00 00 00 00 00 00 ........... Frame 144 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.992845000 Time delta from previous packet: 0.009959000 seconds Time relative to first packet: 81112.467641000 seconds Frame Number: 144 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcdee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3104 (incorrect, should be 0x275f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: 139 (139), Seq: 14575602, Ack: 2174707733, Len: 72 Source port: 33220 (33220) Destination port: 139 (139) Sequence number: 14575602 Next sequence number: 14575674 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0x5f7f (incorrect, should be 0x55da) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cd ee 40 00 71 06 31 04 04 40 dd 2a ac 10 .p..@.q.1..@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 18 ........g...h.P. 0030 20 d0 5f 7f 00 00 81 00 00 44 20 46 44 45 43 45 ._......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 145 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.993597000 Time delta from previous packet: 0.000752000 seconds Time relative to first packet: 81112.468393000 seconds Frame Number: 145 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x028c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeeaa (incorrect, should be 0xe505) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: 139 (139), Dst Port: 33220 (33220), Seq: 2174707733, Ack: 14575674, Len: 4 Source port: 139 (139) Destination port: 33220 (33220) Sequence number: 2174707733 Next sequence number: 2174707737 Acknowledgement number: 14575674 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16728 Checksum: 0x0cbe (incorrect, should be 0x0319) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 8c 40 00 7f 06 ee aa ac 10 86 bf 04 40 .,..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 15 00 de 68 3a 50 18 .*......h...h:P. 0030 41 58 0c be 00 00 82 00 00 00 00 00 AX.......... Frame 146 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.093702000 Time delta from previous packet: 0.100105000 seconds Time relative to first packet: 81112.568498000 seconds Frame Number: 146 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd1ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x2d0e (incorrect, should be 0x2369) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: 139 (139), Seq: 14575674, Ack: 2174707737, Len: 62 Source port: 33220 (33220) Destination port: 139 (139) Sequence number: 14575674 Next sequence number: 14575736 Acknowledgement number: 2174707737 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8396 Checksum: 0x1b86 (incorrect, should be 0x31e0) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 ee 40 00 71 06 2d 0e 04 40 dd 2a ac 10 .f..@.q.-..@.*.. 0020 86 bf 81 c4 00 8b 00 de 68 3a 81 9f 68 19 50 18 ........h:..h.P. 0030 20 cc 1b 86 00 00 00 00 00 3a ff 53 4d 42 75 00 ........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 147 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.099579000 Time delta from previous packet: 0.005877000 seconds Time relative to first packet: 81112.574375000 seconds Frame Number: 147 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x028d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeead (incorrect, should be 0xe508) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: 139 (139), Dst Port: 33220 (33220), Seq: 2174707737, Ack: 14575674, Len: 0 Source port: 139 (139) Destination port: 33220 (33220) Sequence number: 2174707737 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xd02a (incorrect, should be 0xc685) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 8d 40 00 7f 06 ee ad ac 10 86 bf 04 40 .(..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 19 00 de 68 3a 50 04 .*......h...h:P. 0030 00 00 d0 2a 00 00 00 00 00 00 00 00 ...*........