Frame 3 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.817956000 Time delta from previous packet: 0.292751000 seconds Time relative to first packet: 0.292752000 seconds Frame Number: 3 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0713 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715630, Ack: 0, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715630 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe299 (incorrect, should be 0xd8f4) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 07 13 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .0..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2e 00 00 00 00 70 02 ...T..s.......p. 0030 40 00 e2 99 00 00 02 04 05 86 01 01 04 02 @............. Frame 4 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.818908000 Time delta from previous packet: 0.000952000 seconds Time relative to first packet: 0.293704000 seconds Frame Number: 4 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x82ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x550e (incorrect, should be 0x4b69) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847240, Ack: 1943715631, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847240 Acknowledgement number: 1943715631 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x9be8 (incorrect, should be 0x9243) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 82 ee 40 00 7f 06 55 0e ac 10 86 bf db 76 .0..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 88 73 da bf 2f 70 12 .*...T....s../p. 0030 42 48 9b e8 00 00 02 04 05 b4 01 01 04 02 BH............ Frame 5 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.923263000 Time delta from previous packet: 0.104355000 seconds Time relative to first packet: 0.398059000 seconds Frame Number: 5 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x071b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0xc8ac (incorrect, should be 0xbf07) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 07 1b 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .(..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 10 ...T..s../....P. 0030 42 48 c8 ac 00 00 00 00 00 00 00 00 BH.......... Frame 6 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933135000 Time delta from previous packet: 0.009872000 seconds Time relative to first packet: 0.407931000 seconds Frame Number: 6 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x071c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a0 (incorrect, should be 0xd6fb) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 72 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Next sequence number: 1943715703 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x7891 (incorrect, should be 0x6eec) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 07 1c 40 00 6f 06 e0 a0 db 76 1f 2a ac 10 .p..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 18 ...T..s../....P. 0030 42 48 78 91 00 00 81 00 00 44 20 46 44 45 43 45 BHx......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 7 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933137000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 0.407933000 seconds Frame Number: 7 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x82fb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5505 (incorrect, should be 0x4b60) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847241, Ack: 1943715703, Len: 4 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847241 Next sequence number: 2476847245 Acknowledgement number: 1943715703 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16896 Checksum: 0x46a0 (incorrect, should be 0x3cfb) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 82 fb 40 00 7f 06 55 05 ac 10 86 bf db 76 .,..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 89 73 da bf 77 50 18 .*...T....s..wP. 0030 42 00 46 a0 00 00 82 00 00 00 00 00 B.F......... Frame 8 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.039478000 Time delta from previous packet: 0.106341000 seconds Time relative to first packet: 0.514274000 seconds Frame Number: 8 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0722 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a4 (incorrect, should be 0xd6ff) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715703, Ack: 2476847245, Len: 62 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715703 Next sequence number: 1943715765 Acknowledgement number: 2476847245 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16964 Checksum: 0x3498 (incorrect, should be 0x4af2) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 07 22 40 00 6f 06 e0 a4 db 76 1f 2a ac 10 .f."@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 77 93 a1 b0 8d 50 18 ...T..s..w....P. 0030 42 44 34 98 00 00 00 00 00 3a ff 53 4d 42 75 00 BD4......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 9 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.042384000 Time delta from previous packet: 0.002906000 seconds Time relative to first packet: 0.517180000 seconds Frame Number: 9 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x82fc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5508 (incorrect, should be 0x4b63) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847245, Ack: 1943715703, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847245 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0ab5 (incorrect, should be 0x0110) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 82 fc 40 00 7f 06 55 08 ac 10 86 bf db 76 .(..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 8d 73 da bf 77 50 04 .*...T....s..wP. 0030 00 00 0a b5 00 00 00 00 00 00 00 00 ............ Frame 13 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.676082000 Time delta from previous packet: 0.256298000 seconds Time relative to first packet: 8703.150878000 seconds Frame Number: 13 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xf3bb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e5 (incorrect, should be 0xfe3f) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164465, Ack: 0, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164465 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc042 (incorrect, should be 0xb69d) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 f3 bb 40 00 72 06 07 e5 da a3 09 59 ac 10 .0..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f1 00 00 00 00 70 02 ......r.......p. 0030 40 00 c0 42 00 00 02 04 05 86 01 01 04 02 @..B.......... Frame 14 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.678268000 Time delta from previous packet: 0.002186000 seconds Time relative to first packet: 8703.153064000 seconds Frame Number: 14 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.163.9.89 (218.163.9.89) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2030 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xce70 (incorrect, should be 0xc4cb) Source: 172.16.134.191 (172.16.134.191) Destination: 218.163.9.89 (218.163.9.89) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4760 (4760), Seq: 406492478, Ack: 1926164466, Len: 0 Source port: netbios-ssn (139) Destination port: 4760 (4760) Sequence number: 406492478 Acknowledgement number: 1926164466 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x1043 (incorrect, should be 0x069e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 20 30 40 00 7f 06 ce 70 ac 10 86 bf da a3 .0 0@....p...... 0020 09 59 00 8b 12 98 18 3a 95 3e 72 ce ef f2 70 12 .Y.....:.>r...p. 0030 42 48 10 43 00 00 02 04 05 b4 01 01 04 02 BH.C.......... Frame 15 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.895758000 Time delta from previous packet: 0.217490000 seconds Time relative to first packet: 8703.370554000 seconds Frame Number: 15 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xf3c4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e4 (incorrect, should be 0xfe3e) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164466, Ack: 406492479, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164466 Acknowledgement number: 406492479 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x3d07 (incorrect, should be 0x3362) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 f3 c4 40 00 72 06 07 e4 da a3 09 59 ac 10 .(..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f2 18 3a 95 3f 50 10 ......r....:.?P. 0030 42 48 3d 07 00 00 00 00 00 00 00 00 BH=......... Frame 36 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.804840000 Time delta from previous packet: 2.724544000 seconds Time relative to first packet: 21085.279636000 seconds Frame Number: 36 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8829 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xde42 (incorrect, should be 0xd49d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055695, Ack: 0, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055695 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x5e41 (incorrect, should be 0x549c) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 88 29 40 00 2f 06 de 42 3d 9b 7e 96 ac 10 .0.)@./..B=.~... 0020 86 bf 06 b4 00 8b 00 10 1b cf 00 00 00 00 70 02 ..............p. 0030 20 00 5e 41 00 00 02 04 02 18 01 01 04 02 .^A.......... Frame 37 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.809838000 Time delta from previous packet: 0.004998000 seconds Time relative to first packet: 21085.284634000 seconds Frame Number: 37 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9506 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8165 (incorrect, should be 0x77c0) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138197, Ack: 1055696, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138197 Acknowledgement number: 1055696 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x1538 (incorrect, should be 0x0b93) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 06 40 00 7f 06 81 65 ac 10 86 bf 3d 9b .0..@....e....=. 0020 7e 96 00 8b 06 b4 ba de 69 95 00 10 1b d0 70 12 ~.......i.....p. 0030 40 e8 15 38 00 00 02 04 05 b4 01 01 04 02 @..8.......... Frame 38 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.965907000 Time delta from previous packet: 1.156069000 seconds Time relative to first packet: 21086.440703000 seconds Frame Number: 38 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9529 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xd14a (incorrect, should be 0xc7a5) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x6164 (incorrect, should be 0x57bf) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 95 29 40 00 2f 06 d1 4a 3d 9b 7e 96 ac 10 .(.)@./..J=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 10 ............i.P. 0030 21 80 61 64 00 00 00 00 00 00 00 00 !.ad........ Frame 39 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.975130000 Time delta from previous packet: 0.009223000 seconds Time relative to first packet: 21086.449926000 seconds Frame Number: 39 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9629 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 48 Protocol: TCP (0x06) Header checksum: 0xcf02 (incorrect, should be 0xc55d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 72 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Next sequence number: 1055768 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x1149 (incorrect, should be 0x07a4) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 96 29 40 00 30 06 cf 02 3d 9b 7e 96 ac 10 .p.)@.0...=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 18 ............i.P. 0030 21 80 11 49 00 00 81 00 00 44 20 46 44 45 43 45 !..I.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 40 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.976852000 Time delta from previous packet: 0.001722000 seconds Time relative to first packet: 21086.451648000 seconds Frame Number: 40 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x9507 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8168 (incorrect, should be 0x77c3) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138198, Ack: 1055768, Len: 4 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138198 Next sequence number: 3135138202 Acknowledgement number: 1055768 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xbfef (incorrect, should be 0xb64a) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 07 40 00 7f 06 81 68 ac 10 86 bf 3d 9b .,..@....h....=. 0020 7e 96 00 8b 06 b4 ba de 69 96 00 10 1c 18 50 18 ~.......i.....P. 0030 40 a0 bf ef 00 00 82 00 00 00 00 00 @........... Frame 41 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.663771000 Time delta from previous packet: 1.686919000 seconds Time relative to first packet: 21088.138567000 seconds Frame Number: 41 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xbd29 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xa90c (incorrect, should be 0x9f67) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055768, Ack: 3135138202, Len: 62 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055768 Next sequence number: 1055830 Acknowledgement number: 3135138202 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0xcd4f (incorrect, should be 0xe3a9) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 bd 29 40 00 2f 06 a9 0c 3d 9b 7e 96 ac 10 .f.)@./...=.~... 0020 86 bf 06 b4 00 8b 00 10 1c 18 ba de 69 9a 50 18 ............i.P. 0030 21 7c cd 4f 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.O.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 42 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.668662000 Time delta from previous packet: 0.004891000 seconds Time relative to first packet: 21088.143458000 seconds Frame Number: 42 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9508 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x816b (incorrect, should be 0x77c6) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138202, Ack: 1055768, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138202 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x82a4 (incorrect, should be 0x78ff) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 08 40 00 7f 06 81 6b ac 10 86 bf 3d 9b .(..@....k....=. 0020 7e 96 00 8b 06 b4 ba de 69 9a 00 10 1c 18 50 04 ~.......i.....P. 0030 00 00 82 a4 00 00 00 00 00 00 00 00 ............ Frame 48 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.723351000 Time delta from previous packet: 0.054471000 seconds Time relative to first packet: 27333.198147000 seconds Frame Number: 48 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xca8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8ad6 (incorrect, should be 0x8131) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820556, Ack: 0, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820556 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x0f86 (incorrect, should be 0x05e1) Options: (8 bytes) Maximum segment size: 1456 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 ca 8e 40 00 76 06 8a d6 42 be 43 7a ac 10 .0..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cc 00 00 00 00 70 02 ...%..........p. 0030 20 00 0f 86 00 00 02 04 05 b0 01 01 04 02 ............. Frame 49 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.728268000 Time delta from previous packet: 0.004917000 seconds Time relative to first packet: 27333.203064000 seconds Frame Number: 49 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9549 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71b (incorrect, should be 0xad76) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464892, Ack: 62820557, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464892 Acknowledgement number: 62820557 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17472 Checksum: 0xa632 (incorrect, should be 0x9c8d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 49 40 00 7f 06 b7 1b ac 10 86 bf 42 be .0.I@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fc 03 be 90 cd 70 12 Cz...%../.....p. 0030 44 40 a6 32 00 00 02 04 05 b4 01 01 04 02 D@.2.......... Frame 50 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.781436000 Time delta from previous packet: 0.053168000 seconds Time relative to first packet: 27333.256232000 seconds Frame Number: 50 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcb8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x89de (incorrect, should be 0x8039) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xf516 (incorrect, should be 0xeb71) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cb 8e 40 00 76 06 89 de 42 be 43 7a ac 10 .(..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 10 ...%......../.P. 0030 22 20 f5 16 00 00 00 00 00 00 00 00 " .......... Frame 51 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.792531000 Time delta from previous packet: 0.011095000 seconds Time relative to first packet: 27333.267327000 seconds Frame Number: 51 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcc8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8896 (incorrect, should be 0x7ef1) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 72 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Next sequence number: 62820629 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xa4fb (incorrect, should be 0x9b56) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cc 8e 40 00 76 06 88 96 42 be 43 7a ac 10 .p..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 18 ...%......../.P. 0030 22 20 a4 fb 00 00 81 00 00 44 20 46 44 45 43 45 " .......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 52 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.793233000 Time delta from previous packet: 0.000702000 seconds Time relative to first packet: 27333.268029000 seconds Frame Number: 52 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x954a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71e (incorrect, should be 0xad79) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464893, Ack: 62820629, Len: 4 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464893 Next sequence number: 352464897 Acknowledgement number: 62820629 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17400 Checksum: 0x50ea (incorrect, should be 0x4745) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 4a 40 00 7f 06 b7 1e ac 10 86 bf 42 be .,.J@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fd 03 be 91 15 50 18 Cz...%../.....P. 0030 43 f8 50 ea 00 00 82 00 00 00 00 00 C.P......... Frame 53 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.851438000 Time delta from previous packet: 0.058205000 seconds Time relative to first packet: 27333.326234000 seconds Frame Number: 53 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd08e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x84a0 (incorrect, should be 0x7afb) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820629, Ack: 352464897, Len: 62 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820629 Next sequence number: 62820691 Acknowledgement number: 352464897 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8732 Checksum: 0x6102 (incorrect, should be 0x775c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d0 8e 40 00 76 06 84 a0 42 be 43 7a ac 10 .f..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 91 15 15 02 30 01 50 18 ...%........0.P. 0030 22 1c 61 02 00 00 00 00 00 3a ff 53 4d 42 75 00 ".a......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 54 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.856216000 Time delta from previous packet: 0.004778000 seconds Time relative to first packet: 27333.331012000 seconds Frame Number: 54 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x954b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb721 (incorrect, should be 0xad7c) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464897, Ack: 62820629, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464897 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x16f7 (incorrect, should be 0x0d52) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 4b 40 00 7f 06 b7 21 ac 10 86 bf 42 be .(.K@....!....B. 0020 43 7a 00 8b 0f 25 15 02 30 01 03 be 91 15 50 04 Cz...%..0.....P. 0030 00 00 16 f7 00 00 00 00 00 00 00 00 ............ Frame 78 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.724406000 Time delta from previous packet: 0.270061000 seconds Time relative to first packet: 29730.199202000 seconds Frame Number: 78 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd732 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5db (incorrect, should be 0xdc36) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911004, Ack: 0, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911004 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x0ab6 (incorrect, should be 0x0111) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 d7 32 40 00 6b 06 e5 db 8d 95 9b f9 ac 10 .0.2@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5c 00 00 00 00 70 02 ......^+.\....p. 0030 40 00 0a b6 00 00 02 04 05 ac 01 01 04 02 @............. Frame 79 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.729626000 Time delta from previous packet: 0.005220000 seconds Time relative to first packet: 29730.204422000 seconds Frame Number: 79 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0067 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8a7 (incorrect, should be 0x9f02) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537797, Ack: 1579911005, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537797 Acknowledgement number: 1579911005 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x8ead (incorrect, should be 0x8508) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 67 40 00 7f 06 a8 a7 ac 10 86 bf 8d 95 .0.g@........... 0020 9b f9 00 8b ff a4 8a d9 ed 05 5e 2b 87 5d 70 12 ..........^+.]p. 0030 44 10 8e ad 00 00 02 04 05 b4 01 01 04 02 D............. Frame 80 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.834366000 Time delta from previous packet: 0.104740000 seconds Time relative to first packet: 29730.309162000 seconds Frame Number: 80 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd735 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5e0 (incorrect, should be 0xdc3b) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbb11 (incorrect, should be 0xb16c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 d7 35 40 00 6b 06 e5 e0 8d 95 9b f9 ac 10 .(.5@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 10 ......^+.]....P. 0030 44 70 bb 11 00 00 00 00 00 00 00 00 Dp.......... Frame 81 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.854313000 Time delta from previous packet: 0.019947000 seconds Time relative to first packet: 29730.329109000 seconds Frame Number: 81 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xd737 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe596 (incorrect, should be 0xdbf1) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 72 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Next sequence number: 1579911077 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x88fc (incorrect, should be 0x7f57) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 d7 37 40 00 6b 06 e5 96 8d 95 9b f9 ac 10 .p.7@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 18 ......^+.]....P. 0030 44 70 88 fc 00 00 81 00 00 44 20 46 44 45 43 45 Dp.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 82 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.861339000 Time delta from previous packet: 0.007026000 seconds Time relative to first packet: 29730.336135000 seconds Frame Number: 82 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0068 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8aa (incorrect, should be 0x9f05) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537798, Ack: 1579911077, Len: 4 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537798 Next sequence number: 2329537802 Acknowledgement number: 1579911077 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0x3965 (incorrect, should be 0x2fc0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 68 40 00 7f 06 a8 aa ac 10 86 bf 8d 95 .,.h@........... 0020 9b f9 00 8b ff a4 8a d9 ed 06 5e 2b 87 a5 50 18 ..........^+..P. 0030 43 c8 39 65 00 00 82 00 00 00 00 00 C.9e........ Frame 83 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.974692000 Time delta from previous packet: 0.113353000 seconds Time relative to first packet: 29730.449488000 seconds Frame Number: 83 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd73a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe59d (incorrect, should be 0xdbf8) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911077, Ack: 2329537802, Len: 62 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911077 Next sequence number: 1579911139 Acknowledgement number: 2329537802 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0x26fd (incorrect, should be 0x3d57) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d7 3a 40 00 6b 06 e5 9d 8d 95 9b f9 ac 10 .f.:@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 a5 8a d9 ed 0a 50 18 ......^+......P. 0030 44 6c 26 fd 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl&......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 84 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:40.025756000 Time delta from previous packet: 0.051064000 seconds Time relative to first packet: 29730.500552000 seconds Frame Number: 84 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0069 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8ad (incorrect, should be 0x9f08) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537802, Ack: 1579911077, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537802 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xff41 (incorrect, should be 0xf59c) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 69 40 00 7f 06 a8 ad ac 10 86 bf 8d 95 .(.i@........... 0020 9b f9 00 8b ff a4 8a d9 ed 0a 5e 2b 87 a5 50 04 ..........^+..P. 0030 00 00 ff 41 00 00 00 00 00 00 00 00 ...A........ Frame 87 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.846107000 Time delta from previous packet: 0.374606000 seconds Time relative to first packet: 38563.320903000 seconds Frame Number: 87 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa84f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1a5c (incorrect, should be 0x10b7) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596531, Ack: 0, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596531 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x1d57 (incorrect, should be 0x13b2) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a8 4f 40 00 72 06 1a 5c cf 06 4d eb ac 10 .0.O@.r..\..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 33 00 00 00 00 70 02 ...,.....3....p. 0030 20 00 1d 57 00 00 02 04 05 b4 01 01 04 02 ..W.......... Frame 88 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.851313000 Time delta from previous packet: 0.005206000 seconds Time relative to first packet: 38563.326109000 seconds Frame Number: 88 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ec (incorrect, should be 0xab47) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654193, Ack: 96596532, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654193 Acknowledgement number: 96596532 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd5b9 (incorrect, should be 0xcc14) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 bf 40 00 7f 06 b4 ec ac 10 86 bf cf 06 .0..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 71 05 c1 f2 34 70 12 M....,...q...4p. 0030 44 70 d5 b9 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 89 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.906054000 Time delta from previous packet: 0.054741000 seconds Time relative to first packet: 38563.380850000 seconds Frame Number: 89 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xab4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1764 (incorrect, should be 0x0dbf) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x24b6 (incorrect, should be 0x1b11) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ab 4f 40 00 72 06 17 64 cf 06 4d eb ac 10 .(.O@.r..d..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 10 ...,.....4...rP. 0030 22 38 24 b6 00 00 00 00 00 00 00 00 "8$......... Frame 90 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.915574000 Time delta from previous packet: 0.009520000 seconds Time relative to first packet: 38563.390370000 seconds Frame Number: 90 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xac4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x161c (incorrect, should be 0x0c77) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 72 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Next sequence number: 96596604 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf9a0 (incorrect, should be 0xeffb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ac 4f 40 00 72 06 16 1c cf 06 4d eb ac 10 .p.O@.r.....M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 18 ...,.....4...rP. 0030 22 38 f9 a0 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 91 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.921795000 Time delta from previous packet: 0.006221000 seconds Time relative to first packet: 38563.396591000 seconds Frame Number: 91 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x00c0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ef (incorrect, should be 0xab4a) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654194, Ack: 96596604, Len: 4 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654194 Next sequence number: 128654198 Acknowledgement number: 96596604 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x8071 (incorrect, should be 0x76cc) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 c0 40 00 7f 06 b4 ef ac 10 86 bf cf 06 .,..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 72 05 c1 f2 7c 50 18 M....,...r...|P. 0030 44 28 80 71 00 00 82 00 00 00 00 00 D(.q........ Frame 92 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.997396000 Time delta from previous packet: 0.075601000 seconds Time relative to first packet: 38563.472192000 seconds Frame Number: 92 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xad4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1526 (incorrect, should be 0x0b81) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596604, Ack: 128654198, Len: 62 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596604 Next sequence number: 96596666 Acknowledgement number: 128654198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x90a1 (incorrect, should be 0xa6fb) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 ad 4f 40 00 72 06 15 26 cf 06 4d eb ac 10 .f.O@.r..&..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 7c 07 ab 1b 76 50 18 ...,.....|...vP. 0030 22 34 90 a1 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 93 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:53.002337000 Time delta from previous packet: 0.004941000 seconds Time relative to first packet: 38563.477133000 seconds Frame Number: 93 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x00c1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4f2 (incorrect, should be 0xab4d) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654198, Ack: 96596604, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654198 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x46ae (incorrect, should be 0x3d09) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 c1 40 00 7f 06 b4 f2 ac 10 86 bf cf 06 .(..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 76 05 c1 f2 7c 50 04 M....,...v...|P. 0030 00 00 46 ae 00 00 00 00 00 00 00 00 ..F......... Frame 96 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.567150000 Time delta from previous packet: 0.354194000 seconds Time relative to first packet: 44458.041946000 seconds Frame Number: 96 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x915b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xee23 (incorrect, should be 0xe47e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002209, Ack: 0, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002209 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xbe10 (incorrect, should be 0xb46b) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 91 5b 40 00 72 06 ee 23 a2 21 bd fc ac 10 .0.[@.r..#.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a1 00 00 00 00 70 02 .......=......p. 0030 20 00 be 10 00 00 02 04 02 18 01 01 04 02 ............. Frame 97 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.572129000 Time delta from previous packet: 0.004979000 seconds Time relative to first packet: 44458.046925000 seconds Frame Number: 97 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00ff Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7180 (incorrect, should be 0x67db) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017930, Ack: 4002210, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017930 Acknowledgement number: 4002210 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xa1c3 (incorrect, should be 0x981e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 ff 40 00 7f 06 71 80 ac 10 86 bf a2 21 .0..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4a 00 3d 11 a2 70 12 ......_m.J.=..p. 0030 40 e8 a1 c3 00 00 02 04 05 b4 01 01 04 02 @............. Frame 98 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.785226000 Time delta from previous packet: 0.213097000 seconds Time relative to first packet: 44458.260022000 seconds Frame Number: 98 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9e5b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe12b (incorrect, should be 0xd786) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xedef (incorrect, should be 0xe44a) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9e 5b 40 00 72 06 e1 2b a2 21 bd fc ac 10 .(.[@.r..+.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 10 .......=.._m.KP. 0030 21 80 ed ef 00 00 00 00 00 00 00 00 !........... Frame 99 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.815584000 Time delta from previous packet: 0.030358000 seconds Time relative to first packet: 44458.290380000 seconds Frame Number: 99 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa05b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xdee3 (incorrect, should be 0xd53e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 72 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Next sequence number: 4002282 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x9dd4 (incorrect, should be 0x942f) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a0 5b 40 00 72 06 de e3 a2 21 bd fc ac 10 .p.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 18 .......=.._m.KP. 0030 21 80 9d d4 00 00 81 00 00 44 20 46 44 45 43 45 !........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 100 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.818345000 Time delta from previous packet: 0.002761000 seconds Time relative to first packet: 44458.293141000 seconds Frame Number: 100 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0100 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7183 (incorrect, should be 0x67de) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017931, Ack: 4002282, Len: 4 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017931 Next sequence number: 1601017935 Acknowledgement number: 4002282 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x4c7b (incorrect, should be 0x42d6) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 01 00 40 00 7f 06 71 83 ac 10 86 bf a2 21 .,..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4b 00 3d 11 ea 50 18 ......_m.K.=..P. 0030 40 a0 4c 7b 00 00 82 00 00 00 00 00 @.L{........ Frame 101 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.005494000 Time delta from previous packet: 0.187149000 seconds Time relative to first packet: 44458.480290000 seconds Frame Number: 101 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xa65b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xd8ed (incorrect, should be 0xcf48) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002282, Ack: 1601017935, Len: 62 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002282 Next sequence number: 4002344 Acknowledgement number: 1601017935 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x59db (incorrect, should be 0x7035) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 a6 5b 40 00 72 06 d8 ed a2 21 bd fc ac 10 .f.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 ea 5f 6d 98 4f 50 18 .......=.._m.OP. 0030 21 7c 59 db 00 00 00 00 00 3a ff 53 4d 42 75 00 !|Y......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 102 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.010304000 Time delta from previous packet: 0.004810000 seconds Time relative to first packet: 44458.485100000 seconds Frame Number: 102 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0101 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7186 (incorrect, should be 0x67e1) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017935, Ack: 4002282, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017935 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0f30 (incorrect, should be 0x058b) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 01 01 40 00 7f 06 71 86 ac 10 86 bf a2 21 .(..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4f 00 3d 11 ea 50 04 ......_m.O.=..P. 0030 00 00 0f 30 00 00 00 00 00 00 00 00 ...0........ Frame 107 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.507005000 Time delta from previous packet: 0.163706000 seconds Time relative to first packet: 64400.981801000 seconds Frame Number: 107 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4bbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x5ddc (incorrect, should be 0x5437) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206342, Ack: 0, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206342 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa0ee (incorrect, should be 0x9749) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4b bf 40 00 6d 06 5d dc 40 11 fa f0 ac 10 .0K.@.m.].@..... 0020 86 bf 0f cf 00 8b 07 a4 46 06 00 00 00 00 70 02 ........F.....p. 0030 20 00 a0 ee 00 00 02 04 05 b4 01 01 04 02 ............. Frame 108 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.511341000 Time delta from previous packet: 0.004336000 seconds Time relative to first packet: 64400.986137000 seconds Frame Number: 108 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x01d3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95c8 (incorrect, should be 0x8c23) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770117, Ack: 128206343, Len: 0 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770117 Acknowledgement number: 128206343 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x50ce (incorrect, should be 0x4729) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 01 d3 40 00 7f 06 95 c8 ac 10 86 bf 40 11 .0..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 05 07 a4 46 07 70 12 ............F.p. 0030 44 70 50 ce 00 00 02 04 05 b4 01 01 04 02 DpP........... Frame 109 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.636530000 Time delta from previous packet: 0.125189000 seconds Time relative to first packet: 64401.111326000 seconds Frame Number: 109 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4fbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x59e4 (incorrect, should be 0x503f) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x9fca (incorrect, should be 0x9625) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4f bf 40 00 6d 06 59 e4 40 11 fa f0 ac 10 .(O.@.m.Y.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 10 ........F.....P. 0030 22 38 9f ca 00 00 00 00 00 00 00 00 "8.......... Frame 110 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.647166000 Time delta from previous packet: 0.010636000 seconds Time relative to first packet: 64401.121962000 seconds Frame Number: 110 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x50bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x589c (incorrect, should be 0x4ef7) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 72 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Next sequence number: 128206415 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x6caf (incorrect, should be 0x630a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 50 bf 40 00 6d 06 58 9c 40 11 fa f0 ac 10 .pP.@.m.X.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 18 ........F.....P. 0030 22 38 6c af 00 00 81 00 00 44 20 46 44 45 43 45 "8l......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 111 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.653087000 Time delta from previous packet: 0.005921000 seconds Time relative to first packet: 64401.127883000 seconds Frame Number: 111 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x01d4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95cb (incorrect, should be 0x8c26) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770118, Ack: 128206415, Len: 4 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770118 Next sequence number: 2291770122 Acknowledgement number: 128206415 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xfb85 (incorrect, should be 0xf1e0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 01 d4 40 00 7f 06 95 cb ac 10 86 bf 40 11 .,..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 06 07 a4 46 4f 50 18 ............FOP. 0030 44 28 fb 85 00 00 82 00 00 00 00 00 D(.......... Frame 112 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.766769000 Time delta from previous packet: 0.113682000 seconds Time relative to first packet: 64401.241565000 seconds Frame Number: 112 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x55bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x53a6 (incorrect, should be 0x4a01) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206415, Ack: 2291770122, Len: 62 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206415 Next sequence number: 128206477 Acknowledgement number: 2291770122 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x0bb6 (incorrect, should be 0x2210) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 55 bf 40 00 6d 06 53 a6 40 11 fa f0 ac 10 .fU.@.m.S.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 4f 88 99 a3 0a 50 18 ........FO....P. 0030 22 34 0b b6 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 113 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.770906000 Time delta from previous packet: 0.004137000 seconds Time relative to first packet: 64401.245702000 seconds Frame Number: 113 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x01d5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95ce (incorrect, should be 0x8c29) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770122, Ack: 128206415, Len: 0 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770122 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc1c2 (incorrect, should be 0xb81d) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 01 d5 40 00 7f 06 95 ce ac 10 86 bf 40 11 .(..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 0a 07 a4 46 4f 50 04 ............FOP. 0030 00 00 c1 c2 00 00 00 00 00 00 00 00 ............ Frame 116 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:26.620535000 Time delta from previous packet: 8.173293000 seconds Time relative to first packet: 72557.095331000 seconds Frame Number: 116 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xfe4a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x03d4 (incorrect, should be 0xfa2e) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060376, Ack: 0, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060376 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa241 (incorrect, should be 0x989c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 fe 4a 00 00 6f 06 03 d4 d5 54 4b 2a ac 10 .0.J..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d8 00 00 00 00 70 02 ..\....2......p. 0030 20 00 a2 41 00 00 02 04 05 b4 01 01 04 02 ..A.......... Frame 117 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:26.621230000 Time delta from previous packet: 0.000695000 seconds Time relative to first packet: 72557.096026000 seconds Frame Number: 117 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0227 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff7 (incorrect, should be 0xa652) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996529, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996529 Acknowledgement number: 20060377 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x382a (incorrect, should be 0x2e85) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 27 40 00 7f 06 af f7 ac 10 86 bf d5 54 .0.'@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 71 01 32 18 d9 70 12 K*..\..%Cq.2..p. 0030 44 70 38 2a 00 00 02 04 05 b4 01 01 04 02 Dp8*.......... Frame 118 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:28.148862000 Time delta from previous packet: 1.527632000 seconds Time relative to first packet: 72558.623658000 seconds Frame Number: 118 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x464b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xbbd3 (incorrect, should be 0xb22e) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060376, Ack: 0, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060376 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa241 (incorrect, should be 0x989c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 46 4b 00 00 6f 06 bb d3 d5 54 4b 2a ac 10 .0FK..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d8 00 00 00 00 70 02 ..\....2......p. 0030 20 00 a2 41 00 00 02 04 05 b4 01 01 04 02 ..A.......... Frame 119 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:28.149757000 Time delta from previous packet: 0.000895000 seconds Time relative to first packet: 72558.624553000 seconds Frame Number: 119 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0228 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaffe (incorrect, should be 0xa659) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Acknowledgement number: 20060377 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x64ee (incorrect, should be 0x5b49) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 28 40 00 7f 06 af fe ac 10 86 bf d5 54 .(.(@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 18 d9 50 10 K*..\..%Cr.2..P. 0030 44 70 64 ee 00 00 00 00 00 00 00 00 Dpd......... Frame 120 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 21:17:29.647536000 Time delta from previous packet: 1.497779000 seconds Time relative to first packet: 72560.122332000 seconds Frame Number: 120 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0229 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff5 (incorrect, should be 0xa650) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996529, Ack: 20060377, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996529 Acknowledgement number: 20060377 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x382a (incorrect, should be 0x2e85) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 29 40 00 7f 06 af f5 ac 10 86 bf d5 54 .0.)@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 71 01 32 18 d9 70 12 K*..\..%Cq.2..p. 0030 44 70 38 2a 00 00 02 04 05 b4 01 01 04 02 Dp8*.......... Frame 121 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.442480000 Time delta from previous packet: 2.794944000 seconds Time relative to first packet: 72562.917276000 seconds Frame Number: 121 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa34b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x5edb (incorrect, should be 0x5536) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060377, Ack: 35996530, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060377 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x8726 (incorrect, should be 0x7d81) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 a3 4b 00 00 6f 06 5e db d5 54 4b 2a ac 10 .(.K..o.^..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d9 02 25 43 72 50 10 ..\....2...%CrP. 0030 22 38 87 26 00 00 00 00 00 00 00 00 "8.&........ Frame 122 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.451764000 Time delta from previous packet: 0.009284000 seconds Time relative to first packet: 72562.926560000 seconds Frame Number: 122 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa44b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x5d93 (incorrect, should be 0x53ee) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060377, Ack: 35996530, Len: 72 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060377 Next sequence number: 20060449 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x370b (incorrect, should be 0x2d66) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a4 4b 00 00 6f 06 5d 93 d5 54 4b 2a ac 10 .p.K..o.]..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 18 d9 02 25 43 72 50 18 ..\....2...%CrP. 0030 22 38 37 0b 00 00 81 00 00 44 20 46 44 45 43 45 "87......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 123 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:32.454076000 Time delta from previous packet: 0.002312000 seconds Time relative to first packet: 72562.928872000 seconds Frame Number: 123 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x022a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff8 (incorrect, should be 0xa653) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060449, Len: 4 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Next sequence number: 35996534 Acknowledgement number: 20060449 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe2e1 (incorrect, should be 0xd93c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 2a 40 00 7f 06 af f8 ac 10 86 bf d5 54 .,.*@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 19 21 50 18 K*..\..%Cr.2.!P. 0030 44 28 e2 e1 00 00 82 00 00 00 00 00 D(.......... Frame 124 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:35.777503000 Time delta from previous packet: 3.323427000 seconds Time relative to first packet: 72566.252299000 seconds Frame Number: 124 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x294c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xd8da (incorrect, should be 0xcf35) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060449, Ack: 35996530, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060449 Acknowledgement number: 35996530 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x86de (incorrect, should be 0x7d39) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 29 4c 00 00 6f 06 d8 da d5 54 4b 2a ac 10 .()L..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 21 02 25 43 72 50 10 ..\....2.!.%CrP. 0030 22 38 86 de 00 00 00 00 00 00 00 00 "8.......... Frame 125 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.497415000 Time delta from previous packet: 2.719912000 seconds Time relative to first packet: 72568.972211000 seconds Frame Number: 125 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x022b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaff7 (incorrect, should be 0xa652) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996530, Ack: 20060449, Len: 4 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996530 Next sequence number: 35996534 Acknowledgement number: 20060449 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe2e1 (incorrect, should be 0xd93c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 2b 40 00 7f 06 af f7 ac 10 86 bf d5 54 .,.+@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 72 01 32 19 21 50 18 K*..\..%Cr.2.!P. 0030 44 28 e2 e1 00 00 82 00 00 00 00 00 D(.......... Frame 126 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.615540000 Time delta from previous packet: 0.118125000 seconds Time relative to first packet: 72569.090336000 seconds Frame Number: 126 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x914c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x709c (incorrect, should be 0x66f7) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060449, Ack: 35996534, Len: 62 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060449 Next sequence number: 20060511 Acknowledgement number: 35996534 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xf311 (incorrect, should be 0x096c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 91 4c 00 00 6f 06 70 9c d5 54 4b 2a ac 10 .f.L..o.p..TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 21 02 25 43 76 50 18 ..\....2.!.%CvP. 0030 22 34 f3 11 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 127 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:38.616470000 Time delta from previous packet: 0.000930000 seconds Time relative to first packet: 72569.091266000 seconds Frame Number: 127 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x022c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaffa (incorrect, should be 0xa655) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996534, Ack: 20060449, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996534 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa91e (incorrect, should be 0x9f79) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 2c 40 00 7f 06 af fa ac 10 86 bf d5 54 .(.,@..........T 0020 4b 2a 00 8b 5c 9f 02 25 43 76 01 32 19 21 50 04 K*..\..%Cv.2.!P. 0030 00 00 a9 1e 00 00 00 00 00 00 00 00 ............ Frame 128 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:44.409102000 Time delta from previous packet: 5.792632000 seconds Time relative to first packet: 72574.883898000 seconds Frame Number: 128 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.84.75.42 (213.84.75.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6d4d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x94d9 (incorrect, should be 0x8b34) Source: 213.84.75.42 (213.84.75.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 23711 (23711), Dst Port: netbios-ssn (139), Seq: 20060511, Ack: 35996534, Len: 0 Source port: 23711 (23711) Destination port: netbios-ssn (139) Sequence number: 20060511 Acknowledgement number: 35996534 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x86a0 (incorrect, should be 0x7cfb) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 6d 4d 00 00 6f 06 94 d9 d5 54 4b 2a ac 10 .(mM..o....TK*.. 0020 86 bf 5c 9f 00 8b 01 32 19 5f 02 25 43 76 50 10 ..\....2._.%CvP. 0030 22 34 86 a0 00 00 00 00 00 00 00 00 "4.......... Frame 129 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 21:17:44.410593000 Time delta from previous packet: 0.001491000 seconds Time relative to first packet: 72574.885389000 seconds Frame Number: 129 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.84.75.42 (213.84.75.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x022d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeff9 (incorrect, should be 0xe654) Source: 172.16.134.191 (172.16.134.191) Destination: 213.84.75.42 (213.84.75.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 23711 (23711), Seq: 35996534, Ack: 35996534, Len: 0 Source port: netbios-ssn (139) Destination port: 23711 (23711) Sequence number: 35996534 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x7dd6 (incorrect, should be 0x7431) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 2d 00 00 7f 06 ef f9 ac 10 86 bf d5 54 .(.-...........T 0020 4b 2a 00 8b 5c 9f 02 25 43 76 02 25 43 76 50 04 K*..\..%Cv.%CvP. 0030 00 00 7d d6 00 00 00 00 00 00 00 00 ..}......... Frame 132 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.795143000 Time delta from previous packet: 0.147053000 seconds Time relative to first packet: 79714.269939000 seconds Frame Number: 132 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc241 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa639 (incorrect, should be 0x9c94) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788492, Ack: 0, Len: 0 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788492 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa7a2 (incorrect, should be 0x9dfd) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c2 41 40 00 6f 06 a6 39 44 98 35 8a ac 10 .0.A@.o..9D.5... 0020 86 bf 05 47 00 8b 08 92 09 cc 00 00 00 00 70 02 ...G..........p. 0030 20 00 a7 a2 00 00 02 04 05 b4 01 01 04 02 ............. Frame 133 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.795930000 Time delta from previous packet: 0.000787000 seconds Time relative to first packet: 79714.270726000 seconds Frame Number: 133 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0277 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5604 (incorrect, should be 0x4c5f) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210431, Ack: 143788493, Len: 0 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210431 Acknowledgement number: 143788493 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9617 (incorrect, should be 0x8c72) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 77 40 00 7f 06 56 04 ac 10 86 bf 44 98 .0.w@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 3f 08 92 09 cd 70 12 5....Gl..?....p. 0030 44 70 96 17 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 134 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.904478000 Time delta from previous packet: 0.108548000 seconds Time relative to first packet: 79714.379274000 seconds Frame Number: 134 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc541 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa341 (incorrect, should be 0x999c) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788493, Ack: 1825210432, Len: 0 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788493 Acknowledgement number: 1825210432 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe513 (incorrect, should be 0xdb6e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 c5 41 40 00 6f 06 a3 41 44 98 35 8a ac 10 .(.A@.o..AD.5... 0020 86 bf 05 47 00 8b 08 92 09 cd 6c ca 80 40 50 10 ...G......l..@P. 0030 22 38 e5 13 00 00 00 00 00 00 00 00 "8.......... Frame 135 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.904538000 Time delta from previous packet: 0.000060000 seconds Time relative to first packet: 79714.379334000 seconds Frame Number: 135 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xc641 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xa1f9 (incorrect, should be 0x9854) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788493, Ack: 1825210432, Len: 72 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788493 Next sequence number: 143788565 Acknowledgement number: 1825210432 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x94f8 (incorrect, should be 0x8b53) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 c6 41 40 00 6f 06 a1 f9 44 98 35 8a ac 10 .p.A@.o...D.5... 0020 86 bf 05 47 00 8b 08 92 09 cd 6c ca 80 40 50 18 ...G......l..@P. 0030 22 38 94 f8 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 136 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:43.905460000 Time delta from previous packet: 0.000922000 seconds Time relative to first packet: 79714.380256000 seconds Frame Number: 136 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0278 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5607 (incorrect, should be 0x4c62) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210432, Ack: 143788565, Len: 4 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210432 Next sequence number: 1825210436 Acknowledgement number: 143788565 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x40cf (incorrect, should be 0x372a) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 78 40 00 7f 06 56 07 ac 10 86 bf 44 98 .,.x@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 40 08 92 0a 15 50 18 5....Gl..@....P. 0030 44 28 40 cf 00 00 82 00 00 00 00 00 D(@......... Frame 137 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 23:16:44.003611000 Time delta from previous packet: 0.098151000 seconds Time relative to first packet: 79714.478407000 seconds Frame Number: 137 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.152.53.138 (68.152.53.138), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xcb41 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x9d03 (incorrect, should be 0x935e) Source: 68.152.53.138 (68.152.53.138) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1351 (1351), Dst Port: netbios-ssn (139), Seq: 143788565, Ack: 1825210436, Len: 62 Source port: 1351 (1351) Destination port: netbios-ssn (139) Sequence number: 143788565 Next sequence number: 143788627 Acknowledgement number: 1825210436 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x50ff (incorrect, should be 0x6759) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 cb 41 40 00 6f 06 9d 03 44 98 35 8a ac 10 .f.A@.o...D.5... 0020 86 bf 05 47 00 8b 08 92 0a 15 6c ca 80 44 50 18 ...G......l..DP. 0030 22 34 50 ff 00 00 00 00 00 3a ff 53 4d 42 75 00 "4P......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 138 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:16:44.008673000 Time delta from previous packet: 0.005062000 seconds Time relative to first packet: 79714.483469000 seconds Frame Number: 138 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.152.53.138 (68.152.53.138) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0279 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x560a (incorrect, should be 0x4c65) Source: 172.16.134.191 (172.16.134.191) Destination: 68.152.53.138 (68.152.53.138) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1351 (1351), Seq: 1825210436, Ack: 143788565, Len: 0 Source port: netbios-ssn (139) Destination port: 1351 (1351) Sequence number: 1825210436 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x070c (incorrect, should be 0xfd66) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 79 40 00 7f 06 56 0a ac 10 86 bf 44 98 .(.y@...V.....D. 0020 35 8a 00 8b 05 47 6c ca 80 44 08 92 0a 15 50 04 5....Gl..D....P. 0030 00 00 07 0c 00 00 00 00 00 00 00 00 ............ Frame 141 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.884579000 Time delta from previous packet: 0.156342000 seconds Time relative to first packet: 81112.359375000 seconds Frame Number: 141 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc7ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3744 (incorrect, should be 0x2d9f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575601, Ack: 0, Len: 0 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575601 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x6da7 (incorrect, should be 0x6402) Options: (8 bytes) Maximum segment size: 1400 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c7 ee 40 00 71 06 37 44 04 40 dd 2a ac 10 .0..@.q.7D.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f1 00 00 00 00 70 02 ........g.....p. 0030 20 00 6d a7 00 00 02 04 05 78 01 01 04 02 .m......x.... Frame 142 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.891677000 Time delta from previous packet: 0.007098000 seconds Time relative to first packet: 81112.366473000 seconds Frame Number: 142 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x028b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeea7 (incorrect, should be 0xe502) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707732, Ack: 14575602, Len: 0 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707732 Acknowledgement number: 14575602 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16800 Checksum: 0x6206 (incorrect, should be 0x5861) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 02 8b 40 00 7f 06 ee a7 ac 10 86 bf 04 40 .0..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 14 00 de 67 f2 70 12 .*......h...g.p. 0030 41 a0 62 06 00 00 02 04 05 b4 01 01 04 02 A.b........... Frame 143 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.982886000 Time delta from previous packet: 0.091209000 seconds Time relative to first packet: 81112.457682000 seconds Frame Number: 143 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xccee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x324c (incorrect, should be 0x28a7) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575602, Ack: 2174707733, Len: 0 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575602 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0xaf9a (incorrect, should be 0xa5f5) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cc ee 40 00 71 06 32 4c 04 40 dd 2a ac 10 .(..@.q.2L.@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 10 ........g...h.P. 0030 20 d0 af 9a 00 00 00 00 00 00 00 00 ........... Frame 144 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.992845000 Time delta from previous packet: 0.009959000 seconds Time relative to first packet: 81112.467641000 seconds Frame Number: 144 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcdee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x3104 (incorrect, should be 0x275f) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575602, Ack: 2174707733, Len: 72 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575602 Next sequence number: 14575674 Acknowledgement number: 2174707733 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8400 Checksum: 0x5f7f (incorrect, should be 0x55da) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cd ee 40 00 71 06 31 04 04 40 dd 2a ac 10 .p..@.q.1..@.*.. 0020 86 bf 81 c4 00 8b 00 de 67 f2 81 9f 68 15 50 18 ........g...h.P. 0030 20 d0 5f 7f 00 00 81 00 00 44 20 46 44 45 43 45 ._......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 145 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:01.993597000 Time delta from previous packet: 0.000752000 seconds Time relative to first packet: 81112.468393000 seconds Frame Number: 145 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x028c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeeaa (incorrect, should be 0xe505) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707733, Ack: 14575674, Len: 4 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707733 Next sequence number: 2174707737 Acknowledgement number: 14575674 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16728 Checksum: 0x0cbe (incorrect, should be 0x0319) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 02 8c 40 00 7f 06 ee aa ac 10 86 bf 04 40 .,..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 15 00 de 68 3a 50 18 .*......h...h:P. 0030 41 58 0c be 00 00 82 00 00 00 00 00 AX.......... Frame 146 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.093702000 Time delta from previous packet: 0.100105000 seconds Time relative to first packet: 81112.568498000 seconds Frame Number: 146 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 4.64.221.42 (4.64.221.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd1ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x2d0e (incorrect, should be 0x2369) Source: 4.64.221.42 (4.64.221.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 33220 (33220), Dst Port: netbios-ssn (139), Seq: 14575674, Ack: 2174707737, Len: 62 Source port: 33220 (33220) Destination port: netbios-ssn (139) Sequence number: 14575674 Next sequence number: 14575736 Acknowledgement number: 2174707737 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8396 Checksum: 0x1b86 (incorrect, should be 0x31e0) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 ee 40 00 71 06 2d 0e 04 40 dd 2a ac 10 .f..@.q.-..@.*.. 0020 86 bf 81 c4 00 8b 00 de 68 3a 81 9f 68 19 50 18 ........h:..h.P. 0030 20 cc 1b 86 00 00 00 00 00 3a ff 53 4d 42 75 00 ........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 147 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 23:40:02.099579000 Time delta from previous packet: 0.005877000 seconds Time relative to first packet: 81112.574375000 seconds Frame Number: 147 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 4.64.221.42 (4.64.221.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x028d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xeead (incorrect, should be 0xe508) Source: 172.16.134.191 (172.16.134.191) Destination: 4.64.221.42 (4.64.221.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 33220 (33220), Seq: 2174707737, Ack: 14575674, Len: 0 Source port: netbios-ssn (139) Destination port: 33220 (33220) Sequence number: 2174707737 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xd02a (incorrect, should be 0xc685) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 02 8d 40 00 7f 06 ee ad ac 10 86 bf 04 40 .(..@..........@ 0020 dd 2a 00 8b 81 c4 81 9f 68 19 00 de 68 3a 50 04 .*......h...h:P. 0030 00 00 d0 2a 00 00 00 00 00 00 00 00 ...*........ Frame 155 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.046726000 Time delta from previous packet: 0.625602000 seconds Time relative to first packet: 91618.521522000 seconds Frame Number: 155 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x84de Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92ef (incorrect, should be 0x894a) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254176, Ack: 0, Len: 0 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254176 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe229 (incorrect, should be 0xd884) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 84 de 40 00 6b 06 92 ef 51 ca 7d 05 ac 10 .0..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e0 00 00 00 00 70 02 .......wM.....p. 0030 40 00 e2 29 00 00 02 04 05 b4 01 01 04 02 @..).......... Frame 156 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.047401000 Time delta from previous packet: 0.000675000 seconds Time relative to first packet: 91618.522197000 seconds Frame Number: 156 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x030b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c3 (incorrect, should be 0xf71d) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536265, Ack: 276254177, Len: 0 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536265 Acknowledgement number: 276254177 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x0fe5 (incorrect, should be 0x0640) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 0b 40 00 7f 06 00 c3 ac 10 86 bf 51 ca .0..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 09 10 77 4d e1 70 12 }.....0....wM.p. 0030 44 70 0f e5 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 157 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.189203000 Time delta from previous packet: 0.141802000 seconds Time relative to first packet: 91618.663999000 seconds Frame Number: 157 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x84ea Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92eb (incorrect, should be 0x8946) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254177, Ack: 817536266, Len: 0 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254177 Acknowledgement number: 817536266 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x3ca9 (incorrect, should be 0x3304) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 84 ea 40 00 6b 06 92 eb 51 ca 7d 05 ac 10 .(..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e1 30 ba 9d 0a 50 10 .......wM.0...P. 0030 44 70 3c a9 00 00 00 00 00 00 00 00 Dp<......... Frame 158 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.216299000 Time delta from previous packet: 0.027096000 seconds Time relative to first packet: 91618.691095000 seconds Frame Number: 158 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x84ec Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92a1 (incorrect, should be 0x88fc) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254177, Ack: 817536266, Len: 72 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254177 Next sequence number: 276254249 Acknowledgement number: 817536266 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xec8d (incorrect, should be 0xe2e8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 84 ec 40 00 6b 06 92 a1 51 ca 7d 05 ac 10 .p..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4d e1 30 ba 9d 0a 50 18 .......wM.0...P. 0030 44 70 ec 8d 00 00 81 00 00 44 20 46 44 45 43 45 Dp.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 159 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.217001000 Time delta from previous packet: 0.000702000 seconds Time relative to first packet: 91618.691797000 seconds Frame Number: 159 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x030c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c6 (incorrect, should be 0xf720) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536266, Ack: 276254249, Len: 4 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536266 Next sequence number: 817536270 Acknowledgement number: 276254249 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xba9c (incorrect, should be 0xb0f7) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 0c 40 00 7f 06 00 c6 ac 10 86 bf 51 ca .,..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 0a 10 77 4e 29 50 18 }.....0....wN)P. 0030 44 28 ba 9c 00 00 82 00 00 00 00 00 D(.......... Frame 160 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.457537000 Time delta from previous packet: 0.240536000 seconds Time relative to first packet: 91618.932333000 seconds Frame Number: 160 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.202.125.5 (81.202.125.5), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x84f5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x92a2 (incorrect, should be 0x88fd) Source: 81.202.125.5 (81.202.125.5) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2585 (2585), Dst Port: netbios-ssn (139), Seq: 276254249, Ack: 817536270, Len: 62 Source port: 2585 (2585) Destination port: netbios-ssn (139) Sequence number: 276254249 Next sequence number: 276254311 Acknowledgement number: 817536270 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0xa894 (incorrect, should be 0xbeee) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 84 f5 40 00 6b 06 92 a2 51 ca 7d 05 ac 10 .f..@.k...Q.}... 0020 86 bf 0a 19 00 8b 10 77 4e 29 30 ba 9d 0e 50 18 .......wN)0...P. 0030 44 6c a8 94 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 161 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 02:35:08.458214000 Time delta from previous packet: 0.000677000 seconds Time relative to first packet: 91618.933010000 seconds Frame Number: 161 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.202.125.5 (81.202.125.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x030d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00c9 (incorrect, should be 0xf723) Source: 172.16.134.191 (172.16.134.191) Destination: 81.202.125.5 (81.202.125.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2585 (2585), Seq: 817536270, Ack: 276254249, Len: 0 Source port: netbios-ssn (139) Destination port: 2585 (2585) Sequence number: 817536270 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x80d9 (incorrect, should be 0x7734) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 0d 40 00 7f 06 00 c9 ac 10 86 bf 51 ca .(..@.........Q. 0020 7d 05 00 8b 0a 19 30 ba 9d 0e 10 77 4e 29 50 04 }.....0....wN)P. 0030 00 00 80 d9 00 00 00 00 00 00 00 00 ............ Frame 166 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.524707000 Time delta from previous packet: 0.327344000 seconds Time relative to first packet: 100510.999503000 seconds Frame Number: 166 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6cb7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x5281 (incorrect, should be 0x48dc) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179085, Ack: 0, Len: 0 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179085 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xd363 (incorrect, should be 0xc9be) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 6c b7 40 00 71 06 52 81 da ed 46 77 ac 10 .0l.@.q.R...Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0d 00 00 00 00 70 02 ...s...!@.....p. 0030 20 00 d3 63 00 00 02 04 05 b4 01 01 04 02 ..c.......... Frame 167 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.530846000 Time delta from previous packet: 0.006139000 seconds Time relative to first packet: 100511.005642000 seconds Frame Number: 167 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x035b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xaddd (incorrect, should be 0xa438) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196573, Ack: 2179086, Len: 0 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196573 Acknowledgement number: 2179086 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd018 (incorrect, should be 0xc673) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 5b 40 00 7f 06 ad dd ac 10 86 bf da ed .0.[@........... 0020 46 77 00 8b 04 73 a2 ac 3c 1d 00 21 40 0e 70 12 Fw...s..<..!@.p. 0030 44 70 d0 18 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 168 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.712523000 Time delta from previous packet: 0.181677000 seconds Time relative to first packet: 100511.187319000 seconds Frame Number: 168 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x72b7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x4c89 (incorrect, should be 0x42e4) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179086, Ack: 2729196574, Len: 0 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179086 Acknowledgement number: 2729196574 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x1f15 (incorrect, should be 0x1570) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 72 b7 40 00 71 06 4c 89 da ed 46 77 ac 10 .(r.@.q.L...Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0e a2 ac 3c 1e 50 10 ...s...!@...<.P. 0030 22 38 1f 15 00 00 00 00 00 00 00 00 "8.......... Frame 169 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.722851000 Time delta from previous packet: 0.010328000 seconds Time relative to first packet: 100511.197647000 seconds Frame Number: 169 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x73b7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x4b41 (incorrect, should be 0x419c) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179086, Ack: 2729196574, Len: 72 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179086 Next sequence number: 2179158 Acknowledgement number: 2729196574 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf3ff (incorrect, should be 0xea5a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 73 b7 40 00 71 06 4b 41 da ed 46 77 ac 10 .ps.@.q.KA..Fw.. 0020 86 bf 04 73 00 8b 00 21 40 0e a2 ac 3c 1e 50 18 ...s...!@...<.P. 0030 22 38 f3 ff 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 170 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.725699000 Time delta from previous packet: 0.002848000 seconds Time relative to first packet: 100511.200495000 seconds Frame Number: 170 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x035c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xade0 (incorrect, should be 0xa43b) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196574, Ack: 2179158, Len: 4 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196574 Next sequence number: 2729196578 Acknowledgement number: 2179158 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x7ad0 (incorrect, should be 0x712b) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 5c 40 00 7f 06 ad e0 ac 10 86 bf da ed .,.\@........... 0020 46 77 00 8b 04 73 a2 ac 3c 1e 00 21 40 56 50 18 Fw...s..<..!@VP. 0030 44 28 7a d0 00 00 82 00 00 00 00 00 D(z......... Frame 171 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.930695000 Time delta from previous packet: 0.204996000 seconds Time relative to first packet: 100511.405491000 seconds Frame Number: 171 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.237.70.119 (218.237.70.119), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7bb7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x434b (incorrect, should be 0x39a6) Source: 218.237.70.119 (218.237.70.119) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1139 (1139), Dst Port: netbios-ssn (139), Seq: 2179158, Ack: 2729196578, Len: 62 Source port: 1139 (1139) Destination port: netbios-ssn (139) Sequence number: 2179158 Next sequence number: 2179220 Acknowledgement number: 2729196578 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x8b00 (incorrect, should be 0xa15a) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 7b b7 40 00 71 06 43 4b da ed 46 77 ac 10 .f{.@.q.CK..Fw.. 0020 86 bf 04 73 00 8b 00 21 40 56 a2 ac 3c 22 50 18 ...s...!@V..<"P. 0030 22 34 8b 00 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 172 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:03:20.935832000 Time delta from previous packet: 0.005137000 seconds Time relative to first packet: 100511.410628000 seconds Frame Number: 172 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.237.70.119 (218.237.70.119) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x035d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xade3 (incorrect, should be 0xa43e) Source: 172.16.134.191 (172.16.134.191) Destination: 218.237.70.119 (218.237.70.119) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1139 (1139), Seq: 2729196578, Ack: 2179158, Len: 0 Source port: netbios-ssn (139) Destination port: 1139 (1139) Sequence number: 2729196578 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x410d (incorrect, should be 0x3768) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 5d 40 00 7f 06 ad e3 ac 10 86 bf da ed .(.]@........... 0020 46 77 00 8b 04 73 a2 ac 3c 22 00 21 40 56 50 04 Fw...s..<".!@VP. 0030 00 00 41 0d 00 00 00 00 00 00 00 00 ..A......... Frame 175 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.038928000 Time delta from previous packet: 0.164900000 seconds Time relative to first packet: 101744.513724000 seconds Frame Number: 175 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0256 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa593 (incorrect, should be 0x9bee) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309821, Ack: 0, Len: 0 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309821 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x045a (incorrect, should be 0xfab4) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 02 56 40 00 6b 06 a5 93 d5 6b 69 48 ac 10 .0.V@.k....kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7d 00 00 00 00 70 02 ...Q.....}....p. 0030 ff ff 04 5a 00 00 02 04 05 b4 01 01 04 02 ...Z.......... Frame 176 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.044020000 Time delta from previous packet: 0.005092000 seconds Time relative to first packet: 101744.518816000 seconds Frame Number: 176 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x036d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x907c (incorrect, should be 0x86d7) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810557, Ack: 9309822, Len: 0 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810557 Acknowledgement number: 9309822 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbb49 (incorrect, should be 0xb1a4) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 6d 40 00 7f 06 90 7c ac 10 86 bf d5 6b .0.m@....|.....k 0020 69 48 00 8b 07 51 b5 11 4f 7d 00 8e 0e 7e 70 12 iH...Q..O}...~p. 0030 44 70 bb 49 00 00 02 04 05 b4 01 01 04 02 Dp.I.......... Frame 177 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.198806000 Time delta from previous packet: 0.154786000 seconds Time relative to first packet: 101744.673602000 seconds Frame Number: 177 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0456 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa39b (incorrect, should be 0x99f6) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309822, Ack: 3037810558, Len: 0 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309822 Acknowledgement number: 3037810558 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x2c7e (incorrect, should be 0x22d9) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 04 56 40 00 6b 06 a3 9b d5 6b 69 48 ac 10 .(.V@.k....kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7e b5 11 4f 7e 50 10 ...Q.....~..O~P. 0030 ff ff 2c 7e 00 00 00 00 00 00 00 00 ..,~........ Frame 178 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.209002000 Time delta from previous packet: 0.010196000 seconds Time relative to first packet: 101744.683798000 seconds Frame Number: 178 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0556 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xa253 (incorrect, should be 0x98ae) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309822, Ack: 3037810558, Len: 72 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309822 Next sequence number: 9309894 Acknowledgement number: 3037810558 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xdc62 (incorrect, should be 0xd2bd) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 05 56 40 00 6b 06 a2 53 d5 6b 69 48 ac 10 .p.V@.k..S.kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e 7e b5 11 4f 7e 50 18 ...Q.....~..O~P. 0030 ff ff dc 62 00 00 81 00 00 44 20 46 44 45 43 45 ...b.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 179 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.210300000 Time delta from previous packet: 0.001298000 seconds Time relative to first packet: 101744.685096000 seconds Frame Number: 179 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x036f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x907e (incorrect, should be 0x86d9) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810558, Ack: 9309894, Len: 4 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810558 Next sequence number: 3037810562 Acknowledgement number: 9309894 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x6601 (incorrect, should be 0x5c5c) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 6f 40 00 7f 06 90 7e ac 10 86 bf d5 6b .,.o@....~.....k 0020 69 48 00 8b 07 51 b5 11 4f 7e 00 8e 0e c6 50 18 iH...Q..O~....P. 0030 44 28 66 01 00 00 82 00 00 00 00 00 D(f......... Frame 180 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.378861000 Time delta from previous packet: 0.168561000 seconds Time relative to first packet: 101744.853657000 seconds Frame Number: 180 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.107.105.72 (213.107.105.72), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0956 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x9e5d (incorrect, should be 0x94b8) Source: 213.107.105.72 (213.107.105.72) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1873 (1873), Dst Port: netbios-ssn (139), Seq: 9309894, Ack: 3037810562, Len: 62 Source port: 1873 (1873) Destination port: netbios-ssn (139) Sequence number: 9309894 Next sequence number: 9309956 Acknowledgement number: 3037810562 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x9869 (incorrect, should be 0xaec3) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 09 56 40 00 6b 06 9e 5d d5 6b 69 48 ac 10 .f.V@.k..].kiH.. 0020 86 bf 07 51 00 8b 00 8e 0e c6 b5 11 4f 82 50 18 ...Q........O.P. 0030 ff fb 98 69 00 00 00 00 00 3a ff 53 4d 42 75 00 ...i.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 181 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:23:54.384849000 Time delta from previous packet: 0.005988000 seconds Time relative to first packet: 101744.859645000 seconds Frame Number: 181 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.107.105.72 (213.107.105.72) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0370 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9081 (incorrect, should be 0x86dc) Source: 172.16.134.191 (172.16.134.191) Destination: 213.107.105.72 (213.107.105.72) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1873 (1873), Seq: 3037810562, Ack: 9309894, Len: 0 Source port: netbios-ssn (139) Destination port: 1873 (1873) Sequence number: 3037810562 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x2c3e (incorrect, should be 0x2299) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 70 40 00 7f 06 90 81 ac 10 86 bf d5 6b .(.p@..........k 0020 69 48 00 8b 07 51 b5 11 4f 82 00 8e 0e c6 50 04 iH...Q..O.....P. 0030 00 00 2c 3e 00 00 00 00 00 00 00 00 ..,>........ Frame 184 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:55:21.979479000 Time delta from previous packet: 0.456918000 seconds Time relative to first packet: 103632.454275000 seconds Frame Number: 184 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa267 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x05ad (incorrect, should be 0xfc07) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697871, Ack: 0, Len: 0 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697871 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x4d39 (incorrect, should be 0x4394) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a2 67 40 00 6c 06 05 ad d5 2c 68 5c ac 10 .0.g@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 0f 00 00 00 00 70 02 ...*..........p. 0030 20 00 4d 39 00 00 02 04 02 18 01 01 04 02 .M9.......... Frame 185 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 05:55:21.980274000 Time delta from previous packet: 0.000795000 seconds Time relative to first packet: 103632.455070000 seconds Frame Number: 185 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0384 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9190 (incorrect, should be 0x87eb) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887328, Ack: 697872, Len: 0 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887328 Acknowledgement number: 697872 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xb60e (incorrect, should be 0xac69) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 84 40 00 7f 06 91 90 ac 10 86 bf d5 2c .0..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 60 00 0a a6 10 70 12 h\...*.4.`....p. 0030 40 e8 b6 0e 00 00 02 04 05 b4 01 01 04 02 @............. Frame 186 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.339570000 Time delta from previous packet: 0.359296000 seconds Time relative to first packet: 103632.814366000 seconds Frame Number: 186 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb167 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xf6b4 (incorrect, should be 0xed0f) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697872, Ack: 3509887329, Len: 0 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697872 Acknowledgement number: 3509887329 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x023b (incorrect, should be 0xf895) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b1 67 40 00 6c 06 f6 b4 d5 2c 68 5c ac 10 .(.g@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 10 d1 34 a1 61 50 10 ...*.......4.aP. 0030 21 80 02 3b 00 00 00 00 00 00 00 00 !..;........ Frame 187 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.349816000 Time delta from previous packet: 0.010246000 seconds Time relative to first packet: 103632.824612000 seconds Frame Number: 187 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0200 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xa5d4 (incorrect, should be 0x9c2f) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697872, Ack: 3509887329, Len: 72 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697872 Next sequence number: 697944 Acknowledgement number: 3509887329 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xd725 (incorrect, should be 0xcd80) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 02 00 40 00 6c 06 a5 d4 d5 2c 68 5c ac 10 .p..@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 10 d1 34 a1 61 50 18 ...*.......4.aP. 0030 21 80 d7 25 00 00 81 00 00 44 20 46 44 45 43 45 !..%.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 188 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.351609000 Time delta from previous packet: 0.001793000 seconds Time relative to first packet: 103632.826405000 seconds Frame Number: 188 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0385 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9193 (incorrect, should be 0x87ee) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887329, Ack: 697944, Len: 4 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887329 Next sequence number: 3509887333 Acknowledgement number: 697944 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x60c6 (incorrect, should be 0x5721) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 85 40 00 7f 06 91 93 ac 10 86 bf d5 2c .,..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 61 00 0a a6 58 50 18 h\...*.4.a...XP. 0030 40 a0 60 c6 00 00 82 00 00 00 00 00 @.`......... Frame 189 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.689768000 Time delta from previous packet: 0.338159000 seconds Time relative to first packet: 103633.164564000 seconds Frame Number: 189 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.44.104.92 (213.44.104.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0900 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x9ede (incorrect, should be 0x9539) Source: 213.44.104.92 (213.44.104.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3114 (3114), Dst Port: netbios-ssn (139), Seq: 697944, Ack: 3509887333, Len: 62 Source port: 3114 (3114) Destination port: netbios-ssn (139) Sequence number: 697944 Next sequence number: 698006 Acknowledgement number: 3509887333 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x6e26 (incorrect, should be 0x8480) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 09 00 40 00 6c 06 9e de d5 2c 68 5c ac 10 .f..@.l....,h\.. 0020 86 bf 0c 2a 00 8b 00 0a a6 58 d1 34 a1 65 50 18 ...*.....X.4.eP. 0030 21 7c 6e 26 00 00 00 00 00 3a ff 53 4d 42 75 00 !|n&.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 190 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 05:55:22.694685000 Time delta from previous packet: 0.004917000 seconds Time relative to first packet: 103633.169481000 seconds Frame Number: 190 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.44.104.92 (213.44.104.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0386 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9196 (incorrect, should be 0x87f1) Source: 172.16.134.191 (172.16.134.191) Destination: 213.44.104.92 (213.44.104.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3114 (3114), Seq: 3509887333, Ack: 697944, Len: 0 Source port: netbios-ssn (139) Destination port: 3114 (3114) Sequence number: 3509887333 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x237b (incorrect, should be 0x19d6) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 86 40 00 7f 06 91 96 ac 10 86 bf d5 2c .(..@.........., 0020 68 5c 00 8b 0c 2a d1 34 a1 65 00 0a a6 58 50 04 h\...*.4.e...XP. 0030 00 00 23 7b 00 00 00 00 00 00 00 00 ..#{........ Frame 195 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.761713000 Time delta from previous packet: 0.122383000 seconds Time relative to first packet: 113150.236509000 seconds Frame Number: 195 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x216a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xb247 (incorrect, should be 0xa8a2) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418416, Ack: 0, Len: 0 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418416 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xbcb2 (incorrect, should be 0xb30d) Options: (8 bytes) Maximum segment size: 1322 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 21 6a 00 00 6e 06 b2 47 44 9a 0b 52 ac 10 .0!j..n..GD..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b0 00 00 00 00 70 02 ........|.....p. 0030 ff ff bc b2 00 00 02 04 05 2a 01 01 04 02 .........*.... Frame 196 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.762396000 Time delta from previous packet: 0.000683000 seconds Time relative to first packet: 113150.237192000 seconds Frame Number: 196 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x03e6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ecb (incorrect, should be 0x7526) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321755, Ack: 97418417, Len: 0 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321755 Acknowledgement number: 97418417 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17186 Checksum: 0xae92 (incorrect, should be 0xa4ed) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 e6 40 00 7f 06 7e cb ac 10 86 bf 44 9a .0..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 5b 05 ce 7c b1 70 12 .R...._.k[..|.p. 0030 43 22 ae 92 00 00 02 04 05 b4 01 01 04 02 C"............ Frame 197 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.850806000 Time delta from previous packet: 0.088410000 seconds Time relative to first packet: 113150.325602000 seconds Frame Number: 197 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x236a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xb04f (incorrect, should be 0xa6aa) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418417, Ack: 1594321756, Len: 0 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418417 Acknowledgement number: 1594321756 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x1e79 (incorrect, should be 0x14d4) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 23 6a 00 00 6e 06 b0 4f 44 9a 0b 52 ac 10 .(#j..n..OD..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b1 5f 07 6b 5c 50 10 ........|._.k\P. 0030 ff ff 1e 79 00 00 00 00 00 00 00 00 ...y........ Frame 198 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.860783000 Time delta from previous packet: 0.009977000 seconds Time relative to first packet: 113150.335579000 seconds Frame Number: 198 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x246a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xaf07 (incorrect, should be 0xa562) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418417, Ack: 1594321756, Len: 72 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418417 Next sequence number: 97418489 Acknowledgement number: 1594321756 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xeb5d (incorrect, should be 0xe1b8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 24 6a 00 00 6e 06 af 07 44 9a 0b 52 ac 10 .p$j..n...D..R.. 0020 86 bf ca d6 00 8b 05 ce 7c b1 5f 07 6b 5c 50 18 ........|._.k\P. 0030 ff ff eb 5d 00 00 81 00 00 44 20 46 44 45 43 45 ...].....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 199 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.862551000 Time delta from previous packet: 0.001768000 seconds Time relative to first packet: 113150.337347000 seconds Frame Number: 199 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ece (incorrect, should be 0x7529) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321756, Ack: 97418489, Len: 4 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321756 Next sequence number: 1594321760 Acknowledgement number: 97418489 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17114 Checksum: 0x594a (incorrect, should be 0x4fa5) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 e7 40 00 7f 06 7e ce ac 10 86 bf 44 9a .,..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 5c 05 ce 7c f9 50 18 .R...._.k\..|.P. 0030 42 da 59 4a 00 00 82 00 00 00 00 00 B.YJ........ Frame 200 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.950871000 Time delta from previous packet: 0.088320000 seconds Time relative to first packet: 113150.425667000 seconds Frame Number: 200 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.154.11.82 (68.154.11.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x266a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xad11 (incorrect, should be 0xa36c) Source: 68.154.11.82 (68.154.11.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 51926 (51926), Dst Port: netbios-ssn (139), Seq: 97418489, Ack: 1594321760, Len: 62 Source port: 51926 (51926) Destination port: netbios-ssn (139) Sequence number: 97418489 Next sequence number: 97418551 Acknowledgement number: 1594321760 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x8a64 (incorrect, should be 0xa0be) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 26 6a 00 00 6e 06 ad 11 44 9a 0b 52 ac 10 .f&j..n...D..R.. 0020 86 bf ca d6 00 8b 05 ce 7c f9 5f 07 6b 60 50 18 ........|._.k`P. 0030 ff fb 8a 64 00 00 00 00 00 3a ff 53 4d 42 75 00 ...d.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 201 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:33:59.955795000 Time delta from previous packet: 0.004924000 seconds Time relative to first packet: 113150.430591000 seconds Frame Number: 201 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.154.11.82 (68.154.11.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x03e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7ed1 (incorrect, should be 0x752c) Source: 172.16.134.191 (172.16.134.191) Destination: 68.154.11.82 (68.154.11.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 51926 (51926), Seq: 1594321760, Ack: 97418489, Len: 0 Source port: netbios-ssn (139) Destination port: 51926 (51926) Sequence number: 1594321760 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x1e39 (incorrect, should be 0x1494) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 e8 40 00 7f 06 7e d1 ac 10 86 bf 44 9a .(..@...~.....D. 0020 0b 52 00 8b ca d6 5f 07 6b 60 05 ce 7c f9 50 04 .R...._.k`..|.P. 0030 00 00 1e 39 00 00 00 00 00 00 00 00 ...9........ Frame 204 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:52:03.138414000 Time delta from previous packet: 5.409110000 seconds Time relative to first packet: 114233.613210000 seconds Frame Number: 204 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x50dd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x91e6 (incorrect, should be 0x8841) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139344, Ack: 0, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139344 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa824 (incorrect, should be 0x9e7f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 50 dd 40 00 6c 06 91 e6 51 32 b1 a7 ac 10 .0P.@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d0 00 00 00 00 70 02 ..............p. 0030 20 00 a8 24 00 00 02 04 05 b4 01 01 04 02 ..$.......... Frame 205 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 08:52:03.139135000 Time delta from previous packet: 0.000721000 seconds Time relative to first packet: 114233.613931000 seconds Frame Number: 205 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x03f5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbce (incorrect, should be 0xc229) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211609, Ack: 114139345, Len: 0 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211609 Acknowledgement number: 114139345 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x359d (incorrect, should be 0x2bf8) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 03 f5 40 00 7f 06 cb ce ac 10 86 bf 51 32 .0..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de d9 06 cd a0 d1 70 12 ......o,......p. 0030 44 70 35 9d 00 00 02 04 05 b4 01 01 04 02 Dp5........... Frame 206 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.804891000 Time delta from previous packet: 1.665756000 seconds Time relative to first packet: 114235.279687000 seconds Frame Number: 206 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5cdd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x85ee (incorrect, should be 0x7c49) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139345, Ack: 1865211610, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139345 Acknowledgement number: 1865211610 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x8499 (incorrect, should be 0x7af4) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 5c dd 40 00 6c 06 85 ee 51 32 b1 a7 ac 10 .(\.@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d1 6f 2c de da 50 10 ..........o,..P. 0030 22 38 84 99 00 00 00 00 00 00 00 00 "8.......... Frame 207 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.814914000 Time delta from previous packet: 0.010023000 seconds Time relative to first packet: 114235.289710000 seconds Frame Number: 207 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x5ddd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x84a6 (incorrect, should be 0x7b01) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139345, Ack: 1865211610, Len: 72 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139345 Next sequence number: 114139417 Acknowledgement number: 1865211610 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x517e (incorrect, should be 0x47d9) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5d dd 40 00 6c 06 84 a6 51 32 b1 a7 ac 10 .p].@.l...Q2.... 0020 86 bf e6 cd 00 8b 06 cd a0 d1 6f 2c de da 50 18 ..........o,..P. 0030 22 38 51 7e 00 00 81 00 00 44 20 46 44 45 43 45 "8Q~.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 208 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:04.816742000 Time delta from previous packet: 0.001828000 seconds Time relative to first packet: 114235.291538000 seconds Frame Number: 208 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03f6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd1 (incorrect, should be 0xc22c) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211610, Ack: 114139417, Len: 4 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211610 Next sequence number: 1865211614 Acknowledgement number: 114139417 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe054 (incorrect, should be 0xd6af) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 f6 40 00 7f 06 cb d1 ac 10 86 bf 51 32 .,..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de da 06 cd a1 19 50 18 ......o,......P. 0030 44 28 e0 54 00 00 82 00 00 00 00 00 D(.T........ Frame 209 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:07.759681000 Time delta from previous packet: 2.942939000 seconds Time relative to first packet: 114238.234477000 seconds Frame Number: 209 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x03f7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd0 (incorrect, should be 0xc22b) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211610, Ack: 114139417, Len: 4 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211610 Next sequence number: 1865211614 Acknowledgement number: 114139417 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xe054 (incorrect, should be 0xd6af) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 03 f7 40 00 7f 06 cb d0 ac 10 86 bf 51 32 .,..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de da 06 cd a1 19 50 18 ......o,......P. 0030 44 28 e0 54 00 00 82 00 00 00 00 00 D(.T........ Frame 210 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:09.357544000 Time delta from previous packet: 1.597863000 seconds Time relative to first packet: 114239.832340000 seconds Frame Number: 210 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7cdd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x65ee (incorrect, should be 0x5c49) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139479, Ack: 1865211614, Len: 0 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139479 Acknowledgement number: 1865211614 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x8413 (incorrect, should be 0x7a6e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7c dd 40 00 6c 06 65 ee 51 32 b1 a7 ac 10 .(|.@.l.e.Q2.... 0020 86 bf e6 cd 00 8b 06 cd a1 57 6f 2c de de 50 10 .........Wo,..P. 0030 22 34 84 13 00 00 00 00 00 00 00 00 "4.......... Frame 211 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 08:52:10.617396000 Time delta from previous packet: 1.259852000 seconds Time relative to first packet: 114241.092192000 seconds Frame Number: 211 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 81.50.177.167 (81.50.177.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x85dd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x5cb0 (incorrect, should be 0x530b) Source: 81.50.177.167 (81.50.177.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 59085 (59085), Dst Port: netbios-ssn (139), Seq: 114139417, Ack: 1865211614, Len: 62 Source port: 59085 (59085) Destination port: netbios-ssn (139) Sequence number: 114139417 Next sequence number: 114139479 Acknowledgement number: 1865211614 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xf084 (incorrect, should be 0x06df) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 85 dd 40 00 6c 06 5c b0 51 32 b1 a7 ac 10 .f..@.l.\.Q2.... 0020 86 bf e6 cd 00 8b 06 cd a1 19 6f 2c de de 50 18 ..........o,..P. 0030 22 34 f0 84 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 212 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 08:52:10.622458000 Time delta from previous packet: 0.005062000 seconds Time relative to first packet: 114241.097254000 seconds Frame Number: 212 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 81.50.177.167 (81.50.177.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x03f8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcbd3 (incorrect, should be 0xc22e) Source: 172.16.134.191 (172.16.134.191) Destination: 81.50.177.167 (81.50.177.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 59085 (59085), Seq: 1865211614, Ack: 114139417, Len: 0 Source port: netbios-ssn (139) Destination port: 59085 (59085) Sequence number: 1865211614 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa691 (incorrect, should be 0x9cec) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 03 f8 40 00 7f 06 cb d3 ac 10 86 bf 51 32 .(..@.........Q2 0020 b1 a7 00 8b e6 cd 6f 2c de de 06 cd a1 19 50 04 ......o,......P. 0030 00 00 a6 91 00 00 00 00 00 00 00 00 ............ Frame 215 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 10:43:54.951204000 Time delta from previous packet: 0.130656000 seconds Time relative to first packet: 120945.426000000 seconds Frame Number: 215 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe493 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xf04c (incorrect, should be 0xe6a7) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002567, Ack: 0, Len: 0 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002567 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x3915 (incorrect, should be 0x2f70) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e4 93 40 00 6f 06 f0 4c d0 ba 3d 02 ac 10 .0..@.o..L..=... 0020 86 bf 05 ec 00 8b 00 e4 eb c7 00 00 00 00 70 02 ..............p. 0030 20 00 39 15 00 00 02 04 05 b4 01 01 04 02 .9........... Frame 216 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 10:43:54.951206000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 120945.426002000 seconds Frame Number: 216 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0446 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc09a (incorrect, should be 0xb6f5) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192206, Ack: 15002568, Len: 0 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192206 Acknowledgement number: 15002568 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xcd75 (incorrect, should be 0xc3d0) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 04 46 40 00 7f 06 c0 9a ac 10 86 bf d0 ba .0.F@........... 0020 3d 02 00 8b 05 ec dc 4f 6a ce 00 e4 eb c8 70 12 =......Oj.....p. 0030 44 70 cd 75 00 00 02 04 05 b4 01 01 04 02 Dp.u.......... Frame 217 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.052134000 Time delta from previous packet: 0.100928000 seconds Time relative to first packet: 120945.526930000 seconds Frame Number: 217 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe793 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xed54 (incorrect, should be 0xe3af) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002568, Ack: 3696192207, Len: 0 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002568 Acknowledgement number: 3696192207 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x1c72 (incorrect, should be 0x12cd) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 e7 93 40 00 6f 06 ed 54 d0 ba 3d 02 ac 10 .(..@.o..T..=... 0020 86 bf 05 ec 00 8b 00 e4 eb c8 dc 4f 6a cf 50 10 ...........Oj.P. 0030 22 38 1c 72 00 00 00 00 00 00 00 00 "8.r........ Frame 218 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.059815000 Time delta from previous packet: 0.007681000 seconds Time relative to first packet: 120945.534611000 seconds Frame Number: 218 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xe893 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xec0c (incorrect, should be 0xe267) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002568, Ack: 3696192207, Len: 72 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002568 Next sequence number: 15002640 Acknowledgement number: 3696192207 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xcc56 (incorrect, should be 0xc2b1) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 e8 93 40 00 6f 06 ec 0c d0 ba 3d 02 ac 10 .p..@.o.....=... 0020 86 bf 05 ec 00 8b 00 e4 eb c8 dc 4f 6a cf 50 18 ...........Oj.P. 0030 22 38 cc 56 00 00 81 00 00 44 20 46 44 45 43 45 "8.V.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 219 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.060787000 Time delta from previous packet: 0.000972000 seconds Time relative to first packet: 120945.535583000 seconds Frame Number: 219 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0447 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc09d (incorrect, should be 0xb6f8) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192207, Ack: 15002640, Len: 4 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192207 Next sequence number: 3696192211 Acknowledgement number: 15002640 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x782d (incorrect, should be 0x6e88) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 04 47 40 00 7f 06 c0 9d ac 10 86 bf d0 ba .,.G@........... 0020 3d 02 00 8b 05 ec dc 4f 6a cf 00 e4 ec 10 50 18 =......Oj.....P. 0030 44 28 78 2d 00 00 82 00 00 00 00 00 D(x-........ Frame 220 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.199911000 Time delta from previous packet: 0.139124000 seconds Time relative to first packet: 120945.674707000 seconds Frame Number: 220 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 208.186.61.2 (208.186.61.2), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xeb93 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe916 (incorrect, should be 0xdf71) Source: 208.186.61.2 (208.186.61.2) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1516 (1516), Dst Port: netbios-ssn (139), Seq: 15002640, Ack: 3696192211, Len: 62 Source port: 1516 (1516) Destination port: netbios-ssn (139) Sequence number: 15002640 Next sequence number: 15002702 Acknowledgement number: 3696192211 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x885d (incorrect, should be 0x9eb7) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 eb 93 40 00 6f 06 e9 16 d0 ba 3d 02 ac 10 .f..@.o.....=... 0020 86 bf 05 ec 00 8b 00 e4 ec 10 dc 4f 6a d3 50 18 ...........Oj.P. 0030 22 34 88 5d 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.].....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 221 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 10:43:55.202573000 Time delta from previous packet: 0.002662000 seconds Time relative to first packet: 120945.677369000 seconds Frame Number: 221 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 208.186.61.2 (208.186.61.2) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0448 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc0a0 (incorrect, should be 0xb6fb) Source: 172.16.134.191 (172.16.134.191) Destination: 208.186.61.2 (208.186.61.2) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1516 (1516), Seq: 3696192211, Ack: 15002640, Len: 0 Source port: netbios-ssn (139) Destination port: 1516 (1516) Sequence number: 3696192211 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x3e6a (incorrect, should be 0x34c5) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 04 48 40 00 7f 06 c0 a0 ac 10 86 bf d0 ba .(.H@........... 0020 3d 02 00 8b 05 ec dc 4f 6a d3 00 e4 ec 10 50 04 =......Oj.....P. 0030 00 00 3e 6a 00 00 00 00 00 00 00 00 ..>j........ Frame 224 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 12:09:49.632552000 Time delta from previous packet: 0.600116000 seconds Time relative to first packet: 126100.107348000 seconds Frame Number: 224 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9a77 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x08f2 (incorrect, should be 0xff4c) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719604, Ack: 0, Len: 0 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719604 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xf704 (incorrect, should be 0xed5f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 9a 77 40 00 6b 06 08 f2 3e c2 04 72 ac 10 .0.w@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b4 00 00 00 00 70 02 ..............p. 0030 40 00 f7 04 00 00 02 04 05 b4 01 01 04 02 @............. Frame 225 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 12:09:49.633491000 Time delta from previous packet: 0.000939000 seconds Time relative to first packet: 126100.108287000 seconds Frame Number: 225 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0485 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8ae4 (incorrect, should be 0x813f) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462666, Ack: 231719605, Len: 0 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462666 Acknowledgement number: 231719605 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x1da8 (incorrect, should be 0x1403) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 04 85 40 00 7f 06 8a e4 ac 10 86 bf 3e c2 .0..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 ca 0d cf c2 b5 70 12 .r....0.......p. 0030 44 70 1d a8 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 226 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.190476000 Time delta from previous packet: 0.556985000 seconds Time relative to first packet: 126100.665272000 seconds Frame Number: 226 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9a8a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x08e7 (incorrect, should be 0xff41) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719605, Ack: 806462667, Len: 0 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719605 Acknowledgement number: 806462667 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x4a6c (incorrect, should be 0x40c7) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9a 8a 40 00 6b 06 08 e7 3e c2 04 72 ac 10 .(..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b5 30 11 a4 cb 50 10 ..........0...P. 0030 44 70 4a 6c 00 00 00 00 00 00 00 00 DpJl........ Frame 227 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.201656000 Time delta from previous packet: 0.011180000 seconds Time relative to first packet: 126100.676452000 seconds Frame Number: 227 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9a8b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x089e (incorrect, should be 0xfef8) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719605, Ack: 806462667, Len: 72 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719605 Next sequence number: 231719677 Acknowledgement number: 806462667 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xfa50 (incorrect, should be 0xf0ab) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 9a 8b 40 00 6b 06 08 9e 3e c2 04 72 ac 10 .p..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 b5 30 11 a4 cb 50 18 ..........0...P. 0030 44 70 fa 50 00 00 81 00 00 44 20 46 44 45 43 45 Dp.P.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 228 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.204915000 Time delta from previous packet: 0.003259000 seconds Time relative to first packet: 126100.679711000 seconds Frame Number: 228 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0486 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8ae7 (incorrect, should be 0x8142) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462667, Ack: 231719677, Len: 4 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462667 Next sequence number: 806462671 Acknowledgement number: 231719677 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xc85f (incorrect, should be 0xbeba) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 04 86 40 00 7f 06 8a e7 ac 10 86 bf 3e c2 .,..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 cb 0d cf c2 fd 50 18 .r....0.......P. 0030 44 28 c8 5f 00 00 82 00 00 00 00 00 D(._........ Frame 229 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.790880000 Time delta from previous packet: 0.585965000 seconds Time relative to first packet: 126101.265676000 seconds Frame Number: 229 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.194.4.114 (62.194.4.114), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x9aa3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x0890 (incorrect, should be 0xfeea) Source: 62.194.4.114 (62.194.4.114) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3757 (3757), Dst Port: netbios-ssn (139), Seq: 231719677, Ack: 806462671, Len: 62 Source port: 3757 (3757) Destination port: netbios-ssn (139) Sequence number: 231719677 Next sequence number: 231719739 Acknowledgement number: 806462671 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0xb657 (incorrect, should be 0xccb1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 9a a3 40 00 6b 06 08 90 3e c2 04 72 ac 10 .f..@.k...>..r.. 0020 86 bf 0e ad 00 8b 0d cf c2 fd 30 11 a4 cf 50 18 ..........0...P. 0030 44 6c b6 57 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl.W.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 230 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 12:09:50.796156000 Time delta from previous packet: 0.005276000 seconds Time relative to first packet: 126101.270952000 seconds Frame Number: 230 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.194.4.114 (62.194.4.114) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0487 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8aea (incorrect, should be 0x8145) Source: 172.16.134.191 (172.16.134.191) Destination: 62.194.4.114 (62.194.4.114) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3757 (3757), Seq: 806462671, Ack: 231719677, Len: 0 Source port: netbios-ssn (139) Destination port: 3757 (3757) Sequence number: 806462671 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x8e9c (incorrect, should be 0x84f7) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 04 87 40 00 7f 06 8a ea ac 10 86 bf 3e c2 .(..@.........>. 0020 04 72 00 8b 0e ad 30 11 a4 cf 0d cf c2 fd 50 04 .r....0.......P. 0030 00 00 8e 9c 00 00 00 00 00 00 00 00 ............ Frame 253 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.389421000 Time delta from previous packet: 0.101911000 seconds Time relative to first packet: 157920.864217000 seconds Frame Number: 253 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7a33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xfd88 (incorrect, should be 0xf3e3) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342167, Ack: 0, Len: 0 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342167 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x7e91 (incorrect, should be 0x74ec) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 7a 33 40 00 74 06 fd 88 44 73 21 6e ac 10 .0z3@.t...Ds!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 97 00 00 00 00 70 02 ........J.....p. 0030 16 d0 7e 91 00 00 02 04 05 b4 01 01 04 02 ..~........... Frame 254 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.422583000 Time delta from previous packet: 0.033162000 seconds Time relative to first packet: 157920.897379000 seconds Frame Number: 254 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.115.33.110 (68.115.33.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x05cc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x66f0 (incorrect, should be 0x5d4b) Source: 172.16.134.191 (172.16.134.191) Destination: 68.115.33.110 (68.115.33.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4881 (4881), Seq: 4196917429, Ack: 8342168, Len: 0 Source port: netbios-ssn (139) Destination port: 4881 (4881) Sequence number: 4196917429 Acknowledgement number: 8342168 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7602 (incorrect, should be 0x6c5d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 05 cc 40 00 7f 06 66 f0 ac 10 86 bf 44 73 .0..@...f.....Ds 0020 21 6e 00 8b 13 11 fa 27 e0 b5 00 7f 4a 98 70 12 !n.....'....J.p. 0030 44 70 76 02 00 00 02 04 05 b4 01 01 04 02 Dpv........... Frame 255 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.465207000 Time delta from previous packet: 0.042624000 seconds Time relative to first packet: 157920.940003000 seconds Frame Number: 255 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7e33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf990 (incorrect, should be 0xefeb) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342168, Ack: 4196917430, Len: 0 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342168 Acknowledgement number: 4196917430 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xd066 (incorrect, should be 0xc6c1) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7e 33 40 00 74 06 f9 90 44 73 21 6e ac 10 .(~3@.t...Ds!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 98 fa 27 e0 b6 50 10 ........J..'..P. 0030 16 d0 d0 66 00 00 00 00 00 00 00 00 ...f........ Frame 256 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.484404000 Time delta from previous packet: 0.019197000 seconds Time relative to first packet: 157920.959200000 seconds Frame Number: 256 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x7f33 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf848 (incorrect, should be 0xeea3) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342168, Ack: 4196917430, Len: 72 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342168 Next sequence number: 8342240 Acknowledgement number: 4196917430 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xa551 (incorrect, should be 0x9bac) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 7f 33 40 00 74 06 f8 48 44 73 21 6e ac 10 .p.3@.t..HDs!n.. 0020 86 bf 13 11 00 8b 00 7f 4a 98 fa 27 e0 b6 50 18 ........J..'..P. 0030 16 d0 a5 51 00 00 81 00 00 44 20 46 44 45 43 45 ...Q.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 257 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.490276000 Time delta from previous packet: 0.005872000 seconds Time relative to first packet: 157920.965072000 seconds Frame Number: 257 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 68.115.33.110 (68.115.33.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x05cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x66f3 (incorrect, should be 0x5d4e) Source: 172.16.134.191 (172.16.134.191) Destination: 68.115.33.110 (68.115.33.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4881 (4881), Seq: 4196917430, Ack: 8342240, Len: 4 Source port: netbios-ssn (139) Destination port: 4881 (4881) Sequence number: 4196917430 Next sequence number: 4196917434 Acknowledgement number: 8342240 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x20ba (incorrect, should be 0x1715) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 05 cd 40 00 7f 06 66 f3 ac 10 86 bf 44 73 .,..@...f.....Ds 0020 21 6e 00 8b 13 11 fa 27 e0 b6 00 7f 4a e0 50 18 !n.....'....J.P. 0030 44 28 20 ba 00 00 82 00 00 00 00 00 D( ......... Frame 258 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 21:00:10.562587000 Time delta from previous packet: 0.072311000 seconds Time relative to first packet: 157921.037383000 seconds Frame Number: 258 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 68.115.33.110 (68.115.33.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x8233 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 116 Protocol: TCP (0x06) Header checksum: 0xf552 (incorrect, should be 0xebad) Source: 68.115.33.110 (68.115.33.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4881 (4881), Dst Port: netbios-ssn (139), Seq: 8342240, Ack: 4196917434, Len: 62 Source port: 4881 (4881) Destination port: netbios-ssn (139) Sequence number: 8342240 Next sequence number: 8342302 Acknowledgement number: 4196917434 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5836 Checksum: 0x3c52 (incorrect, should be 0x52ac) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 82 33 40 00 74 06 f5 52 44 73 21 6e ac 10 .f.3@.t..RDs!n.. 0020 86 bf 13 11 00 8b 00 7f 4a e0 fa 27 e0 ba 50 18 ........J..'..P. 0030 16 cc 3c 52 00 00 00 00 00 3a ff 53 4d 42 75 00 .. (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5c 14 40 00 68 06 8f a9 90 86 6d 19 ac 10 .p\.@.h.....m... 0020 86 bf 04 01 00 8b 01 9b 65 b2 28 73 3f 1a 50 18 ........e.(s?.P. 0030 22 38 43 50 00 00 81 00 00 44 20 46 44 45 43 45 "8CP.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 268 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:51:57.618024000 Time delta from previous packet: 0.000633000 seconds Time relative to first packet: 161028.092820000 seconds Frame Number: 268 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 144.134.109.25 (144.134.109.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x05f0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcf11 (incorrect, should be 0xc56c) Source: 172.16.134.191 (172.16.134.191) Destination: 144.134.109.25 (144.134.109.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 678641434, Ack: 26961402, Len: 4 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 678641434 Next sequence number: 678641438 Acknowledgement number: 26961402 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xef26 (incorrect, should be 0xe581) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 05 f0 40 00 7f 06 cf 11 ac 10 86 bf 90 86 .,..@........... 0020 6d 19 00 8b 04 01 28 73 3f 1a 01 9b 65 fa 50 18 m.....(s?...e.P. 0030 44 28 ef 26 00 00 82 00 00 00 00 00 D(.&........ Frame 269 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 2, 2003 21:51:58.075756000 Time delta from previous packet: 0.457732000 seconds Time relative to first packet: 161028.550552000 seconds Frame Number: 269 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 144.134.109.25 (144.134.109.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7214 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 104 Protocol: TCP (0x06) Header checksum: 0x79b3 (incorrect, should be 0x700e) Source: 144.134.109.25 (144.134.109.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 26961402, Ack: 678641438, Len: 62 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 26961402 Next sequence number: 26961464 Acknowledgement number: 678641438 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xff56 (incorrect, should be 0x15b1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 72 14 40 00 68 06 79 b3 90 86 6d 19 ac 10 .fr.@.h.y...m... 0020 86 bf 04 01 00 8b 01 9b 65 fa 28 73 3f 1e 50 18 ........e.(s?.P. 0030 22 34 ff 56 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.V.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 270 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 2, 2003 21:51:58.081099000 Time delta from previous packet: 0.005343000 seconds Time relative to first packet: 161028.555895000 seconds Frame Number: 270 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 144.134.109.25 (144.134.109.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x05f1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xcf14 (incorrect, should be 0xc56f) Source: 172.16.134.191 (172.16.134.191) Destination: 144.134.109.25 (144.134.109.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 678641438, Ack: 26961402, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 678641438 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xb563 (incorrect, should be 0xabbe) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 05 f1 40 00 7f 06 cf 14 ac 10 86 bf 90 86 .(..@........... 0020 6d 19 00 8b 04 01 28 73 3f 1e 01 9b 65 fa 50 04 m.....(s?...e.P. 0030 00 00 b5 63 00 00 00 00 00 00 00 00 ...c........ Frame 281 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:55:35.528599000 Time delta from previous packet: 0.000008000 seconds Time relative to first packet: 236846.003395000 seconds Frame Number: 281 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x376d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xf2bd (incorrect, should be 0xe918) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4794 (4794), Dst Port: netbios-ssn (139), Seq: 149921138, Ack: 0, Len: 0 Source port: 4794 (4794) Destination port: netbios-ssn (139) Sequence number: 149921138 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa603 (incorrect, should be 0x9c5e) Options: (8 bytes) Maximum segment size: 1420 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 37 6d 40 00 6d 06 f2 bd c3 24 f7 4d ac 10 .07m@.m....$.M.. 0020 86 bf 12 ba 00 8b 08 ef 9d 72 00 00 00 00 70 02 .........r....p. 0030 40 00 a6 03 00 00 02 04 05 8c 01 01 04 02 @............. Frame 283 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:55:35.533719000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 236846.008515000 seconds Frame Number: 283 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.36.247.77 (195.36.247.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x639a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb490 (incorrect, should be 0xaaeb) Source: 172.16.134.191 (172.16.134.191) Destination: 195.36.247.77 (195.36.247.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4794 (4794), Seq: 2453940821, Ack: 149921139, Len: 0 Source port: netbios-ssn (139) Destination port: 4794 (4794) Sequence number: 2453940821 Acknowledgement number: 149921139 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17040 Checksum: 0xe6a0 (incorrect, should be 0xdcfb) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 63 9a 40 00 7f 06 b4 90 ac 10 86 bf c3 24 .0c.@..........$ 0020 f7 4d 00 8b 12 ba 92 44 2a 55 08 ef 9d 73 70 12 .M.....D*U...sp. 0030 42 90 e6 a0 00 00 02 04 05 b4 01 01 04 02 B............. Frame 286 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 18:55:36.416696000 Time delta from previous packet: 0.019314000 seconds Time relative to first packet: 236846.891492000 seconds Frame Number: 286 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x37cb Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x3268 (incorrect, should be 0x28c3) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4794 (4794), Dst Port: netbios-ssn (139), Seq: 149921139, Ack: 149921139, Len: 0 Source port: 4794 (4794) Destination port: netbios-ssn (139) Sequence number: 149921139 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x6c39 (incorrect, should be 0x6294) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 37 cb 00 00 6d 06 32 68 c3 24 f7 4d ac 10 .(7...m.2h.$.M.. 0020 86 bf 12 ba 00 8b 08 ef 9d 73 08 ef 9d 73 50 04 .........s...sP. 0030 00 00 6c 39 00 00 00 00 00 00 00 00 ..l9........ Frame 402 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.085060000 Time delta from previous packet: 0.000016000 seconds Time relative to first packet: 236898.559856000 seconds Frame Number: 402 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4c2e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xddfc (incorrect, should be 0xd457) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3352 (3352), Dst Port: netbios-ssn (139), Seq: 186099577, Ack: 0, Len: 0 Source port: 3352 (3352) Destination port: netbios-ssn (139) Sequence number: 186099577 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x9f76 (incorrect, should be 0x95d1) Options: (8 bytes) Maximum segment size: 1420 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4c 2e 40 00 6d 06 dd fc c3 24 f7 4d ac 10 .0L.@.m....$.M.. 0020 86 bf 0d 18 00 8b 0b 17 a7 79 00 00 00 00 70 02 .........y....p. 0030 40 00 9f 76 00 00 02 04 05 8c 01 01 04 02 @..v.......... Frame 404 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.086253000 Time delta from previous packet: 0.000078000 seconds Time relative to first packet: 236898.561049000 seconds Frame Number: 404 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.36.247.77 (195.36.247.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x63e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb442 (incorrect, should be 0xaa9d) Source: 172.16.134.191 (172.16.134.191) Destination: 195.36.247.77 (195.36.247.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3352 (3352), Seq: 2467165145, Ack: 186099578, Len: 0 Source port: netbios-ssn (139) Destination port: 3352 (3352) Sequence number: 2467165145 Acknowledgement number: 186099578 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17040 Checksum: 0x15c6 (incorrect, should be 0x0c21) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 63 e8 40 00 7f 06 b4 42 ac 10 86 bf c3 24 .0c.@....B.....$ 0020 f7 4d 00 8b 0d 18 93 0d f3 d9 0b 17 a7 7a 70 12 .M...........zp. 0030 42 90 15 c6 00 00 02 04 05 b4 01 01 04 02 B............. Frame 407 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 18:56:28.978397000 Time delta from previous packet: 0.011007000 seconds Time relative to first packet: 236899.453193000 seconds Frame Number: 407 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.36.247.77 (195.36.247.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4c8b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x1da8 (incorrect, should be 0x1403) Source: 195.36.247.77 (195.36.247.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3352 (3352), Dst Port: netbios-ssn (139), Seq: 186099578, Ack: 186099578, Len: 0 Source port: 3352 (3352) Destination port: netbios-ssn (139) Sequence number: 186099578 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x597d (incorrect, should be 0x4fd8) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4c 8b 00 00 6d 06 1d a8 c3 24 f7 4d ac 10 .(L...m....$.M.. 0020 86 bf 0d 18 00 8b 0b 17 a7 7a 0b 17 a7 7a 50 04 .........z...zP. 0030 00 00 59 7d 00 00 00 00 00 00 00 00 ..Y}........ Frame 425 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.251517000 Time delta from previous packet: 0.324915000 seconds Time relative to first packet: 239248.726313000 seconds Frame Number: 425 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xca4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x73cc (incorrect, should be 0x6a27) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016531, Ack: 0, Len: 0 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016531 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x6897 (incorrect, should be 0x5ef2) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 ca 4a 40 00 6e 06 73 cc d2 0c d3 79 ac 10 .0.J@.n.s....y.. 0020 86 bf 11 51 00 8b 00 a8 19 53 00 00 00 00 70 02 ...Q.....S....p. 0030 20 00 68 97 00 00 02 04 05 b4 01 01 04 02 .h........... Frame 426 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.252277000 Time delta from previous packet: 0.000760000 seconds Time relative to first packet: 239248.727073000 seconds Frame Number: 426 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x675c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5ba (incorrect, should be 0xbc15) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631718, Ack: 11016532, Len: 0 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631718 Acknowledgement number: 11016532 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x92dd (incorrect, should be 0x8938) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 67 5c 40 00 7f 06 c5 ba ac 10 86 bf d2 0c .0g\@........... 0020 d3 79 00 8b 11 51 b6 11 fb 26 00 a8 19 54 70 12 .y...Q...&...Tp. 0030 44 70 92 dd 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 427 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.529537000 Time delta from previous packet: 0.277260000 seconds Time relative to first packet: 239249.004333000 seconds Frame Number: 427 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcd4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x70d4 (incorrect, should be 0x672f) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016532, Ack: 3054631719, Len: 0 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016532 Acknowledgement number: 3054631719 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe1d9 (incorrect, should be 0xd834) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cd 4a 40 00 6e 06 70 d4 d2 0c d3 79 ac 10 .(.J@.n.p....y.. 0020 86 bf 11 51 00 8b 00 a8 19 54 b6 11 fb 27 50 10 ...Q.....T...'P. 0030 22 38 e1 d9 00 00 00 00 00 00 00 00 "8.......... Frame 428 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.541243000 Time delta from previous packet: 0.011706000 seconds Time relative to first packet: 239249.016039000 seconds Frame Number: 428 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xce4a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x6f8c (incorrect, should be 0x65e7) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016532, Ack: 3054631719, Len: 72 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016532 Next sequence number: 11016604 Acknowledgement number: 3054631719 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x91be (incorrect, should be 0x8819) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ce 4a 40 00 6e 06 6f 8c d2 0c d3 79 ac 10 .p.J@.n.o....y.. 0020 86 bf 11 51 00 8b 00 a8 19 54 b6 11 fb 27 50 18 ...Q.....T...'P. 0030 22 38 91 be 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 429 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.542527000 Time delta from previous packet: 0.001284000 seconds Time relative to first packet: 239249.017323000 seconds Frame Number: 429 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x675d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5bd (incorrect, should be 0xbc18) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631719, Ack: 11016604, Len: 4 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631719 Next sequence number: 3054631723 Acknowledgement number: 11016604 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x3d95 (incorrect, should be 0x33f0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 67 5d 40 00 7f 06 c5 bd ac 10 86 bf d2 0c .,g]@........... 0020 d3 79 00 8b 11 51 b6 11 fb 27 00 a8 19 9c 50 18 .y...Q...'....P. 0030 44 28 3d 95 00 00 82 00 00 00 00 00 D(=......... Frame 430 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.799588000 Time delta from previous packet: 0.257061000 seconds Time relative to first packet: 239249.274384000 seconds Frame Number: 430 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.12.211.121 (210.12.211.121), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd14a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x6c96 (incorrect, should be 0x62f1) Source: 210.12.211.121 (210.12.211.121) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4433 (4433), Dst Port: netbios-ssn (139), Seq: 11016604, Ack: 3054631723, Len: 62 Source port: 4433 (4433) Destination port: netbios-ssn (139) Sequence number: 11016604 Next sequence number: 11016666 Acknowledgement number: 3054631723 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x4dc5 (incorrect, should be 0x641f) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 4a 40 00 6e 06 6c 96 d2 0c d3 79 ac 10 .f.J@.n.l....y.. 0020 86 bf 11 51 00 8b 00 a8 19 9c b6 11 fb 2b 50 18 ...Q.........+P. 0030 22 34 4d c5 00 00 00 00 00 3a ff 53 4d 42 75 00 "4M......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 431 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:35:38.804660000 Time delta from previous packet: 0.005072000 seconds Time relative to first packet: 239249.279456000 seconds Frame Number: 431 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.12.211.121 (210.12.211.121) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x675e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc5c0 (incorrect, should be 0xbc1b) Source: 172.16.134.191 (172.16.134.191) Destination: 210.12.211.121 (210.12.211.121) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4433 (4433), Seq: 3054631723, Ack: 11016604, Len: 0 Source port: netbios-ssn (139) Destination port: 4433 (4433) Sequence number: 3054631723 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x03d2 (incorrect, should be 0xfa2c) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 67 5e 40 00 7f 06 c5 c0 ac 10 86 bf d2 0c .(g^@........... 0020 d3 79 00 8b 11 51 b6 11 fb 2b 00 a8 19 9c 50 04 .y...Q...+....P. 0030 00 00 03 d2 00 00 00 00 00 00 00 00 ............ Frame 434 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:47:47.962022000 Time delta from previous packet: 0.510539000 seconds Time relative to first packet: 239978.436818000 seconds Frame Number: 434 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x256d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4fce (incorrect, should be 0x4629) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963040, Ack: 0, Len: 0 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963040 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x0777 (incorrect, should be 0xfdd1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 25 6d 40 00 70 06 4f ce ca 3f a2 22 ac 10 .0%m@.p.O..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e0 00 00 00 00 70 02 ...e...K......p. 0030 20 00 07 77 00 00 02 04 05 b4 01 01 04 02 ..w.......... Frame 435 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 19:47:47.962777000 Time delta from previous packet: 0.000755000 seconds Time relative to first packet: 239978.437573000 seconds Frame Number: 435 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x686f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdcb (incorrect, should be 0xf426) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119574, Ack: 4963041, Len: 0 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119574 Acknowledgement number: 4963041 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9bac (incorrect, should be 0x9207) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 68 6f 40 00 7f 06 fd cb ac 10 86 bf ca 3f .0ho@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 56 00 4b ba e1 70 12 ."...e...V.K..p. 0030 44 70 9b ac 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 436 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.439987000 Time delta from previous packet: 0.477210000 seconds Time relative to first packet: 239978.914783000 seconds Frame Number: 436 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x296d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4bd6 (incorrect, should be 0x4231) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963041, Ack: 3237119575, Len: 0 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963041 Acknowledgement number: 3237119575 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xeaa8 (incorrect, should be 0xe103) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 29 6d 40 00 70 06 4b d6 ca 3f a2 22 ac 10 .()m@.p.K..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e1 c0 f2 86 57 50 10 ...e...K.....WP. 0030 22 38 ea a8 00 00 00 00 00 00 00 00 "8.......... Frame 437 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.451926000 Time delta from previous packet: 0.011939000 seconds Time relative to first packet: 239978.926722000 seconds Frame Number: 437 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x2a6d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4a8e (incorrect, should be 0x40e9) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963041, Ack: 3237119575, Len: 72 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963041 Next sequence number: 4963113 Acknowledgement number: 3237119575 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xb78d (incorrect, should be 0xade8) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 2a 6d 40 00 70 06 4a 8e ca 3f a2 22 ac 10 .p*m@.p.J..?.".. 0020 86 bf 0a 65 00 8b 00 4b ba e1 c0 f2 86 57 50 18 ...e...K.....WP. 0030 22 38 b7 8d 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 438 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.453204000 Time delta from previous packet: 0.001278000 seconds Time relative to first packet: 239978.928000000 seconds Frame Number: 438 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6870 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdce (incorrect, should be 0xf429) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119575, Ack: 4963113, Len: 4 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119575 Next sequence number: 3237119579 Acknowledgement number: 4963113 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x4664 (incorrect, should be 0x3cbf) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 68 70 40 00 7f 06 fd ce ac 10 86 bf ca 3f .,hp@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 57 00 4b bb 29 50 18 ."...e...W.K.)P. 0030 44 28 46 64 00 00 82 00 00 00 00 00 D(Fd........ Frame 439 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.940293000 Time delta from previous packet: 0.487089000 seconds Time relative to first packet: 239979.415089000 seconds Frame Number: 439 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 202.63.162.34 (202.63.162.34), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x2e6d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x4698 (incorrect, should be 0x3cf3) Source: 202.63.162.34 (202.63.162.34) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2661 (2661), Dst Port: netbios-ssn (139), Seq: 4963113, Ack: 3237119579, Len: 62 Source port: 2661 (2661) Destination port: netbios-ssn (139) Sequence number: 4963113 Next sequence number: 4963175 Acknowledgement number: 3237119579 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x5694 (incorrect, should be 0x6cee) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 2e 6d 40 00 70 06 46 98 ca 3f a2 22 ac 10 .f.m@.p.F..?.".. 0020 86 bf 0a 65 00 8b 00 4b bb 29 c0 f2 86 5b 50 18 ...e...K.)...[P. 0030 22 34 56 94 00 00 00 00 00 3a ff 53 4d 42 75 00 "4V......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 440 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 19:47:48.946593000 Time delta from previous packet: 0.006300000 seconds Time relative to first packet: 239979.421389000 seconds Frame Number: 440 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 202.63.162.34 (202.63.162.34) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6872 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfdd0 (incorrect, should be 0xf42b) Source: 172.16.134.191 (172.16.134.191) Destination: 202.63.162.34 (202.63.162.34) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2661 (2661), Seq: 3237119579, Ack: 4963113, Len: 0 Source port: netbios-ssn (139) Destination port: 2661 (2661) Sequence number: 3237119579 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0ca1 (incorrect, should be 0x02fc) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 68 72 40 00 7f 06 fd d0 ac 10 86 bf ca 3f .(hr@..........? 0020 a2 22 00 8b 0a 65 c0 f2 86 5b 00 4b bb 29 50 04 ."...e...[.K.)P. 0030 00 00 0c a1 00 00 00 00 00 00 00 00 ............ Frame 446 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.111288000 Time delta from previous packet: 0.634848000 seconds Time relative to first packet: 247731.586084000 seconds Frame Number: 446 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x33e8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xaafb (incorrect, should be 0xa156) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347502, Ack: 0, Len: 0 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347502 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x8c74 (incorrect, should be 0x82cf) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 33 e8 40 00 6e 06 aa fb d2 d6 31 e3 ac 10 .03.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 ae 00 00 00 00 70 02 .......Q......p. 0030 20 00 8c 74 00 00 02 04 02 18 01 01 04 02 ..t.......... Frame 447 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.112022000 Time delta from previous packet: 0.000734000 seconds Time relative to first packet: 247731.586818000 seconds Frame Number: 447 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x73c9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1a (incorrect, should be 0x5075) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524121, Ack: 5347503, Len: 0 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524121 Acknowledgement number: 5347503 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xb11c (incorrect, should be 0xa777) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 73 c9 40 00 7f 06 5a 1a ac 10 86 bf d2 d6 .0s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 19 00 51 98 af 70 12 1.....4....Q..p. 0030 40 e8 b1 1c 00 00 02 04 05 b4 01 01 04 02 @............. Frame 448 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.670767000 Time delta from previous packet: 0.558745000 seconds Time relative to first packet: 247732.145563000 seconds Frame Number: 448 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x3ee8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0xa003 (incorrect, should be 0x965e) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347503, Ack: 883524122, Len: 0 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347503 Acknowledgement number: 883524122 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 536 Checksum: 0x1cb1 (incorrect, should be 0x130c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 3e e8 40 00 6e 06 a0 03 d2 d6 31 e3 ac 10 .(>.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 af 34 a9 82 1a 50 10 .......Q..4...P. 0030 02 18 1c b1 00 00 00 00 00 00 00 00 ............ Frame 449 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.680070000 Time delta from previous packet: 0.009303000 seconds Time relative to first packet: 247732.154866000 seconds Frame Number: 449 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x3fe8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x9ebb (incorrect, should be 0x9516) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347503, Ack: 883524122, Len: 72 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347503 Next sequence number: 5347575 Acknowledgement number: 883524122 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xca2d (incorrect, should be 0xc088) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 3f e8 40 00 6e 06 9e bb d2 d6 31 e3 ac 10 .p?.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 af 34 a9 82 1a 50 18 .......Q..4...P. 0030 21 80 ca 2d 00 00 81 00 00 44 20 46 44 45 43 45 !..-.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 450 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:01.681364000 Time delta from previous packet: 0.001294000 seconds Time relative to first packet: 247732.156160000 seconds Frame Number: 450 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x73ca Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1d (incorrect, should be 0x5078) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524122, Ack: 5347575, Len: 4 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524122 Next sequence number: 883524126 Acknowledgement number: 5347575 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x5bd4 (incorrect, should be 0x522f) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 73 ca 40 00 7f 06 5a 1d ac 10 86 bf d2 d6 .,s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 1a 00 51 98 f7 50 18 1.....4....Q..P. 0030 40 a0 5b d4 00 00 82 00 00 00 00 00 @.[......... Frame 451 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 3, 2003 21:57:02.220328000 Time delta from previous packet: 0.538964000 seconds Time relative to first packet: 247732.695124000 seconds Frame Number: 451 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.214.49.227 (210.214.49.227), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x4ee8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x8fc5 (incorrect, should be 0x8620) Source: 210.214.49.227 (210.214.49.227) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4824 (4824), Dst Port: netbios-ssn (139), Seq: 5347575, Ack: 883524126, Len: 62 Source port: 4824 (4824) Destination port: netbios-ssn (139) Sequence number: 5347575 Next sequence number: 5347637 Acknowledgement number: 883524126 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x6934 (incorrect, should be 0x7f8e) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 4e e8 40 00 6e 06 8f c5 d2 d6 31 e3 ac 10 .fN.@.n.....1... 0020 86 bf 12 d8 00 8b 00 51 98 f7 34 a9 82 1e 50 18 .......Q..4...P. 0030 21 7c 69 34 00 00 00 00 00 3a ff 53 4d 42 75 00 !|i4.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 452 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 3, 2003 21:57:02.236457000 Time delta from previous packet: 0.016129000 seconds Time relative to first packet: 247732.711253000 seconds Frame Number: 452 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.214.49.227 (210.214.49.227) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x73cc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5a1f (incorrect, should be 0x507a) Source: 172.16.134.191 (172.16.134.191) Destination: 210.214.49.227 (210.214.49.227) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4824 (4824), Seq: 883524126, Ack: 5347575, Len: 0 Source port: netbios-ssn (139) Destination port: 4824 (4824) Sequence number: 883524126 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x1e89 (incorrect, should be 0x14e4) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 73 cc 40 00 7f 06 5a 1f ac 10 86 bf d2 d6 .(s.@...Z....... 0020 31 e3 00 8b 12 d8 34 a9 82 1e 00 51 98 f7 50 04 1.....4....Q..P. 0030 00 00 1e 89 00 00 00 00 00 00 00 00 ............ Frame 459 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.624589000 Time delta from previous packet: 0.008705000 seconds Time relative to first packet: 259783.099385000 seconds Frame Number: 459 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x83ce Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x1225 (incorrect, should be 0x0880) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4605 (4605), Dst Port: netbios-ssn (139), Seq: 2060642689, Ack: 0, Len: 0 Source port: 4605 (4605) Destination port: netbios-ssn (139) Sequence number: 2060642689 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x498e (incorrect, should be 0x3fe9) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 83 ce 40 00 6f 06 12 25 42 8b 0a 0f ac 10 .@..@.o..%B..... 0020 86 bf 11 fd 00 8b 7a d2 e9 81 00 00 00 00 b0 02 ......z......... 0030 ff ff 49 8e 00 00 02 04 05 86 01 03 03 00 01 01 ..I............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 460 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.624591000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 259783.099387000 seconds Frame Number: 460 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x8548 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x00ab (incorrect, should be 0xf705) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4605 (4605), Seq: 3893171809, Ack: 2060642690, Len: 0 Source port: netbios-ssn (139) Destination port: 4605 (4605) Sequence number: 3893171809 Acknowledgement number: 2060642690 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x0898 (incorrect, should be 0xfef2) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 48 40 00 7f 06 00 ab ac 10 86 bf 42 8b .@.H@.........B. 0020 0a 0f 00 8b 11 fd e8 0d 16 61 7a d2 e9 82 b0 12 .........az..... 0030 42 48 08 98 00 00 02 04 05 b4 01 03 03 00 01 01 BH.............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 464 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:52.767757000 Time delta from previous packet: 0.005668000 seconds Time relative to first packet: 259783.242553000 seconds Frame Number: 464 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x83ee Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x521d (incorrect, should be 0x4878) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4605 (4605), Dst Port: netbios-ssn (139), Seq: 2060642690, Ack: 2060642690, Len: 0 Source port: 4605 (4605) Destination port: netbios-ssn (139) Sequence number: 2060642690 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x5ee9 (incorrect, should be 0x5544) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 83 ee 00 00 6f 06 52 1d 42 8b 0a 0f ac 10 .(....o.R.B..... 0020 86 bf 11 fd 00 8b 7a d2 e9 82 7a d2 e9 82 50 04 ......z...z...P. 0030 00 00 5e e9 00 00 00 00 00 00 00 00 ..^......... Frame 499 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.491662000 Time delta from previous packet: 0.004409000 seconds Time relative to first packet: 259784.966458000 seconds Frame Number: 499 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x84f7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x10fc (incorrect, should be 0x0757) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4661 (4661), Dst Port: netbios-ssn (139), Seq: 2063962073, Ack: 0, Len: 0 Source port: 4661 (4661) Destination port: netbios-ssn (139) Sequence number: 2063962073 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xa2cb (incorrect, should be 0x9926) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 84 f7 40 00 6f 06 10 fc 42 8b 0a 0f ac 10 .@..@.o...B..... 0020 86 bf 12 35 00 8b 7b 05 8f d9 00 00 00 00 b0 02 ...5..{......... 0030 ff ff a2 cb 00 00 02 04 05 86 01 03 03 00 01 01 ................ 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 500 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.491664000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 259784.966460000 seconds Frame Number: 500 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x855c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x0097 (incorrect, should be 0xf6f1) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4661 (4661), Seq: 3893767196, Ack: 2063962074, Len: 0 Source port: netbios-ssn (139) Destination port: 4661 (4661) Sequence number: 3893767196 Acknowledgement number: 2063962074 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x4c11 (incorrect, should be 0x426c) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 5c 40 00 7f 06 00 97 ac 10 86 bf 42 8b .@.\@.........B. 0020 0a 0f 00 8b 12 35 e8 16 2c 1c 7b 05 8f da b0 12 .....5..,.{..... 0030 42 48 4c 11 00 00 02 04 05 b4 01 03 03 00 01 01 BHL............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 505 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:54.739573000 Time delta from previous packet: 0.008573000 seconds Time relative to first packet: 259785.214369000 seconds Frame Number: 505 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x851c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x50ef (incorrect, should be 0x474a) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4661 (4661), Dst Port: netbios-ssn (139), Seq: 2063962074, Ack: 2063962074, Len: 0 Source port: 4661 (4661) Destination port: netbios-ssn (139) Sequence number: 2063962074 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x119c (incorrect, should be 0x07f7) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 85 1c 00 00 6f 06 50 ef 42 8b 0a 0f ac 10 .(....o.P.B..... 0020 86 bf 12 35 00 8b 7b 05 8f da 7b 05 8f da 50 04 ...5..{...{...P. 0030 00 00 11 9c 00 00 00 00 00 00 00 00 ............ Frame 563 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.380117000 Time delta from previous packet: 0.015682000 seconds Time relative to first packet: 259788.854913000 seconds Frame Number: 563 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x877c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x0e77 (incorrect, should be 0x04d2) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4799 (4799), Dst Port: netbios-ssn (139), Seq: 2071817742, Ack: 0, Len: 0 Source port: 4799 (4799) Destination port: netbios-ssn (139) Sequence number: 2071817742 Header length: 44 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xc394 (incorrect, should be 0xb9ef) Options: (24 bytes) Maximum segment size: 1414 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 40 87 7c 40 00 6f 06 0e 77 42 8b 0a 0f ac 10 .@.|@.o..wB..... 0020 86 bf 12 bf 00 8b 7b 7d 6e 0e 00 00 00 00 b0 02 ......{}n....... 0030 ff ff c3 94 00 00 02 04 05 86 01 03 03 00 01 01 ................ 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 564 (78 bytes on wire, 78 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.380122000 Time delta from previous packet: 0.000005000 seconds Time relative to first packet: 259788.854918000 seconds Frame Number: 564 Packet Length: 78 bytes Capture Length: 78 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.139.10.15 (66.139.10.15) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x857b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x0078 (incorrect, should be 0xf6d2) Source: 172.16.134.191 (172.16.134.191) Destination: 66.139.10.15 (66.139.10.15) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4799 (4799), Seq: 3894842395, Ack: 2071817743, Len: 0 Source port: netbios-ssn (139) Destination port: 4799 (4799) Sequence number: 3894842395 Acknowledgement number: 2071817743 Header length: 44 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x04cb (incorrect, should be 0xfb25) Options: (24 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP Time stamp: tsval 0, tsecr 0 NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 40 85 7b 40 00 7f 06 00 78 ac 10 86 bf 42 8b .@.{@....x....B. 0020 0a 0f 00 8b 12 bf e8 26 94 1b 7b 7d 6e 0f b0 12 .......&..{}n... 0030 42 48 04 cb 00 00 02 04 05 b4 01 03 03 00 01 01 BH.............. 0040 08 0a 00 00 00 00 00 00 00 00 01 01 04 02 .............. Frame 569 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 01:17:58.483289000 Time delta from previous packet: 0.008162000 seconds Time relative to first packet: 259788.958085000 seconds Frame Number: 569 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.139.10.15 (66.139.10.15), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x8790 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x4e7b (incorrect, should be 0x44d6) Source: 66.139.10.15 (66.139.10.15) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4799 (4799), Dst Port: netbios-ssn (139), Seq: 2071817743, Ack: 2071817743, Len: 0 Source port: 4799 (4799) Destination port: netbios-ssn (139) Sequence number: 2071817743 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x53b8 (incorrect, should be 0x4a13) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 87 90 00 00 6f 06 4e 7b 42 8b 0a 0f ac 10 .(....o.N{B..... 0020 86 bf 12 bf 00 8b 7b 7d 6e 0f 7b 7d 6e 0f 50 04 ......{}n.{}n.P. 0030 00 00 53 b8 00 00 00 00 00 00 00 00 ..S......... Frame 777 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:22:14.562268000 Time delta from previous packet: 0.457029000 seconds Time relative to first packet: 267245.037064000 seconds Frame Number: 777 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc2d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x60ba (incorrect, should be 0x5715) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611266, Ack: 0, Len: 0 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611266 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x4d45 (incorrect, should be 0x43a0) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c2 d9 40 00 6f 06 60 ba c3 43 fb c5 ac 10 .0..@.o.`..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 02 00 00 00 00 70 02 ........&.....p. 0030 20 00 4d 45 00 00 02 04 02 18 01 01 04 02 .ME.......... Frame 778 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:22:14.567460000 Time delta from previous packet: 0.005192000 seconds Time relative to first packet: 267245.042256000 seconds Frame Number: 778 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x90b3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e0 (incorrect, should be 0x793b) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114474, Ack: 65611267, Len: 0 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114474 Acknowledgement number: 65611267 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x3441 (incorrect, should be 0x2a9c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 90 b3 40 00 7f 06 82 e0 ac 10 86 bf c3 43 .0..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2a 03 e9 26 03 70 12 ......WD.*..&.p. 0030 40 e8 34 41 00 00 02 04 05 b4 01 01 04 02 @.4A.......... Frame 779 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.122320000 Time delta from previous packet: 0.554860000 seconds Time relative to first packet: 267245.597116000 seconds Frame Number: 779 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd8d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x4ac2 (incorrect, should be 0x411d) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611267, Ack: 1464114475, Len: 0 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611267 Acknowledgement number: 1464114475 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x806d (incorrect, should be 0x76c8) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 d8 d9 40 00 6f 06 4a c2 c3 43 fb c5 ac 10 .(..@.o.J..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 03 57 44 9d 2b 50 10 ........&.WD.+P. 0030 21 80 80 6d 00 00 00 00 00 00 00 00 !..m........ Frame 780 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.145328000 Time delta from previous packet: 0.023008000 seconds Time relative to first packet: 267245.620124000 seconds Frame Number: 780 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xd9d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x497a (incorrect, should be 0x3fd5) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611267, Ack: 1464114475, Len: 72 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611267 Next sequence number: 65611339 Acknowledgement number: 1464114475 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x4e58 (incorrect, should be 0x44b3) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 d9 d9 40 00 6f 06 49 7a c3 43 fb c5 ac 10 .p..@.o.Iz.C.... 0020 86 bf 06 cc 00 8b 03 e9 26 03 57 44 9d 2b 50 18 ........&.WD.+P. 0030 21 80 4e 58 00 00 81 00 00 44 20 46 44 45 43 45 !.NX.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 781 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.147720000 Time delta from previous packet: 0.002392000 seconds Time relative to first packet: 267245.622516000 seconds Frame Number: 781 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x90b4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e3 (incorrect, should be 0x793e) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114475, Ack: 65611339, Len: 4 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114475 Next sequence number: 1464114479 Acknowledgement number: 65611339 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xdef8 (incorrect, should be 0xd553) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 90 b4 40 00 7f 06 82 e3 ac 10 86 bf c3 43 .,..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2b 03 e9 26 4b 50 18 ......WD.+..&KP. 0030 40 a0 de f8 00 00 82 00 00 00 00 00 @........... Frame 782 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.620880000 Time delta from previous packet: 0.473160000 seconds Time relative to first packet: 267246.095676000 seconds Frame Number: 782 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 195.67.251.197 (195.67.251.197), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xf1d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x3184 (incorrect, should be 0x27df) Source: 195.67.251.197 (195.67.251.197) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn (139), Seq: 65611339, Ack: 1464114479, Len: 62 Source port: 1740 (1740) Destination port: netbios-ssn (139) Sequence number: 65611339 Next sequence number: 65611401 Acknowledgement number: 1464114479 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0xec58 (incorrect, should be 0x02b3) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 f1 d9 40 00 6f 06 31 84 c3 43 fb c5 ac 10 .f..@.o.1..C.... 0020 86 bf 06 cc 00 8b 03 e9 26 4b 57 44 9d 2f 50 18 ........&KWD./P. 0030 21 7c ec 58 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.X.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 783 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:22:15.625923000 Time delta from previous packet: 0.005043000 seconds Time relative to first packet: 267246.100719000 seconds Frame Number: 783 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 195.67.251.197 (195.67.251.197) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x90b5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x82e6 (incorrect, should be 0x7941) Source: 172.16.134.191 (172.16.134.191) Destination: 195.67.251.197 (195.67.251.197) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740 (1740), Seq: 1464114479, Ack: 65611339, Len: 0 Source port: netbios-ssn (139) Destination port: 1740 (1740) Sequence number: 1464114479 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa1ad (incorrect, should be 0x9808) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 90 b5 40 00 7f 06 82 e6 ac 10 86 bf c3 43 .(..@..........C 0020 fb c5 00 8b 06 cc 57 44 9d 2f 03 e9 26 4b 50 04 ......WD./..&KP. 0030 00 00 a1 ad 00 00 00 00 00 00 00 00 ............ Frame 786 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:25:19.822725000 Time delta from previous packet: 0.232052000 seconds Time relative to first packet: 267430.297521000 seconds Frame Number: 786 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc1e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x8684 (incorrect, should be 0x7cdf) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016213, Ack: 0, Len: 0 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016213 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x5a51 (incorrect, should be 0x50ac) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c1 e7 40 00 66 06 86 84 d9 de c9 52 ac 10 .0..@.f......R.. 0020 86 bf d7 9d 00 8b 00 f4 63 55 00 00 00 00 70 02 ........cU....p. 0030 20 00 5a 51 00 00 02 04 05 b4 01 01 04 02 .ZQ.......... Frame 787 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 03:25:19.823468000 Time delta from previous packet: 0.000743000 seconds Time relative to first packet: 267430.298264000 seconds Frame Number: 787 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.222.201.82 (217.222.201.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x90f9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9e72 (incorrect, should be 0x94cd) Source: 172.16.134.191 (172.16.134.191) Destination: 217.222.201.82 (217.222.201.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 55197 (55197), Seq: 1510300882, Ack: 16016214, Len: 0 Source port: netbios-ssn (139) Destination port: 55197 (55197) Sequence number: 1510300882 Acknowledgement number: 16016214 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7ef8 (incorrect, should be 0x7553) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 90 f9 40 00 7f 06 9e 72 ac 10 86 bf d9 de .0..@....r...... 0020 c9 52 00 8b d7 9d 5a 05 5c d2 00 f4 63 56 70 12 .R....Z.\...cVp. 0030 44 70 7e f8 00 00 02 04 05 b4 01 01 04 02 Dp~........... Frame 788 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.052505000 Time delta from previous packet: 0.229037000 seconds Time relative to first packet: 267430.527301000 seconds Frame Number: 788 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcae7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x7d8c (incorrect, should be 0x73e7) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016214, Ack: 1510300883, Len: 0 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016214 Acknowledgement number: 1510300883 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xcdf4 (incorrect, should be 0xc44f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ca e7 40 00 66 06 7d 8c d9 de c9 52 ac 10 .(..@.f.}....R.. 0020 86 bf d7 9d 00 8b 00 f4 63 56 5a 05 5c d3 50 10 ........cVZ.\.P. 0030 22 38 cd f4 00 00 00 00 00 00 00 00 "8.......... Frame 789 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.062618000 Time delta from previous packet: 0.010113000 seconds Time relative to first packet: 267430.537414000 seconds Frame Number: 789 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcbe7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x7c44 (incorrect, should be 0x729f) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016214, Ack: 1510300883, Len: 72 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016214 Next sequence number: 16016286 Acknowledgement number: 1510300883 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x7dd9 (incorrect, should be 0x7434) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cb e7 40 00 66 06 7c 44 d9 de c9 52 ac 10 .p..@.f.|D...R.. 0020 86 bf d7 9d 00 8b 00 f4 63 56 5a 05 5c d3 50 18 ........cVZ.\.P. 0030 22 38 7d d9 00 00 81 00 00 44 20 46 44 45 43 45 "8}......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 790 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.064897000 Time delta from previous packet: 0.002279000 seconds Time relative to first packet: 267430.539693000 seconds Frame Number: 790 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.222.201.82 (217.222.201.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x90fb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9e74 (incorrect, should be 0x94cf) Source: 172.16.134.191 (172.16.134.191) Destination: 217.222.201.82 (217.222.201.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 55197 (55197), Seq: 1510300883, Ack: 16016286, Len: 4 Source port: netbios-ssn (139) Destination port: 55197 (55197) Sequence number: 1510300883 Next sequence number: 1510300887 Acknowledgement number: 16016286 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x29b0 (incorrect, should be 0x200b) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 90 fb 40 00 7f 06 9e 74 ac 10 86 bf d9 de .,..@....t...... 0020 c9 52 00 8b d7 9d 5a 05 5c d3 00 f4 63 9e 50 18 .R....Z.\...c.P. 0030 44 28 29 b0 00 00 82 00 00 00 00 00 D()......... Frame 791 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.312869000 Time delta from previous packet: 0.247972000 seconds Time relative to first packet: 267430.787665000 seconds Frame Number: 791 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.222.201.82 (217.222.201.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd1e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 102 Protocol: TCP (0x06) Header checksum: 0x764e (incorrect, should be 0x6ca9) Source: 217.222.201.82 (217.222.201.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 55197 (55197), Dst Port: netbios-ssn (139), Seq: 16016286, Ack: 1510300887, Len: 62 Source port: 55197 (55197) Destination port: netbios-ssn (139) Sequence number: 16016286 Next sequence number: 16016348 Acknowledgement number: 1510300887 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x39e0 (incorrect, should be 0x503a) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d1 e7 40 00 66 06 76 4e d9 de c9 52 ac 10 .f..@.f.vN...R.. 0020 86 bf d7 9d 00 8b 00 f4 63 9e 5a 05 5c d7 50 18 ........c.Z.\.P. 0030 22 34 39 e0 00 00 00 00 00 3a ff 53 4d 42 75 00 "49......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 792 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 03:25:20.317827000 Time delta from previous packet: 0.004958000 seconds Time relative to first packet: 267430.792623000 seconds Frame Number: 792 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.222.201.82 (217.222.201.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x90fc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9e77 (incorrect, should be 0x94d2) Source: 172.16.134.191 (172.16.134.191) Destination: 217.222.201.82 (217.222.201.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 55197 (55197), Seq: 1510300887, Ack: 16016286, Len: 0 Source port: netbios-ssn (139) Destination port: 55197 (55197) Sequence number: 1510300887 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xefec (incorrect, should be 0xe647) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 90 fc 40 00 7f 06 9e 77 ac 10 86 bf d9 de .(..@....w...... 0020 c9 52 00 8b d7 9d 5a 05 5c d7 00 f4 63 9e 50 04 .R....Z.\...c.P. 0030 00 00 ef ec 00 00 00 00 00 00 00 00 ............ Frame 801 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.119930000 Time delta from previous packet: 0.439648000 seconds Time relative to first packet: 276943.594726000 seconds Frame Number: 801 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 168.226.98.61 (168.226.98.61), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7bdb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x60a2 (incorrect, should be 0x56fd) Source: 168.226.98.61 (168.226.98.61) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 996378668, Ack: 0, Len: 0 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 996378668 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x46c1 (incorrect, should be 0x3d1c) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 7b db 40 00 6a 06 60 a2 a8 e2 62 3d ac 10 .0{.@.j.`...b=.. 0020 86 bf 04 01 00 8b 3b 63 88 2c 00 00 00 00 70 02 ......;c.,....p. 0030 40 00 46 c1 00 00 02 04 05 ac 01 01 04 02 @.F........... Frame 802 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.125028000 Time delta from previous packet: 0.005098000 seconds Time relative to first packet: 276943.599824000 seconds Frame Number: 802 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 168.226.98.61 (168.226.98.61) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9ee1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x289c (incorrect, should be 0x1ef7) Source: 172.16.134.191 (172.16.134.191) Destination: 168.226.98.61 (168.226.98.61) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 3888767373, Ack: 996378669, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 3888767373 Acknowledgement number: 996378669 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x7940 (incorrect, should be 0x6f9b) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 9e e1 40 00 7f 06 28 9c ac 10 86 bf a8 e2 .0..@...(....... 0020 62 3d 00 8b 04 01 e7 c9 e1 8d 3b 63 88 2d 70 12 b=........;c.-p. 0030 44 10 79 40 00 00 02 04 05 b4 01 01 04 02 D.y@.......... Frame 803 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.420070000 Time delta from previous packet: 0.295042000 seconds Time relative to first packet: 276943.894866000 seconds Frame Number: 803 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 168.226.98.61 (168.226.98.61), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7be7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x609e (incorrect, should be 0x56f9) Source: 168.226.98.61 (168.226.98.61) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 996378669, Ack: 3888767374, Len: 0 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 996378669 Acknowledgement number: 3888767374 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0xa604 (incorrect, should be 0x9c5f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7b e7 40 00 6a 06 60 9e a8 e2 62 3d ac 10 .({.@.j.`...b=.. 0020 86 bf 04 01 00 8b 3b 63 88 2d e7 c9 e1 8e 50 10 ......;c.-....P. 0030 44 10 a6 04 00 00 00 00 00 00 00 00 D........... Frame 804 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.430102000 Time delta from previous packet: 0.010032000 seconds Time relative to first packet: 276943.904898000 seconds Frame Number: 804 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 168.226.98.61 (168.226.98.61), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x7be8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x6055 (incorrect, should be 0x56b0) Source: 168.226.98.61 (168.226.98.61) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 996378669, Ack: 3888767374, Len: 72 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 996378669 Next sequence number: 996378741 Acknowledgement number: 3888767374 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x73ef (incorrect, should be 0x6a4a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 7b e8 40 00 6a 06 60 55 a8 e2 62 3d ac 10 .p{.@.j.`U..b=.. 0020 86 bf 04 01 00 8b 3b 63 88 2d e7 c9 e1 8e 50 18 ......;c.-....P. 0030 44 10 73 ef 00 00 81 00 00 44 20 46 44 45 43 45 D.s......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 805 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.431966000 Time delta from previous packet: 0.001864000 seconds Time relative to first packet: 276943.906762000 seconds Frame Number: 805 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 168.226.98.61 (168.226.98.61) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x9ee2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x289f (incorrect, should be 0x1efa) Source: 172.16.134.191 (172.16.134.191) Destination: 168.226.98.61 (168.226.98.61) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 3888767374, Ack: 996378741, Len: 4 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 3888767374 Next sequence number: 3888767378 Acknowledgement number: 996378741 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0x23f8 (incorrect, should be 0x1a53) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 9e e2 40 00 7f 06 28 9f ac 10 86 bf a8 e2 .,..@...(....... 0020 62 3d 00 8b 04 01 e7 c9 e1 8e 3b 63 88 75 50 18 b=........;c.uP. 0030 43 c8 23 f8 00 00 82 00 00 00 00 00 C.#......... Frame 806 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.760433000 Time delta from previous packet: 0.328467000 seconds Time relative to first packet: 276944.235229000 seconds Frame Number: 806 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 168.226.98.61 (168.226.98.61), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7bf9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x604e (incorrect, should be 0x56a9) Source: 168.226.98.61 (168.226.98.61) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 996378741, Ack: 3888767378, Len: 62 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 996378741 Next sequence number: 996378803 Acknowledgement number: 3888767378 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17420 Checksum: 0x11f0 (incorrect, should be 0x284a) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 7b f9 40 00 6a 06 60 4e a8 e2 62 3d ac 10 .f{.@.j.`N..b=.. 0020 86 bf 04 01 00 8b 3b 63 88 75 e7 c9 e1 92 50 18 ......;c.u....P. 0030 44 0c 11 f0 00 00 00 00 00 3a ff 53 4d 42 75 00 D........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 807 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:03:53.763367000 Time delta from previous packet: 0.002934000 seconds Time relative to first packet: 276944.238163000 seconds Frame Number: 807 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 168.226.98.61 (168.226.98.61) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9ee3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x28a2 (incorrect, should be 0x1efd) Source: 172.16.134.191 (172.16.134.191) Destination: 168.226.98.61 (168.226.98.61) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 3888767378, Ack: 996378741, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 3888767378 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xe9d4 (incorrect, should be 0xe02f) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 9e e3 40 00 7f 06 28 a2 ac 10 86 bf a8 e2 .(..@...(....... 0020 62 3d 00 8b 04 01 e7 c9 e1 92 3b 63 88 75 50 04 b=........;c.uP. 0030 00 00 e9 d4 00 00 00 00 00 00 00 00 ............ Frame 810 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.338869000 Time delta from previous packet: 0.250521000 seconds Time relative to first packet: 277443.813665000 seconds Frame Number: 810 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.98.82 (217.227.98.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe289 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xc0dd (incorrect, should be 0xb738) Source: 217.227.98.82 (217.227.98.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1215 (1215), Dst Port: netbios-ssn (139), Seq: 16800347, Ack: 0, Len: 0 Source port: 1215 (1215) Destination port: netbios-ssn (139) Sequence number: 16800347 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 32767 Checksum: 0x3d72 (incorrect, should be 0x33cd) Options: (8 bytes) Maximum segment size: 1372 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e2 89 40 00 72 06 c0 dd d9 e3 62 52 ac 10 .0..@.r.....bR.. 0020 86 bf 04 bf 00 8b 01 00 5a 5b 00 00 00 00 70 02 ........Z[....p. 0030 7f ff 3d 72 00 00 02 04 05 5c 01 01 04 02 ..=r.....\.... Frame 811 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.343939000 Time delta from previous packet: 0.005070000 seconds Time relative to first packet: 277443.818735000 seconds Frame Number: 811 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.98.82 (217.227.98.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9f9f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf6c7 (incorrect, should be 0xed22) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.98.82 (217.227.98.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1215 (1215), Seq: 4013870725, Ack: 16800348, Len: 0 Source port: netbios-ssn (139) Destination port: 1215 (1215) Sequence number: 4013870725 Acknowledgement number: 16800348 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16464 Checksum: 0xbef3 (incorrect, should be 0xb54e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 9f 9f 40 00 7f 06 f6 c7 ac 10 86 bf d9 e3 .0..@........... 0020 62 52 00 8b 04 bf ef 3e ce 85 01 00 5a 5c 70 12 bR.....>....Z\p. 0030 40 50 be f3 00 00 02 04 05 b4 01 01 04 02 @P............ Frame 812 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.578719000 Time delta from previous packet: 0.234780000 seconds Time relative to first packet: 277444.053515000 seconds Frame Number: 812 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 217.227.98.82 (217.227.98.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe689 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xbce5 (incorrect, should be 0xb340) Source: 217.227.98.82 (217.227.98.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1215 (1215), Dst Port: netbios-ssn (139), Seq: 16800348, Ack: 4013870726, Len: 0 Source port: 1215 (1215) Destination port: netbios-ssn (139) Sequence number: 16800348 Acknowledgement number: 4013870726 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 32767 Checksum: 0xac08 (incorrect, should be 0xa263) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 e6 89 40 00 72 06 bc e5 d9 e3 62 52 ac 10 .(..@.r.....bR.. 0020 86 bf 04 bf 00 8b 01 00 5a 5c ef 3e ce 86 50 10 ........Z\.>..P. 0030 7f ff ac 08 00 00 00 00 00 00 00 00 ............ Frame 813 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.588775000 Time delta from previous packet: 0.010056000 seconds Time relative to first packet: 277444.063571000 seconds Frame Number: 813 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.98.82 (217.227.98.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xe789 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xbb9d (incorrect, should be 0xb1f8) Source: 217.227.98.82 (217.227.98.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1215 (1215), Dst Port: netbios-ssn (139), Seq: 16800348, Ack: 4013870726, Len: 72 Source port: 1215 (1215) Destination port: netbios-ssn (139) Sequence number: 16800348 Next sequence number: 16800420 Acknowledgement number: 4013870726 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 32767 Checksum: 0x78ed (incorrect, should be 0x6f48) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 e7 89 40 00 72 06 bb 9d d9 e3 62 52 ac 10 .p..@.r.....bR.. 0020 86 bf 04 bf 00 8b 01 00 5a 5c ef 3e ce 86 50 18 ........Z\.>..P. 0030 7f ff 78 ed 00 00 81 00 00 44 20 46 44 45 43 45 ..x......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 814 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.591101000 Time delta from previous packet: 0.002326000 seconds Time relative to first packet: 277444.065897000 seconds Frame Number: 814 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.98.82 (217.227.98.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x9fa0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf6ca (incorrect, should be 0xed25) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.98.82 (217.227.98.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1215 (1215), Seq: 4013870726, Ack: 16800420, Len: 4 Source port: netbios-ssn (139) Destination port: 1215 (1215) Sequence number: 4013870726 Next sequence number: 4013870730 Acknowledgement number: 16800420 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16392 Checksum: 0x69ab (incorrect, should be 0x6006) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 9f a0 40 00 7f 06 f6 ca ac 10 86 bf d9 e3 .,..@........... 0020 62 52 00 8b 04 bf ef 3e ce 86 01 00 5a a4 50 18 bR.....>....Z.P. 0030 40 08 69 ab 00 00 82 00 00 00 00 00 @.i......... Frame 815 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.828888000 Time delta from previous packet: 0.237787000 seconds Time relative to first packet: 277444.303684000 seconds Frame Number: 815 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.98.82 (217.227.98.82), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xeb89 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb7a7 (incorrect, should be 0xae02) Source: 217.227.98.82 (217.227.98.82) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1215 (1215), Dst Port: netbios-ssn (139), Seq: 16800420, Ack: 4013870730, Len: 62 Source port: 1215 (1215) Destination port: netbios-ssn (139) Sequence number: 16800420 Next sequence number: 16800482 Acknowledgement number: 4013870730 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 32763 Checksum: 0x17f4 (incorrect, should be 0x2e4e) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 eb 89 40 00 72 06 b7 a7 d9 e3 62 52 ac 10 .f..@.r.....bR.. 0020 86 bf 04 bf 00 8b 01 00 5a a4 ef 3e ce 8a 50 18 ........Z..>..P. 0030 7f fb 17 f4 00 00 00 00 00 3a ff 53 4d 42 75 00 .........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 816 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:12:13.833796000 Time delta from previous packet: 0.004908000 seconds Time relative to first packet: 277444.308592000 seconds Frame Number: 816 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.98.82 (217.227.98.82) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9fa1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf6cd (incorrect, should be 0xed28) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.98.82 (217.227.98.82) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1215 (1215), Seq: 4013870730, Ack: 16800420, Len: 0 Source port: netbios-ssn (139) Destination port: 1215 (1215) Sequence number: 4013870730 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x2bc8 (incorrect, should be 0x2223) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 9f a1 40 00 7f 06 f6 cd ac 10 86 bf d9 e3 .(..@........... 0020 62 52 00 8b 04 bf ef 3e ce 8a 01 00 5a a4 50 04 bR.....>....Z.P. 0030 00 00 2b c8 00 00 00 00 00 00 00 00 ..+......... Frame 819 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.420895000 Time delta from previous packet: 0.326269000 seconds Time relative to first packet: 277895.895691000 seconds Frame Number: 819 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.201.96.159 (62.201.96.159), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc32e Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0xbf06 (incorrect, should be 0xb561) Source: 62.201.96.159 (62.201.96.159) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 62958 (62958), Dst Port: netbios-ssn (139), Seq: 511181, Ack: 0, Len: 0 Source port: 62958 (62958) Destination port: netbios-ssn (139) Sequence number: 511181 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xf76d (incorrect, should be 0xedc8) Options: (8 bytes) Maximum segment size: 1412 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 c3 2e 00 00 70 06 bf 06 3e c9 60 9f ac 10 .0....p...>.`... 0020 86 bf f5 ee 00 8b 00 07 cc cd 00 00 00 00 70 02 ..............p. 0030 ff ff f7 6d 00 00 02 04 05 84 01 01 04 02 ...m.......... Frame 820 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.425969000 Time delta from previous packet: 0.005074000 seconds Time relative to first packet: 277895.900765000 seconds Frame Number: 820 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.201.96.159 (62.201.96.159) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa04b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x92e9 (incorrect, should be 0x8944) Source: 172.16.134.191 (172.16.134.191) Destination: 62.201.96.159 (62.201.96.159) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 62958 (62958), Seq: 4126809724, Ack: 511182, Len: 0 Source port: netbios-ssn (139) Destination port: 62958 (62958) Sequence number: 4126809724 Acknowledgement number: 511182 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16944 Checksum: 0xa085 (incorrect, should be 0x96e0) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 a0 4b 40 00 7f 06 92 e9 ac 10 86 bf 3e c9 .0.K@.........>. 0020 60 9f 00 8b f5 ee f5 fa 1e 7c 00 07 cc ce 70 12 `........|....p. 0030 42 30 a0 85 00 00 02 04 05 b4 01 01 04 02 B0............ Frame 821 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.650917000 Time delta from previous packet: 0.224948000 seconds Time relative to first packet: 277896.125713000 seconds Frame Number: 821 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 62.201.96.159 (62.201.96.159), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcc2e Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0xb60e (incorrect, should be 0xac69) Source: 62.201.96.159 (62.201.96.159) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 62958 (62958), Dst Port: netbios-ssn (139), Seq: 511182, Ack: 4126809725, Len: 0 Source port: 62958 (62958) Destination port: netbios-ssn (139) Sequence number: 511182 Acknowledgement number: 4126809725 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x0f7a (incorrect, should be 0x05d5) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cc 2e 00 00 70 06 b6 0e 3e c9 60 9f ac 10 .(....p...>.`... 0020 86 bf f5 ee 00 8b 00 07 cc ce f5 fa 1e 7d 50 10 .............}P. 0030 ff ff 0f 7a 00 00 00 00 00 00 00 00 ...z........ Frame 822 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.690961000 Time delta from previous packet: 0.040044000 seconds Time relative to first packet: 277896.165757000 seconds Frame Number: 822 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.201.96.159 (62.201.96.159), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcd2e Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0xb4c6 (incorrect, should be 0xab21) Source: 62.201.96.159 (62.201.96.159) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 62958 (62958), Dst Port: netbios-ssn (139), Seq: 511182, Ack: 4126809725, Len: 72 Source port: 62958 (62958) Destination port: netbios-ssn (139) Sequence number: 511182 Next sequence number: 511254 Acknowledgement number: 4126809725 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xdc5e (incorrect, should be 0xd2b9) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cd 2e 00 00 70 06 b4 c6 3e c9 60 9f ac 10 .p....p...>.`... 0020 86 bf f5 ee 00 8b 00 07 cc ce f5 fa 1e 7d 50 18 .............}P. 0030 ff ff dc 5e 00 00 81 00 00 44 20 46 44 45 43 45 ...^.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 823 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.693414000 Time delta from previous packet: 0.002453000 seconds Time relative to first packet: 277896.168210000 seconds Frame Number: 823 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.201.96.159 (62.201.96.159) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xa04d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x92eb (incorrect, should be 0x8946) Source: 172.16.134.191 (172.16.134.191) Destination: 62.201.96.159 (62.201.96.159) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 62958 (62958), Seq: 4126809725, Ack: 511254, Len: 4 Source port: netbios-ssn (139) Destination port: 62958 (62958) Sequence number: 4126809725 Next sequence number: 4126809729 Acknowledgement number: 511254 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16872 Checksum: 0x4b3d (incorrect, should be 0x4198) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c a0 4d 40 00 7f 06 92 eb ac 10 86 bf 3e c9 .,.M@.........>. 0020 60 9f 00 8b f5 ee f5 fa 1e 7d 00 07 cd 16 50 18 `........}....P. 0030 41 e8 4b 3d 00 00 82 00 00 00 00 00 A.K=........ Frame 824 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.921097000 Time delta from previous packet: 0.227683000 seconds Time relative to first packet: 277896.395893000 seconds Frame Number: 824 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.201.96.159 (62.201.96.159), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd82e Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0xa9d0 (incorrect, should be 0xa02b) Source: 62.201.96.159 (62.201.96.159) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 62958 (62958), Dst Port: netbios-ssn (139), Seq: 511254, Ack: 4126809729, Len: 62 Source port: 62958 (62958) Destination port: netbios-ssn (139) Sequence number: 511254 Next sequence number: 511316 Acknowledgement number: 4126809729 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x7b65 (incorrect, should be 0x91bf) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d8 2e 00 00 70 06 a9 d0 3e c9 60 9f ac 10 .f....p...>.`... 0020 86 bf f5 ee 00 8b 00 07 cd 16 f5 fa 1e 81 50 18 ..............P. 0030 ff fb 7b 65 00 00 00 00 00 3a ff 53 4d 42 75 00 ..{e.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 825 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 06:19:45.922739000 Time delta from previous packet: 0.001642000 seconds Time relative to first packet: 277896.397535000 seconds Frame Number: 825 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.201.96.159 (62.201.96.159) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa04e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x92ee (incorrect, should be 0x8949) Source: 172.16.134.191 (172.16.134.191) Destination: 62.201.96.159 (62.201.96.159) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 62958 (62958), Seq: 4126809729, Ack: 511254, Len: 0 Source port: netbios-ssn (139) Destination port: 62958 (62958) Sequence number: 4126809729 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0f3a (incorrect, should be 0x0595) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 a0 4e 40 00 7f 06 92 ee ac 10 86 bf 3e c9 .(.N@.........>. 0020 60 9f 00 8b f5 ee f5 fa 1e 81 00 07 cd 16 50 04 `.............P. 0030 00 00 0f 3a 00 00 00 00 00 00 00 00 ...:........ Frame 829 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 09:18:34.918409000 Time delta from previous packet: 1.629489000 seconds Time relative to first packet: 288625.393205000 seconds Frame Number: 829 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.203.189.77 (210.203.189.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4e1e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0xfd65 (incorrect, should be 0xf3c0) Source: 210.203.189.77 (210.203.189.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2166 (2166), Dst Port: netbios-ssn (139), Seq: 15091704, Ack: 0, Len: 0 Source port: 2166 (2166) Destination port: netbios-ssn (139) Sequence number: 15091704 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x57fc (incorrect, should be 0x4e57) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4e 1e 40 00 76 06 fd 65 d2 cb bd 4d ac 10 .0N.@.v..e...M.. 0020 86 bf 08 76 00 8b 00 e6 47 f8 00 00 00 00 70 02 ...v....G.....p. 0030 20 00 57 fc 00 00 02 04 05 b4 01 01 04 02 .W........... Frame 830 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 09:18:34.923601000 Time delta from previous packet: 0.005192000 seconds Time relative to first packet: 288625.398397000 seconds Frame Number: 830 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.203.189.77 (210.203.189.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xafea Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9299 (incorrect, should be 0x88f4) Source: 172.16.134.191 (172.16.134.191) Destination: 210.203.189.77 (210.203.189.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2166 (2166), Seq: 2514408668, Ack: 15091705, Len: 0 Source port: netbios-ssn (139) Destination port: 2166 (2166) Sequence number: 2514408668 Acknowledgement number: 15091705 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xc8bf (incorrect, should be 0xbf1a) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 af ea 40 00 7f 06 92 99 ac 10 86 bf d2 cb .0..@........... 0020 bd 4d 00 8b 08 76 95 de d4 dc 00 e6 47 f9 70 12 .M...v......G.p. 0030 44 70 c8 bf 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 831 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 09:18:35.418425000 Time delta from previous packet: 0.494824000 seconds Time relative to first packet: 288625.893221000 seconds Frame Number: 831 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.203.189.77 (210.203.189.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5b1e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0xf06d (incorrect, should be 0xe6c8) Source: 210.203.189.77 (210.203.189.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2166 (2166), Dst Port: netbios-ssn (139), Seq: 15091705, Ack: 2514408669, Len: 0 Source port: 2166 (2166) Destination port: netbios-ssn (139) Sequence number: 15091705 Acknowledgement number: 2514408669 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x17bc (incorrect, should be 0x0e17) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 5b 1e 40 00 76 06 f0 6d d2 cb bd 4d ac 10 .([.@.v..m...M.. 0020 86 bf 08 76 00 8b 00 e6 47 f9 95 de d4 dd 50 10 ...v....G.....P. 0030 22 38 17 bc 00 00 00 00 00 00 00 00 "8.......... Frame 832 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 09:18:35.429601000 Time delta from previous packet: 0.011176000 seconds Time relative to first packet: 288625.904397000 seconds Frame Number: 832 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.203.189.77 (210.203.189.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x5c1e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0xef25 (incorrect, should be 0xe580) Source: 210.203.189.77 (210.203.189.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2166 (2166), Dst Port: netbios-ssn (139), Seq: 15091705, Ack: 2514408669, Len: 72 Source port: 2166 (2166) Destination port: netbios-ssn (139) Sequence number: 15091705 Next sequence number: 15091777 Acknowledgement number: 2514408669 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xc7a0 (incorrect, should be 0xbdfb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5c 1e 40 00 76 06 ef 25 d2 cb bd 4d ac 10 .p\.@.v..%...M.. 0020 86 bf 08 76 00 8b 00 e6 47 f9 95 de d4 dd 50 18 ...v....G.....P. 0030 22 38 c7 a0 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 833 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 09:18:35.431962000 Time delta from previous packet: 0.002361000 seconds Time relative to first packet: 288625.906758000 seconds Frame Number: 833 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.203.189.77 (210.203.189.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xafeb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x929c (incorrect, should be 0x88f7) Source: 172.16.134.191 (172.16.134.191) Destination: 210.203.189.77 (210.203.189.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2166 (2166), Seq: 2514408669, Ack: 15091777, Len: 4 Source port: netbios-ssn (139) Destination port: 2166 (2166) Sequence number: 2514408669 Next sequence number: 2514408673 Acknowledgement number: 15091777 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x7377 (incorrect, should be 0x69d2) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c af eb 40 00 7f 06 92 9c ac 10 86 bf d2 cb .,..@........... 0020 bd 4d 00 8b 08 76 95 de d4 dd 00 e6 48 41 50 18 .M...v......HAP. 0030 44 28 73 77 00 00 82 00 00 00 00 00 D(sw........ Frame 834 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 09:18:36.039678000 Time delta from previous packet: 0.607716000 seconds Time relative to first packet: 288626.514474000 seconds Frame Number: 834 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.203.189.77 (210.203.189.77), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x711e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0xda2f (incorrect, should be 0xd08a) Source: 210.203.189.77 (210.203.189.77) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2166 (2166), Dst Port: netbios-ssn (139), Seq: 15091777, Ack: 2514408673, Len: 62 Source port: 2166 (2166) Destination port: netbios-ssn (139) Sequence number: 15091777 Next sequence number: 15091839 Acknowledgement number: 2514408673 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x83a7 (incorrect, should be 0x9a01) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 71 1e 40 00 76 06 da 2f d2 cb bd 4d ac 10 .fq.@.v../...M.. 0020 86 bf 08 76 00 8b 00 e6 48 41 95 de d4 e1 50 18 ...v....HA....P. 0030 22 34 83 a7 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 835 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 09:18:36.042472000 Time delta from previous packet: 0.002794000 seconds Time relative to first packet: 288626.517268000 seconds Frame Number: 835 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.203.189.77 (210.203.189.77) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xafed Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x929e (incorrect, should be 0x88f9) Source: 172.16.134.191 (172.16.134.191) Destination: 210.203.189.77 (210.203.189.77) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2166 (2166), Seq: 2514408673, Ack: 15091777, Len: 0 Source port: netbios-ssn (139) Destination port: 2166 (2166) Sequence number: 2514408673 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x39b4 (incorrect, should be 0x300f) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 af ed 40 00 7f 06 92 9e ac 10 86 bf d2 cb .(..@........... 0020 bd 4d 00 8b 08 76 95 de d4 e1 00 e6 48 41 50 04 .M...v......HAP. 0030 00 00 39 b4 00 00 00 00 00 00 00 00 ..9......... Frame 841 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.113967000 Time delta from previous packet: 0.292683000 seconds Time relative to first packet: 296093.588763000 seconds Frame Number: 841 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.116.166.126 (213.116.166.126), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x03eb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x67bf (incorrect, should be 0x5e1a) Source: 213.116.166.126 (213.116.166.126) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 16504155, Ack: 0, Len: 0 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 16504155 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xe31e (incorrect, should be 0xd979) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 03 eb 40 00 6a 06 67 bf d5 74 a6 7e ac 10 .0..@.j.g..t.~.. 0020 86 bf 04 01 00 8b 00 fb d5 5b 00 00 00 00 70 02 .........[....p. 0030 20 00 e3 1e 00 00 02 04 05 b4 01 01 04 02 ............. Frame 842 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.114746000 Time delta from previous packet: 0.000779000 seconds Time relative to first packet: 296093.589542000 seconds Frame Number: 842 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.116.166.126 (213.116.166.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xbad0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9bd9 (incorrect, should be 0x9234) Source: 172.16.134.191 (172.16.134.191) Destination: 213.116.166.126 (213.116.166.126) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 86469907, Ack: 16504156, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 86469907 Acknowledgement number: 16504156 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x4c63 (incorrect, should be 0x42be) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 ba d0 40 00 7f 06 9b d9 ac 10 86 bf d5 74 .0..@..........t 0020 a6 7e 00 8b 04 01 05 27 6d 13 00 fb d5 5c 70 12 .~.....'m....\p. 0030 44 70 4c 63 00 00 02 04 05 b4 01 01 04 02 DpLc.......... Frame 843 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.323803000 Time delta from previous packet: 0.209057000 seconds Time relative to first packet: 296093.798599000 seconds Frame Number: 843 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.116.166.126 (213.116.166.126), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x07eb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x63c7 (incorrect, should be 0x5a22) Source: 213.116.166.126 (213.116.166.126) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 16504156, Ack: 86469908, Len: 0 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 16504156 Acknowledgement number: 86469908 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x9b5f (incorrect, should be 0x91ba) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 07 eb 40 00 6a 06 63 c7 d5 74 a6 7e ac 10 .(..@.j.c..t.~.. 0020 86 bf 04 01 00 8b 00 fb d5 5c 05 27 6d 14 50 10 .........\.'m.P. 0030 22 38 9b 5f 00 00 00 00 00 00 00 00 "8._........ Frame 844 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.343674000 Time delta from previous packet: 0.019871000 seconds Time relative to first packet: 296093.818470000 seconds Frame Number: 844 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.116.166.126 (213.116.166.126), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x08eb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x627f (incorrect, should be 0x58da) Source: 213.116.166.126 (213.116.166.126) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 16504156, Ack: 86469908, Len: 72 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 16504156 Next sequence number: 16504228 Acknowledgement number: 86469908 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x4b44 (incorrect, should be 0x419f) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 08 eb 40 00 6a 06 62 7f d5 74 a6 7e ac 10 .p..@.j.b..t.~.. 0020 86 bf 04 01 00 8b 00 fb d5 5c 05 27 6d 14 50 18 .........\.'m.P. 0030 22 38 4b 44 00 00 81 00 00 44 20 46 44 45 43 45 "8KD.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 845 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.345990000 Time delta from previous packet: 0.002316000 seconds Time relative to first packet: 296093.820786000 seconds Frame Number: 845 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.116.166.126 (213.116.166.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xbad1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9bdc (incorrect, should be 0x9237) Source: 172.16.134.191 (172.16.134.191) Destination: 213.116.166.126 (213.116.166.126) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 86469908, Ack: 16504228, Len: 4 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 86469908 Next sequence number: 86469912 Acknowledgement number: 16504228 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xf71a (incorrect, should be 0xed75) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c ba d1 40 00 7f 06 9b dc ac 10 86 bf d5 74 .,..@..........t 0020 a6 7e 00 8b 04 01 05 27 6d 14 00 fb d5 a4 50 18 .~.....'m.....P. 0030 44 28 f7 1a 00 00 82 00 00 00 00 00 D(.......... Frame 846 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.562397000 Time delta from previous packet: 0.216407000 seconds Time relative to first packet: 296094.037193000 seconds Frame Number: 846 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.116.166.126 (213.116.166.126), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0ceb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x5e89 (incorrect, should be 0x54e4) Source: 213.116.166.126 (213.116.166.126) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1025 (1025), Dst Port: netbios-ssn (139), Seq: 16504228, Ack: 86469912, Len: 62 Source port: 1025 (1025) Destination port: netbios-ssn (139) Sequence number: 16504228 Next sequence number: 16504290 Acknowledgement number: 86469912 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x074b (incorrect, should be 0x1da5) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 0c eb 40 00 6a 06 5e 89 d5 74 a6 7e ac 10 .f..@.j.^..t.~.. 0020 86 bf 04 01 00 8b 00 fb d5 a4 05 27 6d 18 50 18 ...........'m.P. 0030 22 34 07 4b 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.K.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 847 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 11:23:03.567417000 Time delta from previous packet: 0.005020000 seconds Time relative to first packet: 296094.042213000 seconds Frame Number: 847 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.116.166.126 (213.116.166.126) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xbad2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9bdf (incorrect, should be 0x923a) Source: 172.16.134.191 (172.16.134.191) Destination: 213.116.166.126 (213.116.166.126) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1025 (1025), Seq: 86469912, Ack: 16504228, Len: 0 Source port: netbios-ssn (139) Destination port: 1025 (1025) Sequence number: 86469912 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xbd57 (incorrect, should be 0xb3b2) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 ba d2 40 00 7f 06 9b df ac 10 86 bf d5 74 .(..@..........t 0020 a6 7e 00 8b 04 01 05 27 6d 18 00 fb d5 a4 50 04 .~.....'m.....P. 0030 00 00 bd 57 00 00 00 00 00 00 00 00 ...W........ Frame 851 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:16:12.439854000 Time delta from previous packet: 0.327981000 seconds Time relative to first packet: 302882.914650000 seconds Frame Number: 851 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.7.60.57 (213.7.60.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x931d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x413f (incorrect, should be 0x379a) Source: 213.7.60.57 (213.7.60.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4451 (4451), Dst Port: netbios-ssn (139), Seq: 1019754, Ack: 0, Len: 0 Source port: 4451 (4451) Destination port: netbios-ssn (139) Sequence number: 1019754 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 2144 Checksum: 0xa288 (incorrect, should be 0x98e3) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 93 1d 40 00 6c 06 41 3f d5 07 3c 39 ac 10 .0..@.l.A?..<9.. 0020 86 bf 11 63 00 8b 00 0f 8f 6a 00 00 00 00 70 02 ...c.....j....p. 0030 08 60 a2 88 00 00 02 04 02 18 01 01 04 02 .`............ Frame 852 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:16:12.447981000 Time delta from previous packet: 0.008127000 seconds Time relative to first packet: 302882.922777000 seconds Frame Number: 852 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.7.60.57 (213.7.60.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc4bd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfc9e (incorrect, should be 0xf2f9) Source: 172.16.134.191 (172.16.134.191) Destination: 213.7.60.57 (213.7.60.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4451 (4451), Seq: 1784005899, Ack: 1019755, Len: 0 Source port: netbios-ssn (139) Destination port: 4451 (4451) Sequence number: 1784005899 Acknowledgement number: 1019755 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x36f2 (incorrect, should be 0x2d4d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 c4 bd 40 00 7f 06 fc 9e ac 10 86 bf d5 07 .0..@........... 0020 3c 39 00 8b 11 63 6a 55 c5 0b 00 0f 8f 6b 70 12 <9...cjU.....kp. 0030 40 e8 36 f2 00 00 02 04 05 b4 01 01 04 02 @.6........... Frame 853 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:16:12.747990000 Time delta from previous packet: 0.300009000 seconds Time relative to first packet: 302883.222786000 seconds Frame Number: 853 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.7.60.57 (213.7.60.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9a1d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x3a47 (incorrect, should be 0x30a2) Source: 213.7.60.57 (213.7.60.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4451 (4451), Dst Port: netbios-ssn (139), Seq: 1019755, Ack: 1784005900, Len: 0 Source port: 4451 (4451) Destination port: netbios-ssn (139) Sequence number: 1019755 Acknowledgement number: 1784005900 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 2144 Checksum: 0x9c3e (incorrect, should be 0x9299) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9a 1d 40 00 6c 06 3a 47 d5 07 3c 39 ac 10 .(..@.l.:G..<9.. 0020 86 bf 11 63 00 8b 00 0f 8f 6b 6a 55 c5 0c 50 10 ...c.....kjU..P. 0030 08 60 9c 3e 00 00 00 00 00 00 00 00 .`.>........ Frame 854 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 13:16:12.758170000 Time delta from previous packet: 0.010180000 seconds Time relative to first packet: 302883.232966000 seconds Frame Number: 854 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.7.60.57 (213.7.60.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9b1d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x38ff (incorrect, should be 0x2f5a) Source: 213.7.60.57 (213.7.60.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4451 (4451), Dst Port: netbios-ssn (139), Seq: 1019755, Ack: 1784005900, Len: 72 Source port: 4451 (4451) Destination port: netbios-ssn (139) Sequence number: 1019755 Next sequence number: 1019827 Acknowledgement number: 1784005900 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 2144 Checksum: 0x6923 (incorrect, should be 0x5f7e) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 9b 1d 40 00 6c 06 38 ff d5 07 3c 39 ac 10 .p..@.l.8...<9.. 0020 86 bf 11 63 00 8b 00 0f 8f 6b 6a 55 c5 0c 50 18 ...c.....kjU..P. 0030 08 60 69 23 00 00 81 00 00 44 20 46 44 45 43 45 .`i#.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 855 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:16:12.760576000 Time delta from previous packet: 0.002406000 seconds Time relative to first packet: 302883.235372000 seconds Frame Number: 855 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.7.60.57 (213.7.60.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xc4be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfca1 (incorrect, should be 0xf2fc) Source: 172.16.134.191 (172.16.134.191) Destination: 213.7.60.57 (213.7.60.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4451 (4451), Seq: 1784005900, Ack: 1019827, Len: 4 Source port: netbios-ssn (139) Destination port: 4451 (4451) Sequence number: 1784005900 Next sequence number: 1784005904 Acknowledgement number: 1019827 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xe1a9 (incorrect, should be 0xd804) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c c4 be 40 00 7f 06 fc a1 ac 10 86 bf d5 07 .,..@........... 0020 3c 39 00 8b 11 63 6a 55 c5 0c 00 0f 8f b3 50 18 <9...cjU......P. 0030 40 a0 e1 a9 00 00 82 00 00 00 00 00 @........... Frame 856 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 13:16:13.068246000 Time delta from previous packet: 0.307670000 seconds Time relative to first packet: 302883.543042000 seconds Frame Number: 856 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.7.60.57 (213.7.60.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xa31d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0x3109 (incorrect, should be 0x2764) Source: 213.7.60.57 (213.7.60.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4451 (4451), Dst Port: netbios-ssn (139), Seq: 1019827, Ack: 1784005904, Len: 62 Source port: 4451 (4451) Destination port: netbios-ssn (139) Sequence number: 1019827 Next sequence number: 1019889 Acknowledgement number: 1784005904 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 2140 Checksum: 0x082a (incorrect, should be 0x1e84) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 a3 1d 40 00 6c 06 31 09 d5 07 3c 39 ac 10 .f..@.l.1...<9.. 0020 86 bf 11 63 00 8b 00 0f 8f b3 6a 55 c5 10 50 18 ...c......jU..P. 0030 08 5c 08 2a 00 00 00 00 00 3a ff 53 4d 42 75 00 .\.*.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 857 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:16:13.074336000 Time delta from previous packet: 0.006090000 seconds Time relative to first packet: 302883.549132000 seconds Frame Number: 857 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.7.60.57 (213.7.60.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc4bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xfca4 (incorrect, should be 0xf2ff) Source: 172.16.134.191 (172.16.134.191) Destination: 213.7.60.57 (213.7.60.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4451 (4451), Seq: 1784005904, Ack: 1019827, Len: 0 Source port: netbios-ssn (139) Destination port: 4451 (4451) Sequence number: 1784005904 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa45e (incorrect, should be 0x9ab9) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 c4 bf 40 00 7f 06 fc a4 ac 10 86 bf d5 07 .(..@........... 0020 3c 39 00 8b 11 63 6a 55 c5 10 00 0f 8f b3 50 04 <9...cjU......P. 0030 00 00 a4 5e 00 00 00 00 00 00 00 00 ...^........ Frame 860 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:19:04.773413000 Time delta from previous packet: 1.069446000 seconds Time relative to first packet: 303055.248209000 seconds Frame Number: 860 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.254.203.68 (64.254.203.68), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6bb4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x69a6 (incorrect, should be 0x6001) Source: 64.254.203.68 (64.254.203.68) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4692 (4692), Dst Port: netbios-ssn (139), Seq: 90046313, Ack: 0, Len: 0 Source port: 4692 (4692) Destination port: netbios-ssn (139) Sequence number: 90046313 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x19a8 (incorrect, should be 0x1003) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 6b b4 40 00 70 06 69 a6 40 fe cb 44 ac 10 .0k.@.p.i.@..D.. 0020 86 bf 12 54 00 8b 05 5d ff 69 00 00 00 00 70 02 ...T...].i....p. 0030 20 00 19 a8 00 00 02 04 02 18 01 01 04 02 ............. Frame 861 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:19:04.779552000 Time delta from previous packet: 0.006139000 seconds Time relative to first packet: 303055.254348000 seconds Frame Number: 861 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.254.203.68 (64.254.203.68) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc500 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x015a (incorrect, should be 0xf7b4) Source: 172.16.134.191 (172.16.134.191) Destination: 64.254.203.68 (64.254.203.68) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4692 (4692), Seq: 1826922712, Ack: 90046314, Len: 0 Source port: netbios-ssn (139) Destination port: 4692 (4692) Sequence number: 1826922712 Acknowledgement number: 90046314 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xe755 (incorrect, should be 0xddb0) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 c5 00 40 00 7f 06 01 5a ac 10 86 bf 40 fe .0..@....Z....@. 0020 cb 44 00 8b 12 54 6c e4 a0 d8 05 5d ff 6a 70 12 .D...Tl....].jp. 0030 40 e8 e7 55 00 00 02 04 05 b4 01 01 04 02 @..U.......... Frame 862 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:19:05.840251000 Time delta from previous packet: 1.060699000 seconds Time relative to first packet: 303056.315047000 seconds Frame Number: 862 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 64.254.203.68 (64.254.203.68), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9ab4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x3aae (incorrect, should be 0x3109) Source: 64.254.203.68 (64.254.203.68) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4692 (4692), Dst Port: netbios-ssn (139), Seq: 90046314, Ack: 1826922713, Len: 0 Source port: 4692 (4692) Destination port: netbios-ssn (139) Sequence number: 90046314 Acknowledgement number: 1826922713 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x3382 (incorrect, should be 0x29dd) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9a b4 40 00 70 06 3a ae 40 fe cb 44 ac 10 .(..@.p.:.@..D.. 0020 86 bf 12 54 00 8b 05 5d ff 6a 6c e4 a0 d9 50 10 ...T...].jl...P. 0030 21 80 33 82 00 00 00 00 00 00 00 00 !.3......... Frame 863 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 13:19:05.859626000 Time delta from previous packet: 0.019375000 seconds Time relative to first packet: 303056.334422000 seconds Frame Number: 863 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.254.203.68 (64.254.203.68), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9bb4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x3966 (incorrect, should be 0x2fc1) Source: 64.254.203.68 (64.254.203.68) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4692 (4692), Dst Port: netbios-ssn (139), Seq: 90046314, Ack: 1826922713, Len: 72 Source port: 4692 (4692) Destination port: netbios-ssn (139) Sequence number: 90046314 Next sequence number: 90046386 Acknowledgement number: 1826922713 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x086d (incorrect, should be 0xfec7) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 9b b4 40 00 70 06 39 66 40 fe cb 44 ac 10 .p..@.p.9f@..D.. 0020 86 bf 12 54 00 8b 05 5d ff 6a 6c e4 a0 d9 50 18 ...T...].jl...P. 0030 21 80 08 6d 00 00 81 00 00 44 20 46 44 45 43 45 !..m.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 864 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:19:05.862046000 Time delta from previous packet: 0.002420000 seconds Time relative to first packet: 303056.336842000 seconds Frame Number: 864 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.254.203.68 (64.254.203.68) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xc501 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x015d (incorrect, should be 0xf7b7) Source: 172.16.134.191 (172.16.134.191) Destination: 64.254.203.68 (64.254.203.68) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4692 (4692), Seq: 1826922713, Ack: 90046386, Len: 4 Source port: netbios-ssn (139) Destination port: 4692 (4692) Sequence number: 1826922713 Next sequence number: 1826922717 Acknowledgement number: 90046386 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x920d (incorrect, should be 0x8868) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c c5 01 40 00 7f 06 01 5d ac 10 86 bf 40 fe .,..@....]....@. 0020 cb 44 00 8b 12 54 6c e4 a0 d9 05 5d ff b2 50 18 .D...Tl....]..P. 0030 40 a0 92 0d 00 00 82 00 00 00 00 00 @........... Frame 865 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 13:19:07.370740000 Time delta from previous packet: 1.508694000 seconds Time relative to first packet: 303057.845536000 seconds Frame Number: 865 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.254.203.68 (64.254.203.68), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xdfb4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0xf56f (incorrect, should be 0xebca) Source: 64.254.203.68 (64.254.203.68) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4692 (4692), Dst Port: netbios-ssn (139), Seq: 90046386, Ack: 1826922717, Len: 62 Source port: 4692 (4692) Destination port: netbios-ssn (139) Sequence number: 90046386 Next sequence number: 90046448 Acknowledgement number: 1826922717 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x9f6d (incorrect, should be 0xb5c7) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 df b4 40 00 70 06 f5 6f 40 fe cb 44 ac 10 .f..@.p..o@..D.. 0020 86 bf 12 54 00 8b 05 5d ff b2 6c e4 a0 dd 50 18 ...T...]..l...P. 0030 21 7c 9f 6d 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.m.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 866 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:19:07.388527000 Time delta from previous packet: 0.017787000 seconds Time relative to first packet: 303057.863323000 seconds Frame Number: 866 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.254.203.68 (64.254.203.68) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc503 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x015f (incorrect, should be 0xf7b9) Source: 172.16.134.191 (172.16.134.191) Destination: 64.254.203.68 (64.254.203.68) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4692 (4692), Seq: 1826922717, Ack: 90046386, Len: 0 Source port: netbios-ssn (139) Destination port: 4692 (4692) Sequence number: 1826922717 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x54c2 (incorrect, should be 0x4b1d) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 c5 03 40 00 7f 06 01 5f ac 10 86 bf 40 fe .(..@...._....@. 0020 cb 44 00 8b 12 54 6c e4 a0 dd 05 5d ff b2 50 04 .D...Tl....]..P. 0030 00 00 54 c2 00 00 00 00 00 00 00 00 ..T......... Frame 867 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:43:26.564185000 Time delta from previous packet: 1459.175658000 seconds Time relative to first packet: 304517.038981000 seconds Frame Number: 867 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x94be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x9d51 (incorrect, should be 0x93ac) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4707 (4707), Dst Port: netbios-ssn (139), Seq: 2227987959, Ack: 0, Len: 0 Source port: 4707 (4707) Destination port: netbios-ssn (139) Sequence number: 2227987959 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x8cb5 (incorrect, should be 0x8310) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 94 be 40 00 70 06 9d 51 d8 aa d6 e2 ac 10 .0..@.p..Q...... 0020 86 bf 12 63 00 8b 84 cc 65 f7 00 00 00 00 70 02 ...c....e.....p. 0030 20 00 8c b5 00 00 02 04 05 b4 01 01 04 02 ............. Frame 868 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:43:26.572674000 Time delta from previous packet: 0.008489000 seconds Time relative to first packet: 304517.047470000 seconds Frame Number: 868 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc724 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5beb (incorrect, should be 0x5246) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4707 (4707), Seq: 2192398445, Ack: 2227987960, Len: 0 Source port: netbios-ssn (139) Destination port: 4707 (4707) Sequence number: 2192398445 Acknowledgement number: 2227987960 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x8d19 (incorrect, should be 0x8374) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 c7 24 40 00 7f 06 5b eb ac 10 86 bf d8 aa .0.$@...[....... 0020 d6 e2 00 8b 12 63 82 ad 58 6d 84 cc 65 f8 70 12 .....c..Xm..e.p. 0030 44 70 8d 19 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 869 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:26.648454000 Time delta from previous packet: 0.075780000 seconds Time relative to first packet: 304517.123250000 seconds Frame Number: 869 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x96be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x9b59 (incorrect, should be 0x91b4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4707 (4707), Dst Port: netbios-ssn (139), Seq: 2227987960, Ack: 2192398446, Len: 0 Source port: 4707 (4707) Destination port: netbios-ssn (139) Sequence number: 2227987960 Acknowledgement number: 2192398446 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xdc15 (incorrect, should be 0xd270) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 96 be 40 00 70 06 9b 59 d8 aa d6 e2 ac 10 .(..@.p..Y...... 0020 86 bf 12 63 00 8b 84 cc 65 f8 82 ad 58 6e 50 10 ...c....e...XnP. 0030 22 38 dc 15 00 00 00 00 00 00 00 00 "8.......... Frame 870 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:26.658109000 Time delta from previous packet: 0.009655000 seconds Time relative to first packet: 304517.132905000 seconds Frame Number: 870 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x97be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x9a59 (incorrect, should be 0x90b4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4707 (4707), Dst Port: netbios-ssn (139), Seq: 2227987960, Ack: 2192398446, Len: 0 Source port: 4707 (4707) Destination port: netbios-ssn (139) Sequence number: 2227987960 Acknowledgement number: 2192398446 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 8760 Checksum: 0xdc14 (incorrect, should be 0xd26f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 97 be 40 00 70 06 9a 59 d8 aa d6 e2 ac 10 .(..@.p..Y...... 0020 86 bf 12 63 00 8b 84 cc 65 f8 82 ad 58 6e 50 11 ...c....e...XnP. 0030 22 38 dc 14 00 00 00 00 00 00 00 00 "8.......... Frame 871 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:26.659843000 Time delta from previous packet: 0.001734000 seconds Time relative to first packet: 304517.134639000 seconds Frame Number: 871 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc725 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5bf2 (incorrect, should be 0x524d) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4707 (4707), Seq: 2192398446, Ack: 2227987961, Len: 0 Source port: netbios-ssn (139) Destination port: 4707 (4707) Sequence number: 2192398446 Acknowledgement number: 2227987961 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 17520 Checksum: 0xb9db (incorrect, should be 0xb036) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 c7 25 40 00 7f 06 5b f2 ac 10 86 bf d8 aa .(.%@...[....... 0020 d6 e2 00 8b 12 63 82 ad 58 6e 84 cc 65 f9 50 11 .....c..Xn..e.P. 0030 44 70 b9 db 00 00 00 00 00 00 00 00 Dp.......... Frame 872 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:27.859146000 Time delta from previous packet: 1.199303000 seconds Time relative to first packet: 304518.333942000 seconds Frame Number: 872 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x99be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x9859 (incorrect, should be 0x8eb4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4707 (4707), Dst Port: netbios-ssn (139), Seq: 2227987961, Ack: 2192398447, Len: 0 Source port: 4707 (4707) Destination port: netbios-ssn (139) Sequence number: 2227987961 Acknowledgement number: 2192398447 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xdc13 (incorrect, should be 0xd26e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 99 be 40 00 70 06 98 59 d8 aa d6 e2 ac 10 .(..@.p..Y...... 0020 86 bf 12 63 00 8b 84 cc 65 f9 82 ad 58 6f 50 10 ...c....e...XoP. 0030 22 38 dc 13 00 00 00 00 00 00 00 00 "8.......... Frame 875 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:43:30.961886000 Time delta from previous packet: 0.095451000 seconds Time relative to first packet: 304521.436682000 seconds Frame Number: 875 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa2be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8f51 (incorrect, should be 0x85ac) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991192, Ack: 0, Len: 0 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991192 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x8013 (incorrect, should be 0x766e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a2 be 40 00 70 06 8f 51 d8 aa d6 e2 ac 10 .0..@.p..Q...... 0020 86 bf 12 64 00 8b 84 cc 72 98 00 00 00 00 70 02 ...d....r.....p. 0030 20 00 80 13 00 00 02 04 05 b4 01 01 04 02 ............. Frame 876 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 13:43:30.962610000 Time delta from previous packet: 0.000724000 seconds Time relative to first packet: 304521.437406000 seconds Frame Number: 876 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xc729 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5be6 (incorrect, should be 0x5241) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4708 (4708), Seq: 2193543350, Ack: 2227991193, Len: 0 Source port: netbios-ssn (139) Destination port: 4708 (4708) Sequence number: 2193543350 Acknowledgement number: 2227991193 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x081d (incorrect, should be 0xfe77) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 c7 29 40 00 7f 06 5b e6 ac 10 86 bf d8 aa .0.)@...[....... 0020 d6 e2 00 8b 12 64 82 be d0 b6 84 cc 72 99 70 12 .....d......r.p. 0030 44 70 08 1d 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 877 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.050234000 Time delta from previous packet: 0.087624000 seconds Time relative to first packet: 304521.525030000 seconds Frame Number: 877 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa3be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8e59 (incorrect, should be 0x84b4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991193, Ack: 2193543351, Len: 0 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991193 Acknowledgement number: 2193543351 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x5719 (incorrect, should be 0x4d74) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 a3 be 40 00 70 06 8e 59 d8 aa d6 e2 ac 10 .(..@.p..Y...... 0020 86 bf 12 64 00 8b 84 cc 72 99 82 be d0 b7 50 10 ...d....r.....P. 0030 22 38 57 19 00 00 00 00 00 00 00 00 "8W......... Frame 878 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.059731000 Time delta from previous packet: 0.009497000 seconds Time relative to first packet: 304521.534527000 seconds Frame Number: 878 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa4be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8d11 (incorrect, should be 0x836c) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991193, Ack: 2193543351, Len: 72 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991193 Next sequence number: 2227991265 Acknowledgement number: 2193543351 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x3001 (incorrect, should be 0x265c) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: DISPATCH<00> (Workstation/Redirector) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a4 be 40 00 70 06 8d 11 d8 aa d6 e2 ac 10 .p..@.p......... 0020 86 bf 12 64 00 8b 84 cc 72 99 82 be d0 b7 50 18 ...d....r.....P. 0030 22 38 30 01 00 00 81 00 00 44 20 46 44 45 43 45 "80......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 45 45 ACACACACACA. EEE 0060 4a 46 44 46 41 45 42 46 45 45 44 45 49 43 41 43 JFDFAEBFEEDEICAC 0070 41 43 41 43 41 43 41 43 41 43 41 41 41 00 ACACACACACAAA. Frame 879 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.061855000 Time delta from previous packet: 0.002124000 seconds Time relative to first packet: 304521.536651000 seconds Frame Number: 879 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xc72a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5be9 (incorrect, should be 0x5244) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4708 (4708), Seq: 2193543351, Ack: 2227991265, Len: 4 Source port: netbios-ssn (139) Destination port: 4708 (4708) Sequence number: 2193543351 Next sequence number: 2193543355 Acknowledgement number: 2227991265 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xb2d4 (incorrect, should be 0xa92f) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c c7 2a 40 00 7f 06 5b e9 ac 10 86 bf d8 aa .,.*@...[....... 0020 d6 e2 00 8b 12 64 82 be d0 b7 84 cc 72 e1 50 18 .....d......r.P. 0030 44 28 b2 d4 00 00 82 00 00 00 00 00 D(.......... Frame 880 (212 bytes on wire, 212 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.151288000 Time delta from previous packet: 0.089433000 seconds Time relative to first packet: 304521.626084000 seconds Frame Number: 880 Packet Length: 212 bytes Capture Length: 212 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 198 Identification: 0xa5be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8bbb (incorrect, should be 0x8216) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991265, Ack: 2193543355, Len: 158 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991265 Next sequence number: 2227991423 Acknowledgement number: 2193543355 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x0f27 (incorrect, should be 0x0582) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 154 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Negotiate Protocol (0x72) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 5315 User ID: 0 Multiplex ID: 11393 Negotiate Protocol Request (0x72) Word Count (WCT): 0 Byte Count (BCC): 119 Requested Dialects Dialect: PC NETWORK PROGRAM 1.0 Buffer Format: Dialect (2) Name: PC NETWORK PROGRAM 1.0 Dialect: MICROSOFT NETWORKS 3.0 Buffer Format: Dialect (2) Name: MICROSOFT NETWORKS 3.0 Dialect: DOS LM1.2X002 Buffer Format: Dialect (2) Name: DOS LM1.2X002 Dialect: DOS LANMAN2.1 Buffer Format: Dialect (2) Name: DOS LANMAN2.1 Dialect: Windows for Workgroups 3.1a Buffer Format: Dialect (2) Name: Windows for Workgroups 3.1a Dialect: NT LM 0.12 Buffer Format: Dialect (2) Name: NT LM 0.12 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 c6 a5 be 40 00 70 06 8b bb d8 aa d6 e2 ac 10 ....@.p......... 0020 86 bf 12 64 00 8b 84 cc 72 e1 82 be d0 bb 50 18 ...d....r.....P. 0030 22 34 0f 27 00 00 00 00 00 9a ff 53 4d 42 72 00 "4.'.......SMBr. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 c3 14 00 00 81 2c 00 77 00 02 50 43 .........,.w..PC 0060 20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d NETWORK PROGRAM 0070 20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 20 1.0..MICROSOFT 0080 4e 45 54 57 4f 52 4b 53 20 33 2e 30 00 02 44 4f NETWORKS 3.0..DO 0090 53 20 4c 4d 31 2e 32 58 30 30 32 00 02 44 4f 53 S LM1.2X002..DOS 00a0 20 4c 41 4e 4d 41 4e 32 2e 31 00 02 57 69 6e 64 LANMAN2.1..Wind 00b0 6f 77 73 20 66 6f 72 20 57 6f 72 6b 67 72 6f 75 ows for Workgrou 00c0 70 73 20 33 2e 31 61 00 02 4e 54 20 4c 4d 20 30 ps 3.1a..NT LM 0 00d0 2e 31 32 00 .12. Frame 881 (157 bytes on wire, 157 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.153842000 Time delta from previous packet: 0.002554000 seconds Time relative to first packet: 304521.628638000 seconds Frame Number: 881 Packet Length: 157 bytes Capture Length: 157 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 143 Identification: 0xc72b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5b85 (incorrect, should be 0x51e0) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4708 (4708), Seq: 2193543355, Ack: 2227991423, Len: 103 Source port: netbios-ssn (139) Destination port: 4708 (4708) Sequence number: 2193543355 Next sequence number: 2193543458 Acknowledgement number: 2227991423 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17290 Checksum: 0x5e81 (incorrect, should be 0x54fb) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 99 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 880 Time from request: 0.002554000 seconds SMB Command: Negotiate Protocol (0x72) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 5315 User ID: 0 Multiplex ID: 11393 Negotiate Protocol Response (0x72) Word Count (WCT): 17 Dialect Index: 5, greater than LANMAN2.1 Security Mode: 0x03 .... ...1 = Mode: USER security mode .... ..1. = Password: ENCRYPTED password. Use challenge/response .... .0.. = Signatures: Security signatures NOT enabled .... 0... = Sig Req: Security signatures NOT required Max Mpx Count: 50 Max VCs: 1 Max Buffer Size: 16644 Max Raw Buffer: 65536 Session Key: 0x00000000 Capabilities: 0x0000f3fd .... .... .... .... .... .... .... ...1 = Raw Mode: Read Raw and Write Raw are supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 1... = Large Files: Large files are supported .... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs are supported .... .... .... .... .... .... ..1. .... = RPC Remote APIs: RPC remote APIs are supported .... .... .... .... .... .... .1.. .... = NT Status Codes: NT status codes are supported .... .... .... .... .... .... 1... .... = Level 2 Oplocks: Level 2 oplocks are supported .... .... .... .... .... ...1 .... .... = Lock and Read: Lock and Read is supported .... .... .... .... .... ..1. .... .... = NT Find: NT Find is supported .... .... .... .... ...1 .... .... .... = Dfs: Dfs is supported .... .... .... .... ..1. .... .... .... = Infolevel Passthru: NT information level request passthrough is supported .... .... .... .... .1.. .... .... .... = Large ReadX: Large Read andX is supported .... .... .... .... 1... .... .... .... = Large WriteX: Large Write andX is supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 0... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are not supported System Time: Mar 4, 2003 13:06:40.100770625 Server Time Zone: 480 min from UTC Key Length: 8 Byte Count (BCC): 30 Encryption Key: 5CB46B98CB6139DE Primary Domain: SBM Server: PC0191 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 8f c7 2b 40 00 7f 06 5b 85 ac 10 86 bf d8 aa ...+@...[....... 0020 d6 e2 00 8b 12 64 82 be d0 bb 84 cc 73 7f 50 18 .....d......s.P. 0030 43 8a 5e 81 00 00 00 00 00 63 ff 53 4d 42 72 00 C.^......c.SMBr. 0040 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 c3 14 00 00 81 2c 11 05 00 03 32 00 .........,....2. 0060 01 00 04 41 00 00 00 00 01 00 00 00 00 00 fd f3 ...A............ 0070 00 00 60 d0 5e f3 91 e2 c2 01 e0 01 08 1e 00 5c ..`.^..........\ 0080 b4 6b 98 cb 61 39 de 53 00 42 00 4d 00 00 00 50 .k..a9.S.B.M...P 0090 00 43 00 30 00 31 00 39 00 31 00 00 00 .C.0.1.9.1... Frame 882 (214 bytes on wire, 214 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.250216000 Time delta from previous packet: 0.096374000 seconds Time relative to first packet: 304521.725012000 seconds Frame Number: 882 Packet Length: 214 bytes Capture Length: 214 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 200 Identification: 0xa6be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8ab9 (incorrect, should be 0x8114) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991423, Ack: 2193543458, Len: 160 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991423 Next sequence number: 2227991583 Acknowledgement number: 2193543458 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8653 Checksum: 0xb7d8 (incorrect, should be 0xce32) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 156 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Session Setup AndX (0x73) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x10 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x1000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...1 .... .... .... = Dfs: Resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 5315 User ID: 1 Multiplex ID: 11393 Session Setup AndX Request (0x73) Word Count (WCT): 13 AndXCommand: Tree Connect AndX (0x75) Reserved: 00 AndXOffset: 126 Max Buffer: 2920 Max Mpx Count: 50 VC Number: 0 Session Key: 0x00000000 ANSI Password Length: 24 Unicode Password Length: 0 Reserved: 00000000 Capabilities: 0x00000005 .... .... .... .... .... .... .... ...1 = Raw Mode: Read Raw and Write Raw are supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 0... = Large Files: Large files are not supported .... .... .... .... .... .... ...0 .... = NT SMBs: NT SMBs are not supported .... .... .... .... .... .... ..0. .... = RPC Remote APIs: RPC remote APIs are not supported .... .... .... .... .... .... .0.. .... = NT Status Codes: NT status codes are not supported .... .... .... .... .... .... 0... .... = Level 2 Oplocks: Level 2 oplocks are not supported .... .... .... .... .... ...0 .... .... = Lock and Read: Lock and Read is not supported .... .... .... .... .... ..0. .... .... = NT Find: NT Find is not supported .... .... .... .... ...0 .... .... .... = Dfs: Dfs is not supported .... .... .... .... ..0. .... .... .... = Infolevel Passthru: NT information level request passthrough is not supported .... .... .... .... .0.. .... .... .... = Large ReadX: Large Read andX is not supported .... .... .... .... 0... .... .... .... = Large WriteX: Large Write andX is not supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 0... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are not supported Byte Count (BCC): 65 ANSI Password: 8B8563F7D061A25E4C740A028DB8B239... Account: DMMD Primary Domain: DTMILWMANGE Native OS: Windows 4.0 Native LAN Manager: Windows 4.0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0002 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 19 Password: 00 Path: \\PC0191\IPC$ Service: IPC 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 c8 a6 be 40 00 70 06 8a b9 d8 aa d6 e2 ac 10 ....@.p......... 0020 86 bf 12 64 00 8b 84 cc 73 7f 82 be d1 22 50 18 ...d....s...."P. 0030 21 cd b7 d8 00 00 00 00 00 9c ff 53 4d 42 73 00 !..........SMBs. 0040 00 00 00 10 00 10 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 c3 14 01 00 81 2c 0d 75 00 7e 00 68 .........,.u.~.h 0060 0b 32 00 00 00 00 00 00 00 18 00 00 00 00 00 00 .2.............. 0070 00 05 00 00 00 41 00 8b 85 63 f7 d0 61 a2 5e 4c .....A...c..a.^L 0080 74 0a 02 8d b8 b2 39 fe 5f c7 23 4b 27 ff 2b 44 t.....9._.#K'.+D 0090 4d 4d 44 00 44 54 4d 49 4c 57 4d 41 4e 47 45 00 MMD.DTMILWMANGE. 00a0 57 69 6e 64 6f 77 73 20 34 2e 30 00 57 69 6e 64 Windows 4.0.Wind 00b0 6f 77 73 20 34 2e 30 00 04 ff 00 00 00 02 00 01 ows 4.0......... 00c0 00 13 00 00 5c 5c 50 43 30 31 39 31 5c 49 50 43 ....\\PC0191\IPC 00d0 24 00 49 50 43 00 $.IPC. Frame 883 (93 bytes on wire, 93 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.257871000 Time delta from previous packet: 0.007655000 seconds Time relative to first packet: 304521.732667000 seconds Frame Number: 883 Packet Length: 93 bytes Capture Length: 93 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 79 Identification: 0xc72c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5bc4 (incorrect, should be 0x521f) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4708 (4708), Seq: 2193543458, Ack: 2227991583, Len: 39 Source port: netbios-ssn (139) Destination port: 4708 (4708) Sequence number: 2193543458 Next sequence number: 2193543497 Acknowledgement number: 2227991583 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17130 Checksum: 0x2ea6 (incorrect, should be 0x2501) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 35 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 882 Time from request: 0.007655000 seconds SMB Command: Session Setup AndX (0x73) Error Class: DOS Error (0x01) Reserved: 00 Error Code: Access denied Flags: 0x90 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x1000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...1 .... .... .... = Dfs: Resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 5315 User ID: 1 Multiplex ID: 11393 Session Setup AndX Response (0x73) Word Count (WCT): 0 Byte Count (BCC): 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 4f c7 2c 40 00 7f 06 5b c4 ac 10 86 bf d8 aa .O.,@...[....... 0020 d6 e2 00 8b 12 64 82 be d1 22 84 cc 74 1f 50 18 .....d..."..t.P. 0030 42 ea 2e a6 00 00 00 00 00 23 ff 53 4d 42 73 01 B........#.SMBs. 0040 00 05 00 90 00 10 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 c3 14 01 00 81 2c 00 00 00 .........,... Frame 884 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:31.469971000 Time delta from previous packet: 0.212100000 seconds Time relative to first packet: 304521.944767000 seconds Frame Number: 884 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xa9be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x8859 (incorrect, should be 0x7eb4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991583, Ack: 2193543497, Len: 0 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991583 Acknowledgement number: 2193543497 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8614 Checksum: 0x5593 (incorrect, should be 0x4bee) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 a9 be 40 00 70 06 88 59 d8 aa d6 e2 ac 10 .(..@.p..Y...... 0020 86 bf 12 64 00 8b 84 cc 74 1f 82 be d1 49 50 10 ...d....t....IP. 0030 21 a6 55 93 00 00 00 00 00 00 00 00 !.U......... Frame 885 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:36.750791000 Time delta from previous packet: 5.280820000 seconds Time relative to first packet: 304527.225587000 seconds Frame Number: 885 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb5be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x7c59 (incorrect, should be 0x72b4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991583, Ack: 2193543497, Len: 0 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991583 Acknowledgement number: 2193543497 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 8614 Checksum: 0x5592 (incorrect, should be 0x4bed) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b5 be 40 00 70 06 7c 59 d8 aa d6 e2 ac 10 .(..@.p.|Y...... 0020 86 bf 12 64 00 8b 84 cc 74 1f 82 be d1 49 50 11 ...d....t....IP. 0030 21 a6 55 92 00 00 00 00 00 00 00 00 !.U......... Frame 886 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:36.751674000 Time delta from previous packet: 0.000883000 seconds Time relative to first packet: 304527.226470000 seconds Frame Number: 886 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 216.170.214.226 (216.170.214.226) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xc72f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5be8 (incorrect, should be 0x5243) Source: 172.16.134.191 (172.16.134.191) Destination: 216.170.214.226 (216.170.214.226) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4708 (4708), Seq: 2193543497, Ack: 2227991584, Len: 0 Source port: netbios-ssn (139) Destination port: 4708 (4708) Sequence number: 2193543497 Acknowledgement number: 2227991584 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 17130 Checksum: 0x344d (incorrect, should be 0x2aa8) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 c7 2f 40 00 7f 06 5b e8 ac 10 86 bf d8 aa .(./@...[....... 0020 d6 e2 00 8b 12 64 82 be d1 49 84 cc 74 20 50 11 .....d...I..t P. 0030 42 ea 34 4d 00 00 00 00 00 00 00 00 B.4M........ Frame 887 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 13:43:36.840716000 Time delta from previous packet: 0.089042000 seconds Time relative to first packet: 304527.315512000 seconds Frame Number: 887 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 216.170.214.226 (216.170.214.226), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb6be Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x7b59 (incorrect, should be 0x71b4) Source: 216.170.214.226 (216.170.214.226) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4708 (4708), Dst Port: netbios-ssn (139), Seq: 2227991584, Ack: 2193543498, Len: 0 Source port: 4708 (4708) Destination port: netbios-ssn (139) Sequence number: 2227991584 Acknowledgement number: 2193543498 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8614 Checksum: 0x5591 (incorrect, should be 0x4bec) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b6 be 40 00 70 06 7b 59 d8 aa d6 e2 ac 10 .(..@.p.{Y...... 0020 86 bf 12 64 00 8b 84 cc 74 20 82 be d1 4a 50 10 ...d....t ...JP. 0030 21 a6 55 91 00 00 00 00 00 00 00 00 !.U......... Frame 892 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.422759000 Time delta from previous packet: 0.222967000 seconds Time relative to first packet: 313127.897555000 seconds Frame Number: 892 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.58.0.25 (210.58.0.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd3e9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x3c60 (incorrect, should be 0x32bb) Source: 210.58.0.25 (210.58.0.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64486 (64486), Dst Port: netbios-ssn (139), Seq: 39269708, Ack: 0, Len: 0 Source port: 64486 (64486) Destination port: netbios-ssn (139) Sequence number: 39269708 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x338c (incorrect, should be 0x29e7) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 d3 e9 40 00 6f 06 3c 60 d2 3a 00 19 ac 10 .0..@.o.<`.:.... 0020 86 bf fb e6 00 8b 02 57 35 4c 00 00 00 00 70 02 .......W5L....p. 0030 20 00 33 8c 00 00 02 04 05 b4 01 01 04 02 .3........... Frame 893 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.427968000 Time delta from previous packet: 0.005209000 seconds Time relative to first packet: 313127.902764000 seconds Frame Number: 893 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.58.0.25 (210.58.0.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd3a3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2ca6 (incorrect, should be 0x2301) Source: 172.16.134.191 (172.16.134.191) Destination: 210.58.0.25 (210.58.0.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64486 (64486), Seq: 50063403, Ack: 39269709, Len: 0 Source port: netbios-ssn (139) Destination port: 64486 (64486) Sequence number: 50063403 Acknowledgement number: 39269709 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x23e4 (incorrect, should be 0x1a3f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 d3 a3 40 00 7f 06 2c a6 ac 10 86 bf d2 3a .0..@...,......: 0020 00 19 00 8b fb e6 02 fb e8 2b 02 57 35 4d 70 12 .........+.W5Mp. 0030 44 70 23 e4 00 00 02 04 05 b4 01 01 04 02 Dp#........... Frame 894 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.600960000 Time delta from previous packet: 0.172992000 seconds Time relative to first packet: 313128.075756000 seconds Frame Number: 894 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.58.0.25 (210.58.0.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xdbe9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x3468 (incorrect, should be 0x2ac3) Source: 210.58.0.25 (210.58.0.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64486 (64486), Dst Port: netbios-ssn (139), Seq: 39269709, Ack: 50063404, Len: 0 Source port: 64486 (64486) Destination port: netbios-ssn (139) Sequence number: 39269709 Acknowledgement number: 50063404 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x72e0 (incorrect, should be 0x693b) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 db e9 40 00 6f 06 34 68 d2 3a 00 19 ac 10 .(..@.o.4h.:.... 0020 86 bf fb e6 00 8b 02 57 35 4d 02 fb e8 2c 50 10 .......W5M...,P. 0030 22 38 72 e0 00 00 00 00 00 00 00 00 "8r......... Frame 895 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.601081000 Time delta from previous packet: 0.000121000 seconds Time relative to first packet: 313128.075877000 seconds Frame Number: 895 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.58.0.25 (210.58.0.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xdce9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x3320 (incorrect, should be 0x297b) Source: 210.58.0.25 (210.58.0.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64486 (64486), Dst Port: netbios-ssn (139), Seq: 39269709, Ack: 50063404, Len: 72 Source port: 64486 (64486) Destination port: netbios-ssn (139) Sequence number: 39269709 Next sequence number: 39269781 Acknowledgement number: 50063404 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x47cb (incorrect, should be 0x3e26) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 dc e9 40 00 6f 06 33 20 d2 3a 00 19 ac 10 .p..@.o.3 .:.... 0020 86 bf fb e6 00 8b 02 57 35 4d 02 fb e8 2c 50 18 .......W5M...,P. 0030 22 38 47 cb 00 00 81 00 00 44 20 46 44 45 43 45 "8G......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 896 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.602377000 Time delta from previous packet: 0.001296000 seconds Time relative to first packet: 313128.077173000 seconds Frame Number: 896 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.58.0.25 (210.58.0.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xd3a5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2ca8 (incorrect, should be 0x2303) Source: 172.16.134.191 (172.16.134.191) Destination: 210.58.0.25 (210.58.0.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64486 (64486), Seq: 50063404, Ack: 39269781, Len: 4 Source port: netbios-ssn (139) Destination port: 64486 (64486) Sequence number: 50063404 Next sequence number: 50063408 Acknowledgement number: 39269781 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xce9b (incorrect, should be 0xc4f6) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c d3 a5 40 00 7f 06 2c a8 ac 10 86 bf d2 3a .,..@...,......: 0020 00 19 00 8b fb e6 02 fb e8 2c 02 57 35 95 50 18 .........,.W5.P. 0030 44 28 ce 9b 00 00 82 00 00 00 00 00 D(.......... Frame 897 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.810761000 Time delta from previous packet: 0.208384000 seconds Time relative to first packet: 313128.285557000 seconds Frame Number: 897 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.58.0.25 (210.58.0.25), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xe6e9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x292a (incorrect, should be 0x1f85) Source: 210.58.0.25 (210.58.0.25) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64486 (64486), Dst Port: netbios-ssn (139), Seq: 39269781, Ack: 50063408, Len: 62 Source port: 64486 (64486) Destination port: netbios-ssn (139) Sequence number: 39269781 Next sequence number: 39269843 Acknowledgement number: 50063408 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xdecb (incorrect, should be 0xf525) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 e6 e9 40 00 6f 06 29 2a d2 3a 00 19 ac 10 .f..@.o.)*.:.... 0020 86 bf fb e6 00 8b 02 57 35 95 02 fb e8 30 50 18 .......W5....0P. 0030 22 34 de cb 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 898 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 16:06:57.830919000 Time delta from previous packet: 0.020158000 seconds Time relative to first packet: 313128.305715000 seconds Frame Number: 898 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.58.0.25 (210.58.0.25) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd3a6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2cab (incorrect, should be 0x2306) Source: 172.16.134.191 (172.16.134.191) Destination: 210.58.0.25 (210.58.0.25) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64486 (64486), Seq: 50063408, Ack: 39269781, Len: 0 Source port: netbios-ssn (139) Destination port: 64486 (64486) Sequence number: 50063408 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x94d8 (incorrect, should be 0x8b33) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 d3 a6 40 00 7f 06 2c ab ac 10 86 bf d2 3a .(..@...,......: 0020 00 19 00 8b fb e6 02 fb e8 30 02 57 35 95 50 04 .........0.W5.P. 0030 00 00 94 d8 00 00 00 00 00 00 00 00 ............ Frame 907 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.382597000 Time delta from previous packet: 1.538524000 seconds Time relative to first packet: 322203.857393000 seconds Frame Number: 907 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xb812 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x900e (incorrect, should be 0x8669) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4443 (4443), Dst Port: netbios-ssn (139), Seq: 1727246171, Ack: 0, Len: 0 Source port: 4443 (4443) Destination port: netbios-ssn (139) Sequence number: 1727246171 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x9852 (incorrect, should be 0x8ead) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 b8 12 40 00 6b 06 90 0e d2 16 cc 65 ac 10 .0..@.k......e.. 0020 86 bf 11 5b 00 8b 66 f3 af 5b 00 00 00 00 70 02 ...[..f..[....p. 0030 fa f0 98 52 00 00 02 04 05 b4 01 01 04 02 ...R.......... Frame 908 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.384306000 Time delta from previous packet: 0.001709000 seconds Time relative to first packet: 322203.859102000 seconds Frame Number: 908 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe0e4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x533c (incorrect, should be 0x4997) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4443 (4443), Seq: 2319175335, Ack: 1727246172, Len: 0 Source port: netbios-ssn (139) Destination port: 4443 (4443) Sequence number: 2319175335 Acknowledgement number: 1727246172 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xf5de (incorrect, should be 0xec39) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e0 e4 40 00 7f 06 53 3c ac 10 86 bf d2 16 .0..@...S<...... 0020 cc 65 00 8b 11 5b 8a 3b ce a7 66 f3 af 5c 70 12 .e...[.;..f..\p. 0030 44 70 f5 de 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 909 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.603981000 Time delta from previous packet: 0.219675000 seconds Time relative to first packet: 322204.078777000 seconds Frame Number: 909 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb8b9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x8f6f (incorrect, should be 0x85ca) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4443 (4443), Dst Port: netbios-ssn (139), Seq: 1727246172, Ack: 2319175336, Len: 0 Source port: 4443 (4443) Destination port: netbios-ssn (139) Sequence number: 1727246172 Acknowledgement number: 2319175336 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x6c22 (incorrect, should be 0x627d) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b8 b9 40 00 6b 06 8f 6f d2 16 cc 65 ac 10 .(..@.k..o...e.. 0020 86 bf 11 5b 00 8b 66 f3 af 5c 8a 3b ce a8 50 10 ...[..f..\.;..P. 0030 fa f0 6c 22 00 00 00 00 00 00 00 00 ..l"........ Frame 910 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.650510000 Time delta from previous packet: 0.046529000 seconds Time relative to first packet: 322204.125306000 seconds Frame Number: 910 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb8bc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x8f6c (incorrect, should be 0x85c7) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4443 (4443), Dst Port: netbios-ssn (139), Seq: 1727246172, Ack: 0, Len: 0 Source port: 4443 (4443) Destination port: netbios-ssn (139) Sequence number: 1727246172 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc003 (incorrect, should be 0xb65e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b8 bc 40 00 6b 06 8f 6c d2 16 cc 65 ac 10 .(..@.k..l...e.. 0020 86 bf 11 5b 00 8b 66 f3 af 5c 00 00 00 00 50 04 ...[..f..\....P. 0030 00 00 c0 03 00 00 00 00 00 00 00 00 ............ Frame 913 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.822294000 Time delta from previous packet: 0.006652000 seconds Time relative to first packet: 322204.297090000 seconds Frame Number: 913 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xb943 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x8edd (incorrect, should be 0x8538) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4474 (4474), Dst Port: netbios-ssn (139), Seq: 1728905035, Ack: 0, Len: 0 Source port: 4474 (4474) Destination port: netbios-ssn (139) Sequence number: 1728905035 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x482a (incorrect, should be 0x3e85) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 b9 43 40 00 6b 06 8e dd d2 16 cc 65 ac 10 .0.C@.k......e.. 0020 86 bf 11 7a 00 8b 67 0c ff 4b 00 00 00 00 70 02 ...z..g..K....p. 0030 fa f0 48 2a 00 00 02 04 05 b4 01 01 04 02 ..H*.......... Frame 914 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.822296000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 322204.297092000 seconds Frame Number: 914 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xb944 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x8016 (incorrect, should be 0x7671) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4475 (4475), Dst Port: netbios-ssn (139), Seq: 1728956009, Ack: 0, Len: 0 Source port: 4475 (4475) Destination port: netbios-ssn (139) Sequence number: 1728956009 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x7244 (incorrect, should be 0x689f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 b9 44 40 00 6b 06 80 16 ac a8 00 9a ac 10 .0.D@.k......... 0020 86 bf 11 7b 00 8b 67 0d c6 69 00 00 00 00 70 02 ...{..g..i....p. 0030 fa f0 72 44 00 00 02 04 05 b4 01 01 04 02 ..rD.......... Frame 915 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.824446000 Time delta from previous packet: 0.002150000 seconds Time relative to first packet: 322204.299242000 seconds Frame Number: 915 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe0e6 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x533a (incorrect, should be 0x4995) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4474 (4474), Seq: 2319395296, Ack: 1728905036, Len: 0 Source port: netbios-ssn (139) Destination port: 4474 (4474) Sequence number: 2319395296 Acknowledgement number: 1728905036 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x4a7a (incorrect, should be 0x40d5) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e0 e6 40 00 7f 06 53 3a ac 10 86 bf d2 16 .0..@...S:...... 0020 cc 65 00 8b 11 7a 8a 3f 29 e0 67 0c ff 4c 70 12 .e...z.?).g..Lp. 0030 44 70 4a 7a 00 00 02 04 05 b4 01 01 04 02 DpJz.......... Frame 916 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:13.824448000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 322204.299244000 seconds Frame Number: 916 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe0e7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4473 (incorrect, should be 0x3ace) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4475 (4475), Seq: 2319435217, Ack: 1728956010, Len: 0 Source port: netbios-ssn (139) Destination port: 4475 (4475) Sequence number: 2319435217 Acknowledgement number: 1728956010 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd8a2 (incorrect, should be 0xcefd) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e0 e7 40 00 7f 06 44 73 ac 10 86 bf ac a8 .0..@...Ds...... 0020 00 9a 00 8b 11 7b 8a 3f c5 d1 67 0d c6 6a 70 12 .....{.?..g..jp. 0030 44 70 d8 a2 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 918 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:14.047755000 Time delta from previous packet: 0.010261000 seconds Time relative to first packet: 322204.522551000 seconds Frame Number: 918 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb9d5 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xce53 (incorrect, should be 0xc4ae) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4474 (4474), Dst Port: netbios-ssn (139), Seq: 1728905036, Ack: 1728905036, Len: 0 Source port: 4474 (4474) Destination port: netbios-ssn (139) Sequence number: 1728905036 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0982 (incorrect, should be 0xffdc) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b9 d5 00 00 6b 06 ce 53 d2 16 cc 65 ac 10 .(....k..S...e.. 0020 86 bf 11 7a 00 8b 67 0c ff 4c 67 0c ff 4c 50 04 ...z..g..Lg..LP. 0030 00 00 09 82 00 00 00 00 00 00 00 00 ............ Frame 940 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:16.769010000 Time delta from previous packet: 0.099373000 seconds Time relative to first packet: 322207.243806000 seconds Frame Number: 940 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe0f3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4467 (incorrect, should be 0x3ac2) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4475 (4475), Seq: 2319435217, Ack: 1728956010, Len: 0 Source port: netbios-ssn (139) Destination port: 4475 (4475) Sequence number: 2319435217 Acknowledgement number: 1728956010 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd8a2 (incorrect, should be 0xcefd) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e0 f3 40 00 7f 06 44 67 ac 10 86 bf ac a8 .0..@...Dg...... 0020 00 9a 00 8b 11 7b 8a 3f c5 d1 67 0d c6 6a 70 12 .....{.?..g..jp. 0030 44 70 d8 a2 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 977 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:22.761932000 Time delta from previous packet: 0.241182000 seconds Time relative to first packet: 322213.236728000 seconds Frame Number: 977 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe105 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4455 (incorrect, should be 0x3ab0) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4475 (4475), Seq: 2319435217, Ack: 1728956010, Len: 0 Source port: netbios-ssn (139) Destination port: 4475 (4475) Sequence number: 2319435217 Acknowledgement number: 1728956010 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd8a2 (incorrect, should be 0xcefd) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 05 40 00 7f 06 44 55 ac 10 86 bf ac a8 .0..@...DU...... 0020 00 9a 00 8b 11 7b 8a 3f c5 d1 67 0d c6 6a 70 12 .....{.?..g..jp. 0030 44 70 d8 a2 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 980 (94 bytes on wire, 94 bytes captured) Arrival Time: Mar 4, 2003 18:38:23.339784000 Time delta from previous packet: 0.392340000 seconds Time relative to first packet: 322213.814580000 seconds Frame Number: 980 Packet Length: 94 bytes Capture Length: 94 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 00000000000000000000000000000000... Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0cc4 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x579f (incorrect, should be 0x4dfa) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4475 (4475), Dst Port: netbios-ssn (139), Seq: 1728956010, Ack: 0, Len: 0 Source port: 4475 (4475) Destination port: netbios-ssn (139) Sequence number: 1728956010 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 512 Checksum: 0x97f5 (incorrect, should be 0x8e50) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0c c4 00 00 80 06 57 9f ac a8 00 9a ac 10 .(......W....... 0020 86 bf 11 7b 00 8b 67 0d c6 6a 00 00 00 00 50 04 ...{..g..j....P. 0030 02 00 97 f5 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. Frame 1152 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:45.864034000 Time delta from previous packet: 0.000008000 seconds Time relative to first packet: 322236.338830000 seconds Frame Number: 1152 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0cdb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x3b46 (incorrect, should be 0x31a1) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2832 (2832), Dst Port: netbios-ssn (139), Seq: 1841405682, Ack: 0, Len: 0 Source port: 2832 (2832) Destination port: netbios-ssn (139) Sequence number: 1841405682 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0xa838 (incorrect, should be 0x9e93) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 0c db 40 00 6b 06 3b 46 d2 16 cc 65 ac 10 .0..@.k.;F...e.. 0020 86 bf 0b 10 00 8b 6d c1 9e f2 00 00 00 00 70 02 ......m.......p. 0030 fa f0 a8 38 00 00 02 04 05 b4 01 01 04 02 ...8.......... Frame 1154 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:45.864051000 Time delta from previous packet: 0.000008000 seconds Time relative to first packet: 322236.338847000 seconds Frame Number: 1154 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0cdc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x2c7f (incorrect, should be 0x22da) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2833 (2833), Dst Port: netbios-ssn (139), Seq: 1841468866, Ack: 0, Len: 0 Source port: 2833 (2833) Destination port: netbios-ssn (139) Sequence number: 1841468866 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0xa2a0 (incorrect, should be 0x98fb) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 0c dc 40 00 6b 06 2c 7f ac a8 00 9a ac 10 .0..@.k.,....... 0020 86 bf 0b 11 00 8b 6d c2 95 c2 00 00 00 00 70 02 ......m.......p. 0030 fa f0 a2 a0 00 00 02 04 05 b4 01 01 04 02 .............. Frame 1156 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:45.871691000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 322236.346487000 seconds Frame Number: 1156 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe162 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x52be (incorrect, should be 0x4919) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2832 (2832), Seq: 2327450750, Ack: 1841405683, Len: 0 Source port: netbios-ssn (139) Destination port: 2832 (2832) Sequence number: 2327450750 Acknowledgement number: 1841405683 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbf6f (incorrect, should be 0xb5ca) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 62 40 00 7f 06 52 be ac 10 86 bf d2 16 .0.b@...R....... 0020 cc 65 00 8b 0b 10 8a ba 14 7e 6d c1 9e f3 70 12 .e.......~m...p. 0030 44 70 bf 6f 00 00 02 04 05 b4 01 01 04 02 Dp.o.......... Frame 1158 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:45.871694000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 322236.346490000 seconds Frame Number: 1158 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe164 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43f6 (incorrect, should be 0x3a51) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2833 (2833), Seq: 2327531662, Ack: 1841468867, Len: 0 Source port: netbios-ssn (139) Destination port: 2833 (2833) Sequence number: 2327531662 Acknowledgement number: 1841468867 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7dc6 (incorrect, should be 0x7421) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 64 40 00 7f 06 43 f6 ac 10 86 bf ac a8 .0.d@...C....... 0020 00 9a 00 8b 0b 11 8a bb 50 8e 6d c2 95 c3 70 12 ........P.m...p. 0030 44 70 7d c6 00 00 02 04 05 b4 01 01 04 02 Dp}........... Frame 1160 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:46.122975000 Time delta from previous packet: 0.128656000 seconds Time relative to first packet: 322236.597771000 seconds Frame Number: 1160 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0d5a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x3acf (incorrect, should be 0x312a) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2832 (2832), Dst Port: netbios-ssn (139), Seq: 1841405683, Ack: 2327450751, Len: 0 Source port: 2832 (2832) Destination port: netbios-ssn (139) Sequence number: 1841405683 Acknowledgement number: 2327450751 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x35b3 (incorrect, should be 0x2c0e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0d 5a 40 00 6b 06 3a cf d2 16 cc 65 ac 10 .(.Z@.k.:....e.. 0020 86 bf 0b 10 00 8b 6d c1 9e f3 8a ba 14 7f 50 10 ......m.......P. 0030 fa f0 35 b3 00 00 00 00 00 00 00 00 ..5......... Frame 1161 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 18:38:46.122992000 Time delta from previous packet: 0.000017000 seconds Time relative to first packet: 322236.597788000 seconds Frame Number: 1161 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0d5b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x3a86 (incorrect, should be 0x30e1) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2832 (2832), Dst Port: netbios-ssn (139), Seq: 1841405683, Ack: 2327450751, Len: 72 Source port: 2832 (2832) Destination port: netbios-ssn (139) Sequence number: 1841405683 Next sequence number: 1841405755 Acknowledgement number: 2327450751 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x0198 (incorrect, should be 0xf7f2) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: *SMBSERVER<20> (Server service) Calling name: ST-111<00> (Workstation/Redirector) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 0d 5b 40 00 6b 06 3a 86 d2 16 cc 65 ac 10 .p.[@.k.:....e.. 0020 86 bf 0b 10 00 8b 6d c1 9e f3 8a ba 14 7f 50 18 ......m.......P. 0030 fa f0 01 98 00 00 81 00 00 44 20 43 4b 46 44 45 .........D CKFDE 0040 4e 45 43 46 44 45 46 46 43 46 47 45 46 46 43 43 NECFDEFFCFGEFFCC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 46 44 46 ACACACACACA. FDF 0060 45 43 4e 44 42 44 42 44 42 43 41 43 41 43 41 43 ECNDBDBDBCACACAC 0070 41 43 41 43 41 43 41 43 41 43 41 41 41 00 ACACACACACAAA. Frame 1163 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:46.124584000 Time delta from previous packet: 0.001584000 seconds Time relative to first packet: 322236.599380000 seconds Frame Number: 1163 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0d85 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x3aa4 (incorrect, should be 0x30ff) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2832 (2832), Dst Port: netbios-ssn (139), Seq: 1841405755, Ack: 2327494613, Len: 0 Source port: 2832 (2832) Destination port: netbios-ssn (139) Sequence number: 1841405755 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x8511 (incorrect, should be 0x7b6c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0d 85 40 00 6b 06 3a a4 d2 16 cc 65 ac 10 .(..@.k.:....e.. 0020 86 bf 0b 10 00 8b 6d c1 9f 3b 8a ba bf d5 50 04 ......m..;....P. 0030 00 00 85 11 00 00 00 00 00 00 00 00 ............ Frame 1164 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:46.131200000 Time delta from previous packet: 0.006616000 seconds Time relative to first packet: 322236.605996000 seconds Frame Number: 1164 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xe165 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x52bf (incorrect, should be 0x491a) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2832 (2832), Seq: 2327450751, Ack: 1841405755, Len: 4 Source port: netbios-ssn (139) Destination port: 2832 (2832) Sequence number: 2327450751 Next sequence number: 2327450755 Acknowledgement number: 1841405755 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x6a27 (incorrect, should be 0x6082) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c e1 65 40 00 7f 06 52 bf ac 10 86 bf d2 16 .,.e@...R....... 0020 cc 65 00 8b 0b 10 8a ba 14 7f 6d c1 9f 3b 50 18 .e........m..;P. 0030 44 28 6a 27 00 00 82 00 00 00 00 00 D(j'........ Frame 1167 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:46.402650000 Time delta from previous packet: 0.235108000 seconds Time relative to first packet: 322236.877446000 seconds Frame Number: 1167 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0e3d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x79ec (incorrect, should be 0x7047) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2832 (2832), Dst Port: netbios-ssn (139), Seq: 1841405755, Ack: 1841405755, Len: 0 Source port: 2832 (2832) Destination port: netbios-ssn (139) Sequence number: 1841405755 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc2a4 (incorrect, should be 0xb8ff) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0e 3d 00 00 6b 06 79 ec d2 16 cc 65 ac 10 .(.=..k.y....e.. 0020 86 bf 0b 10 00 8b 6d c1 9f 3b 6d c1 9f 3b 50 04 ......m..;m..;P. 0030 00 00 c2 a4 00 00 00 00 00 00 00 00 ............ Frame 1181 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:47.895180000 Time delta from previous packet: 0.000025000 seconds Time relative to first packet: 322238.369976000 seconds Frame Number: 1181 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x114a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x36d7 (incorrect, should be 0x2d32) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2928 (2928), Dst Port: netbios-ssn (139), Seq: 1846668557, Ack: 0, Len: 0 Source port: 2928 (2928) Destination port: netbios-ssn (139) Sequence number: 1846668557 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x596d (incorrect, should be 0x4fc8) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 11 4a 40 00 6b 06 36 d7 d2 16 cc 65 ac 10 .0.J@.k.6....e.. 0020 86 bf 0b 70 00 8b 6e 11 ed 0d 00 00 00 00 70 02 ...p..n.......p. 0030 fa f0 59 6d 00 00 02 04 05 b4 01 01 04 02 ..Ym.......... Frame 1182 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:47.895275000 Time delta from previous packet: 0.000095000 seconds Time relative to first packet: 322238.370071000 seconds Frame Number: 1182 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x1162 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x27f9 (incorrect, should be 0x1e54) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2929 (2929), Dst Port: netbios-ssn (139), Seq: 1846727546, Ack: 0, Len: 0 Source port: 2929 (2929) Destination port: netbios-ssn (139) Sequence number: 1846727546 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x6438 (incorrect, should be 0x5a93) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 11 62 40 00 6b 06 27 f9 ac a8 00 9a ac 10 .0.b@.k.'....... 0020 86 bf 0b 71 00 8b 6e 12 d3 7a 00 00 00 00 70 02 ...q..n..z....p. 0030 fa f0 64 38 00 00 02 04 05 b4 01 01 04 02 ..d8.......... Frame 1184 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:47.901667000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 322238.376463000 seconds Frame Number: 1184 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe16e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x52b2 (incorrect, should be 0x490d) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2928 (2928), Seq: 2328132596, Ack: 1846668558, Len: 0 Source port: netbios-ssn (139) Destination port: 2928 (2928) Sequence number: 2328132596 Acknowledgement number: 1846668558 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x0924 (incorrect, should be 0xff7e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 6e 40 00 7f 06 52 b2 ac 10 86 bf d2 16 .0.n@...R....... 0020 cc 65 00 8b 0b 70 8a c4 7b f4 6e 11 ed 0e 70 12 .e...p..{.n...p. 0030 44 70 09 24 00 00 02 04 05 b4 01 01 04 02 Dp.$.......... Frame 1185 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:47.901669000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 322238.376465000 seconds Frame Number: 1185 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe16f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43eb (incorrect, should be 0x3a46) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2929 (2929), Seq: 2328189270, Ack: 1846727547, Len: 0 Source port: netbios-ssn (139) Destination port: 2929 (2929) Sequence number: 2328189270 Acknowledgement number: 1846727547 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x368c (incorrect, should be 0x2ce7) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 6f 40 00 7f 06 43 eb ac 10 86 bf ac a8 .0.o@...C....... 0020 00 9a 00 8b 0b 71 8a c5 59 56 6e 12 d3 7b 70 12 .....q..YVn..{p. 0030 44 70 36 8c 00 00 02 04 05 b4 01 01 04 02 Dp6........... Frame 1190 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:38:48.133739000 Time delta from previous packet: 0.008799000 seconds Time relative to first packet: 322238.608535000 seconds Frame Number: 1190 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x1241 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x75e8 (incorrect, should be 0x6c43) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2928 (2928), Dst Port: netbios-ssn (139), Seq: 1846668558, Ack: 1846668558, Len: 0 Source port: 2928 (2928) Destination port: netbios-ssn (139) Sequence number: 1846668558 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x25fe (incorrect, should be 0x1c59) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 12 41 00 00 6b 06 75 e8 d2 16 cc 65 ac 10 .(.A..k.u....e.. 0020 86 bf 0b 70 00 8b 6e 11 ed 0e 6e 11 ed 0e 50 04 ...p..n...n...P. 0030 00 00 25 fe 00 00 00 00 00 00 00 00 ..%......... Frame 1195 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:48.844345000 Time delta from previous packet: 0.242608000 seconds Time relative to first packet: 322239.319141000 seconds Frame Number: 1195 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe174 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43e6 (incorrect, should be 0x3a41) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2833 (2833), Seq: 2327531662, Ack: 1841468867, Len: 0 Source port: netbios-ssn (139) Destination port: 2833 (2833) Sequence number: 2327531662 Acknowledgement number: 1841468867 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7dc6 (incorrect, should be 0x7421) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 74 40 00 7f 06 43 e6 ac 10 86 bf ac a8 .0.t@...C....... 0020 00 9a 00 8b 0b 11 8a bb 50 8e 6d c2 95 c3 70 12 ........P.m...p. 0030 44 70 7d c6 00 00 02 04 05 b4 01 01 04 02 Dp}........... Frame 1222 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:50.838071000 Time delta from previous packet: 0.106639000 seconds Time relative to first packet: 322241.312867000 seconds Frame Number: 1222 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe180 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43da (incorrect, should be 0x3a35) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2929 (2929), Seq: 2328189270, Ack: 1846727547, Len: 0 Source port: netbios-ssn (139) Destination port: 2929 (2929) Sequence number: 2328189270 Acknowledgement number: 1846727547 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x368c (incorrect, should be 0x2ce7) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 80 40 00 7f 06 43 da ac 10 86 bf ac a8 .0..@...C....... 0020 00 9a 00 8b 0b 71 8a c5 59 56 6e 12 d3 7b 70 12 .....q..YVn..{p. 0030 44 70 36 8c 00 00 02 04 05 b4 01 01 04 02 Dp6........... Frame 1274 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:54.851712000 Time delta from previous packet: 0.079886000 seconds Time relative to first packet: 322245.326508000 seconds Frame Number: 1274 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe199 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43c1 (incorrect, should be 0x3a1c) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2833 (2833), Seq: 2327531662, Ack: 1841468867, Len: 0 Source port: netbios-ssn (139) Destination port: 2833 (2833) Sequence number: 2327531662 Acknowledgement number: 1841468867 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7dc6 (incorrect, should be 0x7421) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 99 40 00 7f 06 43 c1 ac 10 86 bf ac a8 .0..@...C....... 0020 00 9a 00 8b 0b 11 8a bb 50 8e 6d c2 95 c3 70 12 ........P.m...p. 0030 44 70 7d c6 00 00 02 04 05 b4 01 01 04 02 Dp}........... Frame 1278 (94 bytes on wire, 94 bytes captured) Arrival Time: Mar 4, 2003 18:38:55.219125000 Time delta from previous packet: 0.205393000 seconds Time relative to first packet: 322245.693921000 seconds Frame Number: 1278 Packet Length: 94 bytes Capture Length: 94 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 00000000000000000000000000000000... Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0cc8 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x579b (incorrect, should be 0x4df6) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2833 (2833), Dst Port: netbios-ssn (139), Seq: 1841468867, Ack: 0, Len: 0 Source port: 2833 (2833) Destination port: netbios-ssn (139) Sequence number: 1841468867 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 512 Checksum: 0xc851 (incorrect, should be 0xbeac) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0c c8 00 00 80 06 57 9b ac a8 00 9a ac 10 .(......W....... 0020 86 bf 0b 11 00 8b 6d c2 95 c3 00 00 00 00 50 04 ......m.......P. 0030 02 00 c8 51 00 00 00 00 00 00 00 00 00 00 00 00 ...Q............ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. Frame 1300 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:38:56.871443000 Time delta from previous packet: 0.162870000 seconds Time relative to first packet: 322247.346239000 seconds Frame Number: 1300 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe1a5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x43b5 (incorrect, should be 0x3a10) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2929 (2929), Seq: 2328189270, Ack: 1846727547, Len: 0 Source port: netbios-ssn (139) Destination port: 2929 (2929) Sequence number: 2328189270 Acknowledgement number: 1846727547 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x368c (incorrect, should be 0x2ce7) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 a5 40 00 7f 06 43 b5 ac 10 86 bf ac a8 .0..@...C....... 0020 00 9a 00 8b 0b 71 8a c5 59 56 6e 12 d3 7b 70 12 .....q..YVn..{p. 0030 44 70 36 8c 00 00 02 04 05 b4 01 01 04 02 Dp6........... Frame 1306 (94 bytes on wire, 94 bytes captured) Arrival Time: Mar 4, 2003 18:38:57.216812000 Time delta from previous packet: 0.221077000 seconds Time relative to first packet: 322247.691608000 seconds Frame Number: 1306 Packet Length: 94 bytes Capture Length: 94 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 00000000000000000000000000000000... Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0cc9 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x579a (incorrect, should be 0x4df5) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2929 (2929), Dst Port: netbios-ssn (139), Seq: 1846727547, Ack: 0, Len: 0 Source port: 2929 (2929) Destination port: netbios-ssn (139) Sequence number: 1846727547 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 512 Checksum: 0x89e9 (incorrect, should be 0x8044) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0c c9 00 00 80 06 57 9a ac a8 00 9a ac 10 .(......W....... 0020 86 bf 0b 71 00 8b 6e 12 d3 7b 00 00 00 00 50 04 ...q..n..{....P. 0030 02 00 89 e9 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. Frame 1359 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:39:02.990331000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 322253.465127000 seconds Frame Number: 1359 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x35ab Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x03b0 (incorrect, should be 0xfa0a) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3947 (3947), Dst Port: netbios-ssn (139), Seq: 1900609612, Ack: 0, Len: 0 Source port: 3947 (3947) Destination port: netbios-ssn (139) Sequence number: 1900609612 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x3036 (incorrect, should be 0x2691) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 35 ab 40 00 6b 06 03 b0 ac a8 00 9a ac 10 .05.@.k......... 0020 86 bf 0f 6b 00 8b 71 49 00 4c 00 00 00 00 70 02 ...k..qI.L....p. 0030 fa f0 30 36 00 00 02 04 05 b4 01 01 04 02 ..06.......... Frame 1360 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:39:02.990332000 Time delta from previous packet: 0.000001000 seconds Time relative to first packet: 322253.465128000 seconds Frame Number: 1360 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x35aa Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x1277 (incorrect, should be 0x08d2) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3946 (3946), Dst Port: netbios-ssn (139), Seq: 1900547045, Ack: 0, Len: 0 Source port: 3946 (3946) Destination port: netbios-ssn (139) Sequence number: 1900547045 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x3365 (incorrect, should be 0x29c0) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 35 aa 40 00 6b 06 12 77 d2 16 cc 65 ac 10 .05.@.k..w...e.. 0020 86 bf 0f 6a 00 8b 71 48 0b e5 00 00 00 00 70 02 ...j..qH......p. 0030 fa f0 33 65 00 00 02 04 05 b4 01 01 04 02 ..3e.......... Frame 1361 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:39:02.990335000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 322253.465131000 seconds Frame Number: 1361 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe1c2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4398 (incorrect, should be 0x39f3) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3947 (3947), Seq: 2331980576, Ack: 1900609613, Len: 0 Source port: netbios-ssn (139) Destination port: 3947 (3947) Sequence number: 2331980576 Acknowledgement number: 1900609613 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x2886 (incorrect, should be 0x1ee1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 c2 40 00 7f 06 43 98 ac 10 86 bf ac a8 .0..@...C....... 0020 00 9a 00 8b 0f 6b 8a ff 33 20 71 49 00 4d 70 12 .....k..3 qI.Mp. 0030 44 70 28 86 00 00 02 04 05 b4 01 01 04 02 Dp(........... Frame 1362 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:39:02.990336000 Time delta from previous packet: 0.000001000 seconds Time relative to first packet: 322253.465132000 seconds Frame Number: 1362 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 210.22.204.101 (210.22.204.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe1c3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x525d (incorrect, should be 0x48b8) Source: 172.16.134.191 (172.16.134.191) Destination: 210.22.204.101 (210.22.204.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3946 (3946), Seq: 2332025644, Ack: 1900547046, Len: 0 Source port: netbios-ssn (139) Destination port: 3946 (3946) Sequence number: 2332025644 Acknowledgement number: 1900547046 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7ba8 (incorrect, should be 0x7203) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 c3 40 00 7f 06 52 5d ac 10 86 bf d2 16 .0..@...R]...... 0020 cc 65 00 8b 0f 6a 8a ff e3 2c 71 48 0b e6 70 12 .e...j...,qH..p. 0030 44 70 7b a8 00 00 02 04 05 b4 01 01 04 02 Dp{........... Frame 1366 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:39:03.227066000 Time delta from previous packet: 0.007730000 seconds Time relative to first packet: 322253.701862000 seconds Frame Number: 1366 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 210.22.204.101 (210.22.204.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x3638 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x51f1 (incorrect, should be 0x484c) Source: 210.22.204.101 (210.22.204.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3946 (3946), Dst Port: netbios-ssn (139), Seq: 1900547046, Ack: 1900547046, Len: 0 Source port: 3946 (3946) Destination port: netbios-ssn (139) Sequence number: 1900547046 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xdde7 (incorrect, should be 0xd442) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 36 38 00 00 6b 06 51 f1 d2 16 cc 65 ac 10 .(68..k.Q....e.. 0020 86 bf 0f 6a 00 8b 71 48 0b e6 71 48 0b e6 50 04 ...j..qH..qH..P. 0030 00 00 dd e7 00 00 00 00 00 00 00 00 ............ Frame 1389 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:39:05.929507000 Time delta from previous packet: 0.049329000 seconds Time relative to first packet: 322256.404303000 seconds Frame Number: 1389 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 172.168.0.154 (172.168.0.154) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe1d1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4389 (incorrect, should be 0x39e4) Source: 172.16.134.191 (172.16.134.191) Destination: 172.168.0.154 (172.168.0.154) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3947 (3947), Seq: 2331980576, Ack: 1900609613, Len: 0 Source port: netbios-ssn (139) Destination port: 3947 (3947) Sequence number: 2331980576 Acknowledgement number: 1900609613 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x2886 (incorrect, should be 0x1ee1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e1 d1 40 00 7f 06 43 89 ac 10 86 bf ac a8 .0..@...C....... 0020 00 9a 00 8b 0f 6b 8a ff 33 20 71 49 00 4d 70 12 .....k..3 qI.Mp. 0030 44 70 28 86 00 00 02 04 05 b4 01 01 04 02 Dp(........... Frame 1631 (94 bytes on wire, 94 bytes captured) Arrival Time: Mar 4, 2003 18:39:12.096245000 Time delta from previous packet: 0.066791000 seconds Time relative to first packet: 322262.571041000 seconds Frame Number: 1631 Packet Length: 94 bytes Capture Length: 94 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 00000000000000000000000000000000... Internet Protocol, Src Addr: 172.168.0.154 (172.168.0.154), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0ccc Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x5797 (incorrect, should be 0x4df2) Source: 172.168.0.154 (172.168.0.154) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3947 (3947), Dst Port: netbios-ssn (139), Seq: 1900609613, Ack: 0, Len: 0 Source port: 3947 (3947) Destination port: netbios-ssn (139) Sequence number: 1900609613 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 512 Checksum: 0x55e7 (incorrect, should be 0x4c42) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 0c cc 00 00 80 06 57 97 ac a8 00 9a ac 10 .(......W....... 0020 86 bf 0f 6b 00 8b 71 49 00 4d 00 00 00 00 50 04 ...k..qI.M....P. 0030 02 00 55 e7 00 00 00 00 00 00 00 00 00 00 00 00 ..U............. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. Frame 2045 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.581758000 Time delta from previous packet: 0.183492000 seconds Time relative to first packet: 322398.056554000 seconds Frame Number: 2045 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.78.103.67 (200.78.103.67), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xb167 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xffa3 (incorrect, should be 0xf5fe) Source: 200.78.103.67 (200.78.103.67) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1308 (1308), Dst Port: netbios-ssn (139), Seq: 36852038, Ack: 0, Len: 0 Source port: 1308 (1308) Destination port: netbios-ssn (139) Sequence number: 36852038 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xb14b (incorrect, should be 0xa7a6) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 b1 67 40 00 71 06 ff a3 c8 4e 67 43 ac 10 .0.g@.q....NgC.. 0020 86 bf 05 1c 00 8b 02 32 51 46 00 00 00 00 70 02 .......2QF....p. 0030 20 00 b1 4b 00 00 02 04 05 ac 01 01 04 02 ..K.......... Frame 2046 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.586612000 Time delta from previous packet: 0.004854000 seconds Time relative to first packet: 322398.061408000 seconds Frame Number: 2046 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.78.103.67 (200.78.103.67) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe342 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbfc8 (incorrect, should be 0xb623) Source: 172.16.134.191 (172.16.134.191) Destination: 200.78.103.67 (200.78.103.67) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1308 (1308), Seq: 2369151756, Ack: 36852039, Len: 0 Source port: netbios-ssn (139) Destination port: 1308 (1308) Sequence number: 2369151756 Acknowledgement number: 36852039 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x9cdf (incorrect, should be 0x933a) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 e3 42 40 00 7f 06 bf c8 ac 10 86 bf c8 4e .0.B@..........N 0020 67 43 00 8b 05 1c 8d 36 63 0c 02 32 51 47 70 12 gC.....6c..2QGp. 0030 44 10 9c df 00 00 02 04 05 b4 01 01 04 02 D............. Frame 2047 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.732087000 Time delta from previous packet: 0.145475000 seconds Time relative to first packet: 322398.206883000 seconds Frame Number: 2047 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 200.78.103.67 (200.78.103.67), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xb567 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xfbab (incorrect, should be 0xf206) Source: 200.78.103.67 (200.78.103.67) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1308 (1308), Dst Port: netbios-ssn (139), Seq: 36852039, Ack: 2369151757, Len: 0 Source port: 1308 (1308) Destination port: netbios-ssn (139) Sequence number: 36852039 Acknowledgement number: 2369151757 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0xebab (incorrect, should be 0xe206) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 b5 67 40 00 71 06 fb ab c8 4e 67 43 ac 10 .(.g@.q....NgC.. 0020 86 bf 05 1c 00 8b 02 32 51 47 8d 36 63 0d 50 10 .......2QG.6c.P. 0030 22 08 eb ab 00 00 00 00 00 00 00 00 "........... Frame 2048 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.742189000 Time delta from previous packet: 0.010102000 seconds Time relative to first packet: 322398.216985000 seconds Frame Number: 2048 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.78.103.67 (200.78.103.67), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xb667 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xfa63 (incorrect, should be 0xf0be) Source: 200.78.103.67 (200.78.103.67) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1308 (1308), Dst Port: netbios-ssn (139), Seq: 36852039, Ack: 2369151757, Len: 72 Source port: 1308 (1308) Destination port: netbios-ssn (139) Sequence number: 36852039 Next sequence number: 36852111 Acknowledgement number: 2369151757 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0x9b90 (incorrect, should be 0x91eb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 b6 67 40 00 71 06 fa 63 c8 4e 67 43 ac 10 .p.g@.q..c.NgC.. 0020 86 bf 05 1c 00 8b 02 32 51 47 8d 36 63 0d 50 18 .......2QG.6c.P. 0030 22 08 9b 90 00 00 81 00 00 44 20 46 44 45 43 45 "........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 2049 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.745740000 Time delta from previous packet: 0.003551000 seconds Time relative to first packet: 322398.220536000 seconds Frame Number: 2049 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.78.103.67 (200.78.103.67) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xe343 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbfcb (incorrect, should be 0xb626) Source: 172.16.134.191 (172.16.134.191) Destination: 200.78.103.67 (200.78.103.67) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1308 (1308), Seq: 2369151757, Ack: 36852111, Len: 4 Source port: netbios-ssn (139) Destination port: 1308 (1308) Sequence number: 2369151757 Next sequence number: 2369151761 Acknowledgement number: 36852111 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0x4797 (incorrect, should be 0x3df2) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c e3 43 40 00 7f 06 bf cb ac 10 86 bf c8 4e .,.C@..........N 0020 67 43 00 8b 05 1c 8d 36 63 0d 02 32 51 8f 50 18 gC.....6c..2Q.P. 0030 43 c8 47 97 00 00 82 00 00 00 00 00 C.G......... Frame 2050 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.902476000 Time delta from previous packet: 0.156736000 seconds Time relative to first packet: 322398.377272000 seconds Frame Number: 2050 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.78.103.67 (200.78.103.67), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xba67 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xf66d (incorrect, should be 0xecc8) Source: 200.78.103.67 (200.78.103.67) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1308 (1308), Dst Port: netbios-ssn (139), Seq: 36852111, Ack: 2369151761, Len: 62 Source port: 1308 (1308) Destination port: netbios-ssn (139) Sequence number: 36852111 Next sequence number: 36852173 Acknowledgement number: 2369151761 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8708 Checksum: 0x5797 (incorrect, should be 0x6df1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 ba 67 40 00 71 06 f6 6d c8 4e 67 43 ac 10 .f.g@.q..m.NgC.. 0020 86 bf 05 1c 00 8b 02 32 51 8f 8d 36 63 11 50 18 .......2Q..6c.P. 0030 22 04 57 97 00 00 00 00 00 3a ff 53 4d 42 75 00 ".W......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 2051 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 18:41:27.906137000 Time delta from previous packet: 0.003661000 seconds Time relative to first packet: 322398.380933000 seconds Frame Number: 2051 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.78.103.67 (200.78.103.67) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe344 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbfce (incorrect, should be 0xb629) Source: 172.16.134.191 (172.16.134.191) Destination: 200.78.103.67 (200.78.103.67) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1308 (1308), Seq: 2369151761, Ack: 36852111, Len: 0 Source port: netbios-ssn (139) Destination port: 1308 (1308) Sequence number: 2369151761 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0d74 (incorrect, should be 0x03cf) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 e3 44 40 00 7f 06 bf ce ac 10 86 bf c8 4e .(.D@..........N 0020 67 43 00 8b 05 1c 8d 36 63 11 02 32 51 8f 50 04 gC.....6c..2Q.P. 0030 00 00 0d 74 00 00 00 00 00 00 00 00 ...t........ Frame 20908 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 22:34:47.961637000 Time delta from previous packet: 0.948794000 seconds Time relative to first packet: 336398.436433000 seconds Frame Number: 20908 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.217.55.243 (213.217.55.243), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe497 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xf438 (incorrect, should be 0xea93) Source: 213.217.55.243 (213.217.55.243) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3312 (3312), Dst Port: netbios-ssn (139), Seq: 1596090834, Ack: 0, Len: 0 Source port: 3312 (3312) Destination port: netbios-ssn (139) Sequence number: 1596090834 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 1072 Checksum: 0x7524 (incorrect, should be 0x6b7f) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e4 97 40 00 6b 06 f4 38 d5 d9 37 f3 ac 10 .0..@.k..8..7... 0020 86 bf 0c f0 00 8b 5f 22 69 d2 00 00 00 00 70 02 ......_"i.....p. 0030 04 30 75 24 00 00 02 04 02 18 01 01 04 02 .0u$.......... Frame 20909 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 22:34:47.967182000 Time delta from previous packet: 0.005545000 seconds Time relative to first packet: 336398.441978000 seconds Frame Number: 20909 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.217.55.243 (213.217.55.243) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x55e9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6ee7 (incorrect, should be 0x6542) Source: 172.16.134.191 (172.16.134.191) Destination: 213.217.55.243 (213.217.55.243) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3312 (3312), Seq: 1576923138, Ack: 1596090835, Len: 0 Source port: netbios-ssn (139) Destination port: 3312 (3312) Sequence number: 1576923138 Acknowledgement number: 1596090835 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xe6be (incorrect, should be 0xdd19) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 55 e9 40 00 7f 06 6e e7 ac 10 86 bf d5 d9 .0U.@...n....... 0020 37 f3 00 8b 0c f0 5d fd f0 02 5f 22 69 d3 70 12 7.....]..._"i.p. 0030 40 e8 e6 be 00 00 02 04 05 b4 01 01 04 02 @............. Frame 20910 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 22:34:48.808007000 Time delta from previous packet: 0.840825000 seconds Time relative to first packet: 336399.282803000 seconds Frame Number: 20910 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 213.217.55.243 (213.217.55.243), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xfe97 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xda40 (incorrect, should be 0xd09b) Source: 213.217.55.243 (213.217.55.243) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3312 (3312), Dst Port: netbios-ssn (139), Seq: 1596090835, Ack: 1576923139, Len: 0 Source port: 3312 (3312) Destination port: netbios-ssn (139) Sequence number: 1596090835 Acknowledgement number: 1576923139 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1072 Checksum: 0x503b (incorrect, should be 0x4696) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 fe 97 40 00 6b 06 da 40 d5 d9 37 f3 ac 10 .(..@.k..@..7... 0020 86 bf 0c f0 00 8b 5f 22 69 d3 5d fd f0 03 50 10 ......_"i.]...P. 0030 04 30 50 3b 00 00 00 00 00 00 00 00 .0P;........ Frame 20911 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 22:34:48.837744000 Time delta from previous packet: 0.029737000 seconds Time relative to first packet: 336399.312540000 seconds Frame Number: 20911 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.217.55.243 (213.217.55.243), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0098 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xd7f8 (incorrect, should be 0xce53) Source: 213.217.55.243 (213.217.55.243) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3312 (3312), Dst Port: netbios-ssn (139), Seq: 1596090835, Ack: 1576923139, Len: 72 Source port: 3312 (3312) Destination port: netbios-ssn (139) Sequence number: 1596090835 Next sequence number: 1596090907 Acknowledgement number: 1576923139 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x07d6 (incorrect, should be 0xfe30) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 00 98 40 00 6b 06 d7 f8 d5 d9 37 f3 ac 10 .p..@.k.....7... 0020 86 bf 0c f0 00 8b 5f 22 69 d3 5d fd f0 03 50 18 ......_"i.]...P. 0030 21 80 07 d6 00 00 81 00 00 44 20 46 44 45 43 45 !........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 20912 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 22:34:48.842782000 Time delta from previous packet: 0.005038000 seconds Time relative to first packet: 336399.317578000 seconds Frame Number: 20912 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.217.55.243 (213.217.55.243) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x5605 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6ecf (incorrect, should be 0x652a) Source: 172.16.134.191 (172.16.134.191) Destination: 213.217.55.243 (213.217.55.243) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3312 (3312), Seq: 1576923139, Ack: 1596090907, Len: 4 Source port: netbios-ssn (139) Destination port: 3312 (3312) Sequence number: 1576923139 Next sequence number: 1576923143 Acknowledgement number: 1596090907 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x9176 (incorrect, should be 0x87d1) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 56 05 40 00 7f 06 6e cf ac 10 86 bf d5 d9 .,V.@...n....... 0020 37 f3 00 8b 0c f0 5d fd f0 03 5f 22 6a 1b 50 18 7.....]..._"j.P. 0030 40 a0 91 76 00 00 82 00 00 00 00 00 @..v........ Frame 20913 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 22:34:49.674529000 Time delta from previous packet: 0.831747000 seconds Time relative to first packet: 336400.149325000 seconds Frame Number: 20913 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 213.217.55.243 (213.217.55.243), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x1b98 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xbd02 (incorrect, should be 0xb35d) Source: 213.217.55.243 (213.217.55.243) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3312 (3312), Dst Port: netbios-ssn (139), Seq: 1596090907, Ack: 1576923143, Len: 62 Source port: 3312 (3312) Destination port: netbios-ssn (139) Sequence number: 1596090907 Next sequence number: 1596090969 Acknowledgement number: 1576923143 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x9ed6 (incorrect, should be 0xb530) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 1b 98 40 00 6b 06 bd 02 d5 d9 37 f3 ac 10 .f..@.k.....7... 0020 86 bf 0c f0 00 8b 5f 22 6a 1b 5d fd f0 07 50 18 ......_"j.]...P. 0030 21 7c 9e d6 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 20914 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 22:34:49.689663000 Time delta from previous packet: 0.015134000 seconds Time relative to first packet: 336400.164459000 seconds Frame Number: 20914 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 213.217.55.243 (213.217.55.243) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x561b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6ebd (incorrect, should be 0x6518) Source: 172.16.134.191 (172.16.134.191) Destination: 213.217.55.243 (213.217.55.243) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3312 (3312), Seq: 1576923143, Ack: 3630793315, Len: 0 Source port: netbios-ssn (139) Destination port: 3312 (3312) Sequence number: 1576923143 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc29b (incorrect, should be 0xb8f6) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 56 1b 40 00 7f 06 6e bd ac 10 86 bf d5 d9 .(V.@...n....... 0020 37 f3 00 8b 0c f0 5d fd f0 07 d8 69 82 63 50 04 7.....]....i.cP. 0030 00 00 c2 9b 00 00 00 00 00 00 00 00 ............ Frame 20919 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.733848000 Time delta from previous packet: 0.080753000 seconds Time relative to first packet: 341125.208644000 seconds Frame Number: 20919 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.73.160.240 (66.73.160.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6768 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x95fb (incorrect, should be 0x8c56) Source: 66.73.160.240 (66.73.160.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1616 (1616), Dst Port: netbios-ssn (139), Seq: 20035467, Ack: 0, Len: 0 Source port: 1616 (1616) Destination port: netbios-ssn (139) Sequence number: 20035467 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x972b (incorrect, should be 0x8d86) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 67 68 40 00 71 06 95 fb 42 49 a0 f0 ac 10 .0gh@.q...BI.... 0020 86 bf 06 50 00 8b 01 31 b7 8b 00 00 00 00 70 02 ...P...1......p. 0030 20 00 97 2b 00 00 02 04 05 ac 01 01 04 02 ..+.......... Frame 20920 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.738862000 Time delta from previous packet: 0.005014000 seconds Time relative to first packet: 341125.213658000 seconds Frame Number: 20920 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.73.160.240 (66.73.160.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2f1f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc044 (incorrect, should be 0xb69f) Source: 172.16.134.191 (172.16.134.191) Destination: 66.73.160.240 (66.73.160.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1616 (1616), Seq: 2758258447, Ack: 20035468, Len: 0 Source port: netbios-ssn (139) Destination port: 1616 (1616) Sequence number: 2758258447 Acknowledgement number: 20035468 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x1f8b (incorrect, should be 0x15e6) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 2f 1f 40 00 7f 06 c0 44 ac 10 86 bf 42 49 .0/.@....D....BI 0020 a0 f0 00 8b 06 50 a4 67 af 0f 01 31 b7 8c 70 12 .....P.g...1..p. 0030 44 10 1f 8b 00 00 02 04 05 b4 01 01 04 02 D............. Frame 20921 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.814222000 Time delta from previous packet: 0.075360000 seconds Time relative to first packet: 341125.289018000 seconds Frame Number: 20921 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.73.160.240 (66.73.160.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6a68 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x9303 (incorrect, should be 0x895e) Source: 66.73.160.240 (66.73.160.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1616 (1616), Dst Port: netbios-ssn (139), Seq: 20035468, Ack: 2758258448, Len: 0 Source port: 1616 (1616) Destination port: netbios-ssn (139) Sequence number: 20035468 Acknowledgement number: 2758258448 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0x6e57 (incorrect, should be 0x64b2) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 6a 68 40 00 71 06 93 03 42 49 a0 f0 ac 10 .(jh@.q...BI.... 0020 86 bf 06 50 00 8b 01 31 b7 8c a4 67 af 10 50 10 ...P...1...g..P. 0030 22 08 6e 57 00 00 00 00 00 00 00 00 ".nW........ Frame 20922 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.823712000 Time delta from previous packet: 0.009490000 seconds Time relative to first packet: 341125.298508000 seconds Frame Number: 20922 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.73.160.240 (66.73.160.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x6b68 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x91bb (incorrect, should be 0x8816) Source: 66.73.160.240 (66.73.160.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1616 (1616), Dst Port: netbios-ssn (139), Seq: 20035468, Ack: 2758258448, Len: 72 Source port: 1616 (1616) Destination port: netbios-ssn (139) Sequence number: 20035468 Next sequence number: 20035540 Acknowledgement number: 2758258448 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0x1e3c (incorrect, should be 0x1497) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 6b 68 40 00 71 06 91 bb 42 49 a0 f0 ac 10 .pkh@.q...BI.... 0020 86 bf 06 50 00 8b 01 31 b7 8c a4 67 af 10 50 18 ...P...1...g..P. 0030 22 08 1e 3c 00 00 81 00 00 44 20 46 44 45 43 45 "..<.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 20923 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.827470000 Time delta from previous packet: 0.003758000 seconds Time relative to first packet: 341125.302266000 seconds Frame Number: 20923 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.73.160.240 (66.73.160.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x2f20 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc047 (incorrect, should be 0xb6a2) Source: 172.16.134.191 (172.16.134.191) Destination: 66.73.160.240 (66.73.160.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1616 (1616), Seq: 2758258448, Ack: 20035540, Len: 4 Source port: netbios-ssn (139) Destination port: 1616 (1616) Sequence number: 2758258448 Next sequence number: 2758258452 Acknowledgement number: 20035540 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0xca42 (incorrect, should be 0xc09d) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 2f 20 40 00 7f 06 c0 47 ac 10 86 bf 42 49 .,/ @....G....BI 0020 a0 f0 00 8b 06 50 a4 67 af 10 01 31 b7 d4 50 18 .....P.g...1..P. 0030 43 c8 ca 42 00 00 82 00 00 00 00 00 C..B........ Frame 20924 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.904075000 Time delta from previous packet: 0.076605000 seconds Time relative to first packet: 341125.378871000 seconds Frame Number: 20924 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.73.160.240 (66.73.160.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x6c68 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x90c5 (incorrect, should be 0x8720) Source: 66.73.160.240 (66.73.160.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1616 (1616), Dst Port: netbios-ssn (139), Seq: 20035540, Ack: 2758258452, Len: 62 Source port: 1616 (1616) Destination port: netbios-ssn (139) Sequence number: 20035540 Next sequence number: 20035602 Acknowledgement number: 2758258452 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8708 Checksum: 0xda42 (incorrect, should be 0xf09c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 6c 68 40 00 71 06 90 c5 42 49 a0 f0 ac 10 .flh@.q...BI.... 0020 86 bf 06 50 00 8b 01 31 b7 d4 a4 67 af 14 50 18 ...P...1...g..P. 0030 22 04 da 42 00 00 00 00 00 3a ff 53 4d 42 75 00 "..B.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 20925 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 4, 2003 23:53:34.908869000 Time delta from previous packet: 0.004794000 seconds Time relative to first packet: 341125.383665000 seconds Frame Number: 20925 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.73.160.240 (66.73.160.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x2f24 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xc047 (incorrect, should be 0xb6a2) Source: 172.16.134.191 (172.16.134.191) Destination: 66.73.160.240 (66.73.160.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1616 (1616), Seq: 2758258452, Ack: 3630793315, Len: 0 Source port: netbios-ssn (139) Destination port: 1616 (1616) Sequence number: 2758258452 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xee57 (incorrect, should be 0xe4b2) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 2f 24 40 00 7f 06 c0 47 ac 10 86 bf 42 49 .(/$@....G....BI 0020 a0 f0 00 8b 06 50 a4 67 af 14 d8 69 82 63 50 04 .....P.g...i.cP. 0030 00 00 ee 57 00 00 00 00 00 00 00 00 ...W........ Frame 20928 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 00:08:49.451252000 Time delta from previous packet: 0.793000000 seconds Time relative to first packet: 342039.926048000 seconds Frame Number: 20928 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.177.154.228 (61.177.154.228), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9dd2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x7035 (incorrect, should be 0x6690) Source: 61.177.154.228 (61.177.154.228) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1514 (1514), Dst Port: netbios-ssn (139), Seq: 9205092, Ack: 0, Len: 0 Source port: 1514 (1514) Destination port: netbios-ssn (139) Sequence number: 9205092 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xe4f9 (incorrect, should be 0xdb54) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 9d d2 40 00 6b 06 70 35 3d b1 9a e4 ac 10 .0..@.k.p5=..... 0020 86 bf 05 ea 00 8b 00 8c 75 64 00 00 00 00 70 02 ........ud....p. 0030 20 00 e4 f9 00 00 02 04 05 b4 01 01 04 02 ............. Frame 20929 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 00:08:49.451947000 Time delta from previous packet: 0.000695000 seconds Time relative to first packet: 342039.926743000 seconds Frame Number: 20929 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.177.154.228 (61.177.154.228) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8a78 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6f8f (incorrect, should be 0x65ea) Source: 172.16.134.191 (172.16.134.191) Destination: 61.177.154.228 (61.177.154.228) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1514 (1514), Seq: 2988013435, Ack: 9205093, Len: 0 Source port: netbios-ssn (139) Destination port: 1514 (1514) Sequence number: 2988013435 Acknowledgement number: 9205093 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x96e3 (incorrect, should be 0x8d3e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 8a 78 40 00 7f 06 6f 8f ac 10 86 bf 3d b1 .0.x@...o.....=. 0020 9a e4 00 8b 05 ea b2 19 77 7b 00 8c 75 65 70 12 ........w{..uep. 0030 44 70 96 e3 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 20930 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:08:50.271715000 Time delta from previous packet: 0.819768000 seconds Time relative to first packet: 342040.746511000 seconds Frame Number: 20930 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.177.154.228 (61.177.154.228), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xadd2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x603d (incorrect, should be 0x5698) Source: 61.177.154.228 (61.177.154.228) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1514 (1514), Dst Port: netbios-ssn (139), Seq: 9205093, Ack: 2988013436, Len: 0 Source port: 1514 (1514) Destination port: netbios-ssn (139) Sequence number: 9205093 Acknowledgement number: 2988013436 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe5df (incorrect, should be 0xdc3a) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ad d2 40 00 6b 06 60 3d 3d b1 9a e4 ac 10 .(..@.k.`==..... 0020 86 bf 05 ea 00 8b 00 8c 75 65 b2 19 77 7c 50 10 ........ue..w|P. 0030 22 38 e5 df 00 00 00 00 00 00 00 00 "8.......... Frame 20931 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 00:08:50.281552000 Time delta from previous packet: 0.009837000 seconds Time relative to first packet: 342040.756348000 seconds Frame Number: 20931 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.177.154.228 (61.177.154.228), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xaed2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x5ef5 (incorrect, should be 0x5550) Source: 61.177.154.228 (61.177.154.228) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1514 (1514), Dst Port: netbios-ssn (139), Seq: 9205093, Ack: 2988013436, Len: 72 Source port: 1514 (1514) Destination port: netbios-ssn (139) Sequence number: 9205093 Next sequence number: 9205165 Acknowledgement number: 2988013436 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xbaca (incorrect, should be 0xb125) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ae d2 40 00 6b 06 5e f5 3d b1 9a e4 ac 10 .p..@.k.^.=..... 0020 86 bf 05 ea 00 8b 00 8c 75 65 b2 19 77 7c 50 18 ........ue..w|P. 0030 22 38 ba ca 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 20932 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:08:50.282198000 Time delta from previous packet: 0.000646000 seconds Time relative to first packet: 342040.756994000 seconds Frame Number: 20932 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.177.154.228 (61.177.154.228) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x8a8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6f7d (incorrect, should be 0x65d8) Source: 172.16.134.191 (172.16.134.191) Destination: 61.177.154.228 (61.177.154.228) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1514 (1514), Seq: 2988013436, Ack: 9205165, Len: 4 Source port: netbios-ssn (139) Destination port: 1514 (1514) Sequence number: 2988013436 Next sequence number: 2988013440 Acknowledgement number: 9205165 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x419b (incorrect, should be 0x37f6) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 8a 8e 40 00 7f 06 6f 7d ac 10 86 bf 3d b1 .,..@...o}....=. 0020 9a e4 00 8b 05 ea b2 19 77 7c 00 8c 75 ad 50 18 ........w|..u.P. 0030 44 28 41 9b 00 00 82 00 00 00 00 00 D(A......... Frame 20933 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 00:08:51.085053000 Time delta from previous packet: 0.802855000 seconds Time relative to first packet: 342041.559849000 seconds Frame Number: 20933 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.177.154.228 (61.177.154.228), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xbed2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0x4eff (incorrect, should be 0x455a) Source: 61.177.154.228 (61.177.154.228) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1514 (1514), Dst Port: netbios-ssn (139), Seq: 9205165, Ack: 2988013440, Len: 62 Source port: 1514 (1514) Destination port: netbios-ssn (139) Sequence number: 9205165 Next sequence number: 9205227 Acknowledgement number: 2988013440 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x51cb (incorrect, should be 0x6825) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 be d2 40 00 6b 06 4e ff 3d b1 9a e4 ac 10 .f..@.k.N.=..... 0020 86 bf 05 ea 00 8b 00 8c 75 ad b2 19 77 80 50 18 ........u...w.P. 0030 22 34 51 cb 00 00 00 00 00 3a ff 53 4d 42 75 00 "4Q......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 20934 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:08:51.085763000 Time delta from previous packet: 0.000710000 seconds Time relative to first packet: 342041.560559000 seconds Frame Number: 20934 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.177.154.228 (61.177.154.228) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x8aa5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x6f6a (incorrect, should be 0x65c5) Source: 172.16.134.191 (172.16.134.191) Destination: 61.177.154.228 (61.177.154.228) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1514 (1514), Seq: 2988013440, Ack: 3630793315, Len: 0 Source port: netbios-ssn (139) Destination port: 1514 (1514) Sequence number: 2988013440 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x2344 (incorrect, should be 0x199f) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 8a a5 40 00 7f 06 6f 6a ac 10 86 bf 3d b1 .(..@...oj....=. 0020 9a e4 00 8b 05 ea b2 19 77 80 d8 69 82 63 50 04 ........w..i.cP. 0030 00 00 23 44 00 00 00 00 00 00 00 00 ..#D........ Frame 20938 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.172767000 Time delta from previous packet: 0.230935000 seconds Time relative to first packet: 344739.647563000 seconds Frame Number: 20938 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.1.35.169 (217.1.35.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x39cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xaa25 (incorrect, should be 0xa080) Source: 217.1.35.169 (217.1.35.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3472 (3472), Dst Port: netbios-ssn (139), Seq: 10740275, Ack: 0, Len: 0 Source port: 3472 (3472) Destination port: netbios-ssn (139) Sequence number: 10740275 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x4ff4 (incorrect, should be 0x464f) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 39 cd 40 00 71 06 aa 25 d9 01 23 a9 ac 10 .09.@.q..%..#... 0020 86 bf 0d 90 00 8b 00 a3 e2 33 00 00 00 00 70 02 .........3....p. 0030 20 00 4f f4 00 00 02 04 02 18 01 01 04 02 .O........... Frame 20939 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.172770000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 344739.647566000 seconds Frame Number: 20939 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.1.35.169 (217.1.35.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd43d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x01b5 (incorrect, should be 0xf80f) Source: 172.16.134.191 (172.16.134.191) Destination: 217.1.35.169 (217.1.35.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3472 (3472), Seq: 3813597659, Ack: 10740276, Len: 0 Source port: netbios-ssn (139) Destination port: 3472 (3472) Sequence number: 3813597659 Acknowledgement number: 10740276 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x6634 (incorrect, should be 0x5c8f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 d4 3d 40 00 7f 06 01 b5 ac 10 86 bf d9 01 .0.=@........... 0020 23 a9 00 8b 0d 90 e3 4e e1 db 00 a3 e2 34 70 12 #......N.....4p. 0030 40 e8 66 34 00 00 02 04 05 b4 01 01 04 02 @.f4.......... Frame 20940 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.340791000 Time delta from previous packet: 0.168021000 seconds Time relative to first packet: 344739.815587000 seconds Frame Number: 20940 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 217.1.35.169 (217.1.35.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x45cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x9e2d (incorrect, should be 0x9488) Source: 217.1.35.169 (217.1.35.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3472 (3472), Dst Port: netbios-ssn (139), Seq: 10740276, Ack: 3813597660, Len: 0 Source port: 3472 (3472) Destination port: netbios-ssn (139) Sequence number: 10740276 Acknowledgement number: 3813597660 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xb260 (incorrect, should be 0xa8bb) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 45 cd 40 00 71 06 9e 2d d9 01 23 a9 ac 10 .(E.@.q..-..#... 0020 86 bf 0d 90 00 8b 00 a3 e2 34 e3 4e e1 dc 50 10 .........4.N..P. 0030 21 80 b2 60 00 00 00 00 00 00 00 00 !..`........ Frame 20941 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.348490000 Time delta from previous packet: 0.007699000 seconds Time relative to first packet: 344739.823286000 seconds Frame Number: 20941 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.1.35.169 (217.1.35.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x46cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x9ce5 (incorrect, should be 0x9340) Source: 217.1.35.169 (217.1.35.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3472 (3472), Dst Port: netbios-ssn (139), Seq: 10740276, Ack: 3813597660, Len: 72 Source port: 3472 (3472) Destination port: netbios-ssn (139) Sequence number: 10740276 Next sequence number: 10740348 Acknowledgement number: 3813597660 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x7f45 (incorrect, should be 0x75a0) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 46 cd 40 00 71 06 9c e5 d9 01 23 a9 ac 10 .pF.@.q.....#... 0020 86 bf 0d 90 00 8b 00 a3 e2 34 e3 4e e1 dc 50 18 .........4.N..P. 0030 21 80 7f 45 00 00 81 00 00 44 20 46 44 45 43 45 !..E.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 20942 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.348491000 Time delta from previous packet: 0.000001000 seconds Time relative to first packet: 344739.823287000 seconds Frame Number: 20942 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.1.35.169 (217.1.35.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0xd444 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x01b2 (incorrect, should be 0xf80c) Source: 172.16.134.191 (172.16.134.191) Destination: 217.1.35.169 (217.1.35.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3472 (3472), Seq: 3813597660, Ack: 10740348, Len: 4 Source port: netbios-ssn (139) Destination port: 3472 (3472) Sequence number: 3813597660 Next sequence number: 3813597664 Acknowledgement number: 10740348 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x10ec (incorrect, should be 0x0747) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c d4 44 40 00 7f 06 01 b2 ac 10 86 bf d9 01 .,.D@........... 0020 23 a9 00 8b 0d 90 e3 4e e1 dc 00 a3 e2 7c 50 18 #......N.....|P. 0030 40 a0 10 ec 00 00 82 00 00 00 00 00 @........... Frame 20943 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.507388000 Time delta from previous packet: 0.158897000 seconds Time relative to first packet: 344739.982184000 seconds Frame Number: 20943 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.1.35.169 (217.1.35.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x4ccd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x96ef (incorrect, should be 0x8d4a) Source: 217.1.35.169 (217.1.35.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3472 (3472), Dst Port: netbios-ssn (139), Seq: 10740348, Ack: 3813597664, Len: 62 Source port: 3472 (3472) Destination port: netbios-ssn (139) Sequence number: 10740348 Next sequence number: 10740410 Acknowledgement number: 3813597664 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x1e4c (incorrect, should be 0x34a6) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 4c cd 40 00 71 06 96 ef d9 01 23 a9 ac 10 .fL.@.q.....#... 0020 86 bf 0d 90 00 8b 00 a3 e2 7c e3 4e e1 e0 50 18 .........|.N..P. 0030 21 7c 1e 4c 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.L.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 20944 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 00:53:49.507392000 Time delta from previous packet: 0.000004000 seconds Time relative to first packet: 344739.982188000 seconds Frame Number: 20944 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.1.35.169 (217.1.35.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd44b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x01af (incorrect, should be 0xf809) Source: 172.16.134.191 (172.16.134.191) Destination: 217.1.35.169 (217.1.35.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3472 (3472), Seq: 3813597664, Ack: 3630793315, Len: 0 Source port: netbios-ssn (139) Destination port: 3472 (3472) Sequence number: 3813597664 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x5bf3 (incorrect, should be 0x524e) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 d4 4b 40 00 7f 06 01 af ac 10 86 bf d9 01 .(.K@........... 0020 23 a9 00 8b 0d 90 e3 4e e1 e0 d8 69 82 63 50 04 #......N...i.cP. 0030 00 00 5b f3 00 00 00 00 00 00 00 00 ..[......... Frame 20956 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:42.649956000 Time delta from previous packet: 4969.794770000 seconds Time relative to first packet: 351153.124752000 seconds Frame Number: 20956 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x5230 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0xd2ed (incorrect, should be 0xc948) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4388 (4388), Dst Port: netbios-ssn (139), Seq: 375111465, Ack: 0, Len: 0 Source port: 4388 (4388) Destination port: netbios-ssn (139) Sequence number: 375111465 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x6d6f (incorrect, should be 0x63ca) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 52 30 40 00 67 06 d2 ed 50 b5 74 ca ac 10 .0R0@.g...P.t... 0020 86 bf 11 24 00 8b 16 5b bf 29 00 00 00 00 70 02 ...$...[.)....p. 0030 40 00 6d 6f 00 00 02 04 05 86 01 01 04 02 @.mo.......... Frame 20957 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:42.652113000 Time delta from previous packet: 0.002157000 seconds Time relative to first packet: 351153.126909000 seconds Frame Number: 20957 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 80.181.116.202 (80.181.116.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x17c7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf556 (incorrect, should be 0xebb1) Source: 172.16.134.191 (172.16.134.191) Destination: 80.181.116.202 (80.181.116.202) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4388 (4388), Seq: 1220092560, Ack: 375111466, Len: 0 Source port: netbios-ssn (139) Destination port: 4388 (4388) Sequence number: 1220092560 Acknowledgement number: 375111466 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0xff9e (incorrect, should be 0xf5f9) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 17 c7 40 00 7f 06 f5 56 ac 10 86 bf 50 b5 .0..@....V....P. 0020 74 ca 00 8b 11 24 48 b9 22 90 16 5b bf 2a 70 12 t....$H."..[.*p. 0030 42 48 ff 9e 00 00 02 04 05 b4 01 01 04 02 BH............ Frame 20958 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:40:42.895615000 Time delta from previous packet: 0.243502000 seconds Time relative to first packet: 351153.370411000 seconds Frame Number: 20958 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5231 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0xd2f4 (incorrect, should be 0xc94f) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4388 (4388), Dst Port: netbios-ssn (139), Seq: 375111466, Ack: 1220092561, Len: 0 Source port: 4388 (4388) Destination port: netbios-ssn (139) Sequence number: 375111466 Acknowledgement number: 1220092561 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x2c63 (incorrect, should be 0x22be) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 52 31 40 00 67 06 d2 f4 50 b5 74 ca ac 10 .(R1@.g...P.t... 0020 86 bf 11 24 00 8b 16 5b bf 2a 48 b9 22 91 50 10 ...$...[.*H.".P. 0030 42 48 2c 63 00 00 00 00 00 00 00 00 BH,c........ Frame 20959 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:40:42.904217000 Time delta from previous packet: 0.008602000 seconds Time relative to first packet: 351153.379013000 seconds Frame Number: 20959 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5232 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0xd2f3 (incorrect, should be 0xc94e) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4388 (4388), Dst Port: netbios-ssn (139), Seq: 375111466, Ack: 1220092561, Len: 0 Source port: 4388 (4388) Destination port: netbios-ssn (139) Sequence number: 375111466 Acknowledgement number: 1220092561 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 16968 Checksum: 0x2c62 (incorrect, should be 0x22bd) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 52 32 40 00 67 06 d2 f3 50 b5 74 ca ac 10 .(R2@.g...P.t... 0020 86 bf 11 24 00 8b 16 5b bf 2a 48 b9 22 91 50 11 ...$...[.*H.".P. 0030 42 48 2c 62 00 00 00 00 00 00 00 00 BH,b........ Frame 20960 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:40:42.960801000 Time delta from previous packet: 0.056584000 seconds Time relative to first packet: 351153.435597000 seconds Frame Number: 20960 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 80.181.116.202 (80.181.116.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x17c8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf55d (incorrect, should be 0xebb8) Source: 172.16.134.191 (172.16.134.191) Destination: 80.181.116.202 (80.181.116.202) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4388 (4388), Seq: 1220092561, Ack: 375111467, Len: 0 Source port: netbios-ssn (139) Destination port: 4388 (4388) Sequence number: 1220092561 Acknowledgement number: 375111467 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 16968 Checksum: 0x2c61 (incorrect, should be 0x22bc) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 17 c8 40 00 7f 06 f5 5d ac 10 86 bf 50 b5 .(..@....]....P. 0020 74 ca 00 8b 11 24 48 b9 22 91 16 5b bf 2b 50 11 t....$H."..[.+P. 0030 42 48 2c 61 00 00 00 00 00 00 00 00 BH,a........ Frame 20961 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:40:43.215051000 Time delta from previous packet: 0.254250000 seconds Time relative to first packet: 351153.689847000 seconds Frame Number: 20961 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5234 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0xd2f1 (incorrect, should be 0xc94c) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4388 (4388), Dst Port: netbios-ssn (139), Seq: 375111467, Ack: 1220092562, Len: 0 Source port: 4388 (4388) Destination port: netbios-ssn (139) Sequence number: 375111467 Acknowledgement number: 1220092562 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x2c61 (incorrect, should be 0x22bc) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 52 34 40 00 67 06 d2 f1 50 b5 74 ca ac 10 .(R4@.g...P.t... 0020 86 bf 11 24 00 8b 16 5b bf 2b 48 b9 22 92 50 10 ...$...[.+H.".P. 0030 42 48 2c 61 00 00 00 00 00 00 00 00 BH,a........ Frame 20964 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:43.954374000 Time delta from previous packet: 0.006652000 seconds Time relative to first packet: 351154.429170000 seconds Frame Number: 20964 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 169.254.205.177 (169.254.205.177), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x5236 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0x20b7 (incorrect, should be 0x1712) Source: 169.254.205.177 (169.254.205.177) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4390 (4390), Dst Port: netbios-ssn (139), Seq: 375552781, Ack: 0, Len: 0 Source port: 4390 (4390) Destination port: netbios-ssn (139) Sequence number: 375552781 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xff23 (incorrect, should be 0xf57e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 52 36 40 00 67 06 20 b7 a9 fe cd b1 ac 10 .0R6@.g. ....... 0020 86 bf 11 26 00 8b 16 62 7b 0d 00 00 00 00 70 02 ...&...b{.....p. 0030 40 00 ff 23 00 00 02 04 05 b4 01 01 04 02 @..#.......... Frame 20965 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:43.954377000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 351154.429173000 seconds Frame Number: 20965 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x5237 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0xd2e6 (incorrect, should be 0xc941) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4391 (4391), Dst Port: netbios-ssn (139), Seq: 375613903, Ack: 0, Len: 0 Source port: 4391 (4391) Destination port: netbios-ssn (139) Sequence number: 375613903 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc2be (incorrect, should be 0xb919) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 52 37 40 00 67 06 d2 e6 50 b5 74 ca ac 10 .0R7@.g...P.t... 0020 86 bf 11 27 00 8b 16 63 69 cf 00 00 00 00 70 02 ...'...ci.....p. 0030 40 00 c2 be 00 00 02 04 05 86 01 01 04 02 @............. Frame 20966 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:43.954381000 Time delta from previous packet: 0.000004000 seconds Time relative to first packet: 351154.429177000 seconds Frame Number: 20966 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 169.254.205.177 (169.254.205.177) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x17cc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4321 (incorrect, should be 0x397c) Source: 172.16.134.191 (172.16.134.191) Destination: 169.254.205.177 (169.254.205.177) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4390 (4390), Seq: 1220543960, Ack: 375552782, Len: 0 Source port: netbios-ssn (139) Destination port: 4390 (4390) Sequence number: 1220543960 Acknowledgement number: 375552782 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xac0a (incorrect, should be 0xa265) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 17 cc 40 00 7f 06 43 21 ac 10 86 bf a9 fe .0..@...C!...... 0020 cd b1 00 8b 11 26 48 c0 05 d8 16 62 7b 0e 70 12 .....&H....b{.p. 0030 44 70 ac 0a 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 20967 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:43.954383000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 351154.429179000 seconds Frame Number: 20967 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 80.181.116.202 (80.181.116.202) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x17cd Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf550 (incorrect, should be 0xebab) Source: 172.16.134.191 (172.16.134.191) Destination: 80.181.116.202 (80.181.116.202) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4391 (4391), Seq: 1220579915, Ack: 375613904, Len: 0 Source port: netbios-ssn (139) Destination port: 4391 (4391) Sequence number: 1220579915 Acknowledgement number: 375613904 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0xe52b (incorrect, should be 0xdb86) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 17 cd 40 00 7f 06 f5 50 ac 10 86 bf 50 b5 .0..@....P....P. 0020 74 ca 00 8b 11 27 48 c0 92 4b 16 63 69 d0 70 12 t....'H..K.ci.p. 0030 42 48 e5 2b 00 00 02 04 05 b4 01 01 04 02 BH.+.......... Frame 20970 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:40:44.221874000 Time delta from previous packet: 0.006709000 seconds Time relative to first packet: 351154.696670000 seconds Frame Number: 20970 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 80.181.116.202 (80.181.116.202), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x523a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 103 Protocol: TCP (0x06) Header checksum: 0x12ec (incorrect, should be 0x0947) Source: 80.181.116.202 (80.181.116.202) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4391 (4391), Dst Port: netbios-ssn (139), Seq: 375613904, Ack: 375613904, Len: 0 Source port: 4391 (4391) Destination port: netbios-ssn (139) Sequence number: 375613904 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xaf1d (incorrect, should be 0xa578) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 52 3a 00 00 67 06 12 ec 50 b5 74 ca ac 10 .(R:..g...P.t... 0020 86 bf 11 27 00 8b 16 63 69 d0 16 63 69 d0 50 04 ...'...ci..ci.P. 0030 00 00 af 1d 00 00 00 00 00 00 00 00 ............ Frame 20987 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:46.563243000 Time delta from previous packet: 0.034653000 seconds Time relative to first packet: 351157.038039000 seconds Frame Number: 20987 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 169.254.205.177 (169.254.205.177) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x17d9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4314 (incorrect, should be 0x396f) Source: 172.16.134.191 (172.16.134.191) Destination: 169.254.205.177 (169.254.205.177) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4390 (4390), Seq: 1220543960, Ack: 375552782, Len: 0 Source port: netbios-ssn (139) Destination port: 4390 (4390) Sequence number: 1220543960 Acknowledgement number: 375552782 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xac0a (incorrect, should be 0xa265) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 17 d9 40 00 7f 06 43 14 ac 10 86 bf a9 fe .0..@...C....... 0020 cd b1 00 8b 11 26 48 c0 05 d8 16 62 7b 0e 70 12 .....&H....b{.p. 0030 44 70 ac 0a 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 20991 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:40:51.813734000 Time delta from previous packet: 4.636725000 seconds Time relative to first packet: 351162.288530000 seconds Frame Number: 20991 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 169.254.205.177 (169.254.205.177) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x17de Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x430f (incorrect, should be 0x396a) Source: 172.16.134.191 (172.16.134.191) Destination: 169.254.205.177 (169.254.205.177) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4390 (4390), Seq: 1220543960, Ack: 375552782, Len: 0 Source port: netbios-ssn (139) Destination port: 4390 (4390) Sequence number: 1220543960 Acknowledgement number: 375552782 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xac0a (incorrect, should be 0xa265) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 17 de 40 00 7f 06 43 0f ac 10 86 bf a9 fe .0..@...C....... 0020 cd b1 00 8b 11 26 48 c0 05 d8 16 62 7b 0e 70 12 .....&H....b{.p. 0030 44 70 ac 0a 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 20992 (94 bytes on wire, 94 bytes captured) Arrival Time: Mar 5, 2003 02:40:52.113407000 Time delta from previous packet: 0.299673000 seconds Time relative to first packet: 351162.588203000 seconds Frame Number: 20992 Packet Length: 94 bytes Capture Length: 94 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 00000000000000000000000000000000... Internet Protocol, Src Addr: 169.254.205.177 (169.254.205.177), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x1f4a Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x7aab (incorrect, should be 0x7106) Source: 169.254.205.177 (169.254.205.177) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4390 (4390), Dst Port: netbios-ssn (139), Seq: 375552782, Ack: 0, Len: 0 Source port: 4390 (4390) Destination port: netbios-ssn (139) Sequence number: 375552782 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 512 Checksum: 0x69e4 (incorrect, should be 0x603f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 1f 4a 00 00 80 06 7a ab a9 fe cd b1 ac 10 .(.J....z....... 0020 86 bf 11 26 00 8b 16 62 7b 0e 00 00 00 00 50 04 ...&...b{.....P. 0030 02 00 69 e4 00 00 00 00 00 00 00 00 00 00 00 00 ..i............. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. Frame 21332 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.191969000 Time delta from previous packet: 0.125598000 seconds Time relative to first packet: 351575.666765000 seconds Frame Number: 21332 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4d71 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb6fc (incorrect, should be 0xad57) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749787901, Ack: 0, Len: 0 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749787901 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x2912 (incorrect, should be 0x1f6d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4d 71 40 00 72 06 b6 fc 18 c5 c2 6a ac 10 .0Mq@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a4 fd 00 00 00 00 70 02 ......hK......p. 0030 40 00 29 12 00 00 02 04 05 b4 01 01 04 02 @.)........... Frame 21333 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.191974000 Time delta from previous packet: 0.000005000 seconds Time relative to first packet: 351575.666770000 seconds Frame Number: 21333 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.197.194.106 (24.197.194.106) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x1ab7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xdcb6 (incorrect, should be 0xd311) Source: 172.16.134.191 (172.16.134.191) Destination: 24.197.194.106 (24.197.194.106) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2015 (2015), Seq: 1343525330, Ack: 1749787902, Len: 0 Source port: netbios-ssn (139) Destination port: 2015 (2015) Sequence number: 1343525330 Acknowledgement number: 1749787902 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x42aa (incorrect, should be 0x3905) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 1a b7 40 00 7f 06 dc b6 ac 10 86 bf 18 c5 .0..@........... 0020 c2 6a 00 8b 07 df 50 14 91 d2 68 4b a4 fe 70 12 .j....P...hK..p. 0030 44 70 42 aa 00 00 02 04 05 b4 01 01 04 02 DpB........... Frame 21334 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.252495000 Time delta from previous packet: 0.060521000 seconds Time relative to first packet: 351575.727291000 seconds Frame Number: 21334 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d72 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb703 (incorrect, should be 0xad5e) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749787902, Ack: 1343525331, Len: 0 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749787902 Acknowledgement number: 1343525331 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x6f6e (incorrect, should be 0x65c9) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 72 40 00 72 06 b7 03 18 c5 c2 6a ac 10 .(Mr@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a4 fe 50 14 91 d3 50 10 ......hK..P...P. 0030 44 70 6f 6e 00 00 00 00 00 00 00 00 Dpon........ Frame 21335 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.260172000 Time delta from previous packet: 0.007677000 seconds Time relative to first packet: 351575.734968000 seconds Frame Number: 21335 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x4d73 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb6ba (incorrect, should be 0xad15) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749787902, Ack: 1343525331, Len: 72 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749787902 Next sequence number: 1749787974 Acknowledgement number: 1343525331 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x595c (incorrect, should be 0x4fb7) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: HPPAV<00> (Workstation/Redirector) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 4d 73 40 00 72 06 b6 ba 18 c5 c2 6a ac 10 .pMs@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a4 fe 50 14 91 d3 50 18 ......hK..P...P. 0030 44 70 59 5c 00 00 81 00 00 44 20 46 44 45 43 45 DpY\.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 49 46 ACACACACACA. EIF 0060 41 46 41 45 42 46 47 43 41 43 41 43 41 43 41 43 AFAEBFGCACACACAC 0070 41 43 41 43 41 43 41 43 41 43 41 41 41 00 ACACACACACAAA. Frame 21336 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.260174000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 351575.734970000 seconds Frame Number: 21336 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.197.194.106 (24.197.194.106) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x1ab8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xdcb9 (incorrect, should be 0xd314) Source: 172.16.134.191 (172.16.134.191) Destination: 24.197.194.106 (24.197.194.106) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2015 (2015), Seq: 1343525331, Ack: 1749787974, Len: 4 Source port: netbios-ssn (139) Destination port: 2015 (2015) Sequence number: 1343525331 Next sequence number: 1343525335 Acknowledgement number: 1749787974 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xed61 (incorrect, should be 0xe3bc) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 1a b8 40 00 7f 06 dc b9 ac 10 86 bf 18 c5 .,..@........... 0020 c2 6a 00 8b 07 df 50 14 91 d3 68 4b a5 46 50 18 .j....P...hK.FP. 0030 44 28 ed 61 00 00 82 00 00 00 00 00 D(.a........ Frame 21337 (212 bytes on wire, 212 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.333326000 Time delta from previous packet: 0.073152000 seconds Time relative to first packet: 351575.808122000 seconds Frame Number: 21337 Packet Length: 212 bytes Capture Length: 212 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 198 Identification: 0x4d74 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb663 (incorrect, should be 0xacbe) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749787974, Ack: 1343525335, Len: 158 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749787974 Next sequence number: 1749788132 Acknowledgement number: 1343525335 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0xc521 (incorrect, should be 0xbb7c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 154 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Negotiate Protocol (0x72) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 6565 User ID: 0 Multiplex ID: 33281 Negotiate Protocol Request (0x72) Word Count (WCT): 0 Byte Count (BCC): 119 Requested Dialects Dialect: PC NETWORK PROGRAM 1.0 Buffer Format: Dialect (2) Name: PC NETWORK PROGRAM 1.0 Dialect: MICROSOFT NETWORKS 3.0 Buffer Format: Dialect (2) Name: MICROSOFT NETWORKS 3.0 Dialect: DOS LM1.2X002 Buffer Format: Dialect (2) Name: DOS LM1.2X002 Dialect: DOS LANMAN2.1 Buffer Format: Dialect (2) Name: DOS LANMAN2.1 Dialect: Windows for Workgroups 3.1a Buffer Format: Dialect (2) Name: Windows for Workgroups 3.1a Dialect: NT LM 0.12 Buffer Format: Dialect (2) Name: NT LM 0.12 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 c6 4d 74 40 00 72 06 b6 63 18 c5 c2 6a ac 10 ..Mt@.r..c...j.. 0020 86 bf 07 df 00 8b 68 4b a5 46 50 14 91 d7 50 18 ......hK.FP...P. 0030 44 6c c5 21 00 00 00 00 00 9a ff 53 4d 42 72 00 Dl.!.......SMBr. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 a5 19 00 00 01 82 00 77 00 02 50 43 ...........w..PC 0060 20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d NETWORK PROGRAM 0070 20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 20 1.0..MICROSOFT 0080 4e 45 54 57 4f 52 4b 53 20 33 2e 30 00 02 44 4f NETWORKS 3.0..DO 0090 53 20 4c 4d 31 2e 32 58 30 30 32 00 02 44 4f 53 S LM1.2X002..DOS 00a0 20 4c 41 4e 4d 41 4e 32 2e 31 00 02 57 69 6e 64 LANMAN2.1..Wind 00b0 6f 77 73 20 66 6f 72 20 57 6f 72 6b 67 72 6f 75 ows for Workgrou 00c0 70 73 20 33 2e 31 61 00 02 4e 54 20 4c 4d 20 30 ps 3.1a..NT LM 0 00d0 2e 31 32 00 .12. Frame 21338 (157 bytes on wire, 157 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.353119000 Time delta from previous packet: 0.019793000 seconds Time relative to first packet: 351575.827915000 seconds Frame Number: 21338 Packet Length: 157 bytes Capture Length: 157 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.197.194.106 (24.197.194.106) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 143 Identification: 0x1ab9 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xdc55 (incorrect, should be 0xd2b0) Source: 172.16.134.191 (172.16.134.191) Destination: 24.197.194.106 (24.197.194.106) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2015 (2015), Seq: 1343525335, Ack: 1749788132, Len: 103 Source port: netbios-ssn (139) Destination port: 2015 (2015) Sequence number: 1343525335 Next sequence number: 1343525438 Acknowledgement number: 1749788132 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17290 Checksum: 0x61ec (incorrect, should be 0x5866) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 99 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 21337 Time from request: 0.019793000 seconds SMB Command: Negotiate Protocol (0x72) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 6565 User ID: 0 Multiplex ID: 33281 Negotiate Protocol Response (0x72) Word Count (WCT): 17 Dialect Index: 5, greater than LANMAN2.1 Security Mode: 0x03 .... ...1 = Mode: USER security mode .... ..1. = Password: ENCRYPTED password. Use challenge/response .... .0.. = Signatures: Security signatures NOT enabled .... 0... = Sig Req: Security signatures NOT required Max Mpx Count: 50 Max VCs: 1 Max Buffer Size: 16644 Max Raw Buffer: 65536 Session Key: 0x00000000 Capabilities: 0x0000f3fd .... .... .... .... .... .... .... ...1 = Raw Mode: Read Raw and Write Raw are supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 1... = Large Files: Large files are supported .... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs are supported .... .... .... .... .... .... ..1. .... = RPC Remote APIs: RPC remote APIs are supported .... .... .... .... .... .... .1.. .... = NT Status Codes: NT status codes are supported .... .... .... .... .... .... 1... .... = Level 2 Oplocks: Level 2 oplocks are supported .... .... .... .... .... ...1 .... .... = Lock and Read: Lock and Read is supported .... .... .... .... .... ..1. .... .... = NT Find: NT Find is supported .... .... .... .... ...1 .... .... .... = Dfs: Dfs is supported .... .... .... .... ..1. .... .... .... = Infolevel Passthru: NT information level request passthrough is supported .... .... .... .... .1.. .... .... .... = Large ReadX: Large Read andX is supported .... .... .... .... 1... .... .... .... = Large WriteX: Large Write andX is supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 0... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are not supported System Time: Mar 5, 2003 02:27:46.821106625 Server Time Zone: 480 min from UTC Key Length: 8 Byte Count (BCC): 30 Encryption Key: D99286121DEDB63F Primary Domain: SBM Server: PC0191 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 8f 1a b9 40 00 7f 06 dc 55 ac 10 86 bf 18 c5 ....@....U...... 0020 c2 6a 00 8b 07 df 50 14 91 d7 68 4b a5 e4 50 18 .j....P...hK..P. 0030 43 8a 61 ec 00 00 00 00 00 63 ff 53 4d 42 72 00 C.a......c.SMBr. 0040 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 a5 19 00 00 01 82 11 05 00 03 32 00 ..............2. 0060 01 00 04 41 00 00 00 00 01 00 00 00 00 00 fd f3 ...A............ 0070 00 00 80 47 5e dd 01 e3 c2 01 e0 01 08 1e 00 d9 ...G^........... 0080 92 86 12 1d ed b6 3f 53 00 42 00 4d 00 00 00 50 ......?S.B.M...P 0090 00 43 00 30 00 31 00 39 00 31 00 00 00 .C.0.1.9.1... Frame 21339 (235 bytes on wire, 235 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.427194000 Time delta from previous packet: 0.074075000 seconds Time relative to first packet: 351575.901990000 seconds Frame Number: 21339 Packet Length: 235 bytes Capture Length: 235 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 221 Identification: 0x4d75 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb64b (incorrect, should be 0xaca6) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749788132, Ack: 1343525438, Len: 181 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749788132 Next sequence number: 1749788313 Acknowledgement number: 1343525438 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17413 Checksum: 0xc7e3 (incorrect, should be 0xbd5e) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 177 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Session Setup AndX (0x73) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x10 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x1000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...1 .... .... .... = Dfs: Resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 6565 User ID: 1 Multiplex ID: 33281 Session Setup AndX Request (0x73) Word Count (WCT): 13 AndXCommand: Tree Connect AndX (0x75) Reserved: 00 AndXOffset: 145 Max Buffer: 2920 Max Mpx Count: 50 VC Number: 0 Session Key: 0x00000000 ANSI Password Length: 24 Unicode Password Length: 0 Reserved: 00000000 Capabilities: 0x00000005 .... .... .... .... .... .... .... ...1 = Raw Mode: Read Raw and Write Raw are supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 0... = Large Files: Large files are not supported .... .... .... .... .... .... ...0 .... = NT SMBs: NT SMBs are not supported .... .... .... .... .... .... ..0. .... = RPC Remote APIs: RPC remote APIs are not supported .... .... .... .... .... .... .0.. .... = NT Status Codes: NT status codes are not supported .... .... .... .... .... .... 0... .... = Level 2 Oplocks: Level 2 oplocks are not supported .... .... .... .... .... ...0 .... .... = Lock and Read: Lock and Read is not supported .... .... .... .... .... ..0. .... .... = NT Find: NT Find is not supported .... .... .... .... ...0 .... .... .... = Dfs: Dfs is not supported .... .... .... .... ..0. .... .... .... = Infolevel Passthru: NT information level request passthrough is not supported .... .... .... .... .0.. .... .... .... = Large ReadX: Large Read andX is not supported .... .... .... .... 0... .... .... .... = Large WriteX: Large Write andX is not supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 0... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are not supported Byte Count (BCC): 84 ANSI Password: 5716E997060A736B37266F499F9FFAA0... Account: HP AUTHORIZED CUSTOM Primary Domain: HEWLETTPACKARD Native OS: Windows 4.0 Native LAN Manager: Windows 4.0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0002 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 21 Password: 00 Path: \\PC0191\IPC$ Service: ????? 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 dd 4d 75 40 00 72 06 b6 4b 18 c5 c2 6a ac 10 ..Mu@.r..K...j.. 0020 86 bf 07 df 00 8b 68 4b a5 e4 50 14 92 3e 50 18 ......hK..P..>P. 0030 44 05 c7 e3 00 00 00 00 00 b1 ff 53 4d 42 73 00 D..........SMBs. 0040 00 00 00 10 00 10 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 a5 19 01 00 01 82 0d 75 00 91 00 68 ...........u...h 0060 0b 32 00 00 00 00 00 00 00 18 00 00 00 00 00 00 .2.............. 0070 00 05 00 00 00 54 00 57 16 e9 97 06 0a 73 6b 37 .....T.W.....sk7 0080 26 6f 49 9f 9f fa a0 bf 48 62 7f e2 6f 15 d9 48 &oI.....Hb..o..H 0090 50 20 41 55 54 48 4f 52 49 5a 45 44 20 43 55 53 P AUTHORIZED CUS 00a0 54 4f 4d 00 48 45 57 4c 45 54 54 50 41 43 4b 41 TOM.HEWLETTPACKA 00b0 52 44 00 57 69 6e 64 6f 77 73 20 34 2e 30 00 57 RD.Windows 4.0.W 00c0 69 6e 64 6f 77 73 20 34 2e 30 00 04 ff 00 00 00 indows 4.0...... 00d0 02 00 01 00 15 00 00 5c 5c 50 43 30 31 39 31 5c .......\\PC0191\ 00e0 49 50 43 24 00 3f 3f 3f 3f 3f 00 IPC$.?????. Frame 21340 (93 bytes on wire, 93 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.449871000 Time delta from previous packet: 0.022677000 seconds Time relative to first packet: 351575.924667000 seconds Frame Number: 21340 Packet Length: 93 bytes Capture Length: 93 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.197.194.106 (24.197.194.106) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 79 Identification: 0x1aba Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xdc94 (incorrect, should be 0xd2ef) Source: 172.16.134.191 (172.16.134.191) Destination: 24.197.194.106 (24.197.194.106) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2015 (2015), Seq: 1343525438, Ack: 1749788313, Len: 39 Source port: netbios-ssn (139) Destination port: 2015 (2015) Sequence number: 1343525438 Next sequence number: 1343525477 Acknowledgement number: 1749788313 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17109 Checksum: 0x06d9 (incorrect, should be 0xfd33) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 35 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 21339 Time from request: 0.022677000 seconds SMB Command: Session Setup AndX (0x73) Error Class: DOS Error (0x01) Reserved: 00 Error Code: Access denied Flags: 0x90 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x1000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...1 .... .... .... = Dfs: Resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 6565 User ID: 1 Multiplex ID: 33281 Session Setup AndX Response (0x73) Word Count (WCT): 0 Byte Count (BCC): 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 4f 1a ba 40 00 7f 06 dc 94 ac 10 86 bf 18 c5 .O..@........... 0020 c2 6a 00 8b 07 df 50 14 92 3e 68 4b a6 99 50 18 .j....P..>hK..P. 0030 42 d5 06 d9 00 00 00 00 00 23 ff 53 4d 42 73 01 B........#.SMBs. 0040 00 05 00 90 00 10 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 a5 19 01 00 01 82 00 00 00 ............. Frame 21341 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:45.717582000 Time delta from previous packet: 0.267711000 seconds Time relative to first packet: 351576.192378000 seconds Frame Number: 21341 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d76 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb6ff (incorrect, should be 0xad5a) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749788313, Ack: 1343525477, Len: 0 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749788313 Acknowledgement number: 1343525477 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17374 Checksum: 0x6dd3 (incorrect, should be 0x642e) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 76 40 00 72 06 b6 ff 18 c5 c2 6a ac 10 .(Mv@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a6 99 50 14 92 65 50 10 ......hK..P..eP. 0030 43 de 6d d3 00 00 00 00 00 00 00 00 C.m......... Frame 21342 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:46.063181000 Time delta from previous packet: 0.345599000 seconds Time relative to first packet: 351576.537977000 seconds Frame Number: 21342 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d78 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb6fd (incorrect, should be 0xad58) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749788313, Ack: 1343525477, Len: 0 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749788313 Acknowledgement number: 1343525477 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 17374 Checksum: 0x6dd2 (incorrect, should be 0x642d) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 78 40 00 72 06 b6 fd 18 c5 c2 6a ac 10 .(Mx@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a6 99 50 14 92 65 50 11 ......hK..P..eP. 0030 43 de 6d d2 00 00 00 00 00 00 00 00 C.m......... Frame 21343 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:46.064150000 Time delta from previous packet: 0.000969000 seconds Time relative to first packet: 351576.538946000 seconds Frame Number: 21343 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.197.194.106 (24.197.194.106) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x1abb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xdcba (incorrect, should be 0xd315) Source: 172.16.134.191 (172.16.134.191) Destination: 24.197.194.106 (24.197.194.106) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2015 (2015), Seq: 1343525477, Ack: 1749788314, Len: 0 Source port: netbios-ssn (139) Destination port: 2015 (2015) Sequence number: 1343525477 Acknowledgement number: 1749788314 Header length: 20 bytes Flags: 0x0011 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set Window size: 17109 Checksum: 0x6eda (incorrect, should be 0x6535) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 1a bb 40 00 7f 06 dc ba ac 10 86 bf 18 c5 .(..@........... 0020 c2 6a 00 8b 07 df 50 14 92 65 68 4b a6 9a 50 11 .j....P..ehK..P. 0030 42 d5 6e da 00 00 00 00 00 00 00 00 B.n......... Frame 21346 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 02:47:46.121979000 Time delta from previous packet: 0.035518000 seconds Time relative to first packet: 351576.596775000 seconds Frame Number: 21346 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 24.197.194.106 (24.197.194.106), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d7a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xb6fb (incorrect, should be 0xad56) Source: 24.197.194.106 (24.197.194.106) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2015 (2015), Dst Port: netbios-ssn (139), Seq: 1749788314, Ack: 1343525478, Len: 0 Source port: 2015 (2015) Destination port: netbios-ssn (139) Sequence number: 1749788314 Acknowledgement number: 1343525478 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17374 Checksum: 0x6dd1 (incorrect, should be 0x642c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 7a 40 00 72 06 b6 fb 18 c5 c2 6a ac 10 .(Mz@.r......j.. 0020 86 bf 07 df 00 8b 68 4b a6 9a 50 14 92 66 50 10 ......hK..P..fP. 0030 43 de 6d d1 00 00 00 00 00 00 00 00 C.m......... Frame 30299 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:05:09.238506000 Time delta from previous packet: 0.777315000 seconds Time relative to first packet: 352619.713302000 seconds Frame Number: 30299 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.87.178.167 (218.87.178.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xfb6f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x572e (incorrect, should be 0x4d89) Source: 218.87.178.167 (218.87.178.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1387 (1387), Dst Port: netbios-ssn (139), Seq: 979548, Ack: 0, Len: 0 Source port: 1387 (1387) Destination port: netbios-ssn (139) Sequence number: 979548 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xb494 (incorrect, should be 0xaaef) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 fb 6f 40 00 72 06 57 2e da 57 b2 a7 ac 10 .0.o@.r.W..W.... 0020 86 bf 05 6b 00 8b 00 0e f2 5c 00 00 00 00 70 02 ...k.....\....p. 0030 20 00 b4 94 00 00 02 04 05 b4 01 01 04 02 ............. Frame 30300 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:05:09.240665000 Time delta from previous packet: 0.002159000 seconds Time relative to first packet: 352619.715461000 seconds Frame Number: 30300 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.87.178.167 (218.87.178.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2fab Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x15f3 (incorrect, should be 0x0c4e) Source: 172.16.134.191 (172.16.134.191) Destination: 218.87.178.167 (218.87.178.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1387 (1387), Seq: 1676884831, Ack: 979549, Len: 0 Source port: netbios-ssn (139) Destination port: 1387 (1387) Sequence number: 1676884831 Acknowledgement number: 979549 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xf0c0 (incorrect, should be 0xe71b) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 2f ab 40 00 7f 06 15 f3 ac 10 86 bf da 57 .0/.@..........W 0020 b2 a7 00 8b 05 6b 63 f3 3b 5f 00 0e f2 5d 70 12 .....kc.;_...]p. 0030 44 70 f0 c0 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 30301 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:05:09.881998000 Time delta from previous packet: 0.641333000 seconds Time relative to first packet: 352620.356794000 seconds Frame Number: 30301 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.87.178.167 (218.87.178.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x1270 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x4036 (incorrect, should be 0x3691) Source: 218.87.178.167 (218.87.178.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1387 (1387), Dst Port: netbios-ssn (139), Seq: 979549, Ack: 1676884832, Len: 0 Source port: 1387 (1387) Destination port: netbios-ssn (139) Sequence number: 979549 Acknowledgement number: 1676884832 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x3fbd (incorrect, should be 0x3618) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 12 70 40 00 72 06 40 36 da 57 b2 a7 ac 10 .(.p@.r.@6.W.... 0020 86 bf 05 6b 00 8b 00 0e f2 5d 63 f3 3b 60 50 10 ...k.....]c.;`P. 0030 22 38 3f bd 00 00 00 00 00 00 00 00 "8?......... Frame 30302 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 03:05:09.882001000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 352620.356797000 seconds Frame Number: 30302 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.87.178.167 (218.87.178.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x1370 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x3eee (incorrect, should be 0x3549) Source: 218.87.178.167 (218.87.178.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1387 (1387), Dst Port: netbios-ssn (139), Seq: 979549, Ack: 1676884832, Len: 72 Source port: 1387 (1387) Destination port: netbios-ssn (139) Sequence number: 979549 Next sequence number: 979621 Acknowledgement number: 1676884832 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xefa1 (incorrect, should be 0xe5fc) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 13 70 40 00 72 06 3e ee da 57 b2 a7 ac 10 .p.p@.r.>..W.... 0020 86 bf 05 6b 00 8b 00 0e f2 5d 63 f3 3b 60 50 18 ...k.....]c.;`P. 0030 22 38 ef a1 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 30303 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:05:09.886582000 Time delta from previous packet: 0.004581000 seconds Time relative to first packet: 352620.361378000 seconds Frame Number: 30303 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.87.178.167 (218.87.178.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x2fac Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x15f6 (incorrect, should be 0x0c51) Source: 172.16.134.191 (172.16.134.191) Destination: 218.87.178.167 (218.87.178.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1387 (1387), Seq: 1676884832, Ack: 979621, Len: 4 Source port: netbios-ssn (139) Destination port: 1387 (1387) Sequence number: 1676884832 Next sequence number: 1676884836 Acknowledgement number: 979621 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x9b78 (incorrect, should be 0x91d3) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 2f ac 40 00 7f 06 15 f6 ac 10 86 bf da 57 .,/.@..........W 0020 b2 a7 00 8b 05 6b 63 f3 3b 60 00 0e f2 a5 50 18 .....kc.;`....P. 0030 44 28 9b 78 00 00 82 00 00 00 00 00 D(.x........ Frame 30304 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 03:05:10.507221000 Time delta from previous packet: 0.620639000 seconds Time relative to first packet: 352620.982017000 seconds Frame Number: 30304 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.87.178.167 (218.87.178.167), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x2a70 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x27f8 (incorrect, should be 0x1e53) Source: 218.87.178.167 (218.87.178.167) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1387 (1387), Dst Port: netbios-ssn (139), Seq: 979621, Ack: 1676884836, Len: 62 Source port: 1387 (1387) Destination port: netbios-ssn (139) Sequence number: 979621 Next sequence number: 979683 Acknowledgement number: 1676884836 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xaba8 (incorrect, should be 0xc202) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 2a 70 40 00 72 06 27 f8 da 57 b2 a7 ac 10 .f*p@.r.'..W.... 0020 86 bf 05 6b 00 8b 00 0e f2 a5 63 f3 3b 64 50 18 ...k......c.;dP. 0030 22 34 ab a8 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 30305 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:05:10.513110000 Time delta from previous packet: 0.005889000 seconds Time relative to first packet: 352620.987906000 seconds Frame Number: 30305 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.87.178.167 (218.87.178.167) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x2fad Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x15f9 (incorrect, should be 0x0c54) Source: 172.16.134.191 (172.16.134.191) Destination: 218.87.178.167 (218.87.178.167) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1387 (1387), Seq: 1676884836, Ack: 979621, Len: 0 Source port: netbios-ssn (139) Destination port: 1387 (1387) Sequence number: 1676884836 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x61b5 (incorrect, should be 0x5810) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 2f ad 40 00 7f 06 15 f9 ac 10 86 bf da 57 .(/.@..........W 0020 b2 a7 00 8b 05 6b 63 f3 3b 64 00 0e f2 a5 50 04 .....kc.;d....P. 0030 00 00 61 b5 00 00 00 00 00 00 00 00 ..a......... Frame 32462 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.617050000 Time delta from previous packet: 0.001118000 seconds Time relative to first packet: 355616.091846000 seconds Frame Number: 32462 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3fd1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x5659 (incorrect, should be 0x4cb4) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4839 (4839), Dst Port: netbios-ssn (139), Seq: 2724141423, Ack: 0, Len: 0 Source port: 4839 (4839) Destination port: netbios-ssn (139) Sequence number: 2724141423 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xfc40 (incorrect, should be 0xf29b) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 3f d1 40 00 6d 06 56 59 d1 2d 7d 45 ac 10 .0?.@.m.VY.-}E.. 0020 86 bf 12 e7 00 8b a2 5f 19 6f 00 00 00 00 70 02 ......._.o....p. 0030 40 00 fc 40 00 00 02 04 05 b4 01 01 04 02 @..@.......... Frame 32463 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.617054000 Time delta from previous packet: 0.000004000 seconds Time relative to first packet: 355616.091850000 seconds Frame Number: 32463 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3fd2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x562f (incorrect, should be 0x4c8a) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4840 (4840), Dst Port: netbios-ssn (139), Seq: 2724199679, Ack: 0, Len: 0 Source port: 4840 (4840) Destination port: netbios-ssn (139) Sequence number: 2724199679 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x1886 (incorrect, should be 0x0ee1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 3f d2 40 00 6d 06 56 2f d1 2d 7d 6e ac 10 .0?.@.m.V/.-}n.. 0020 86 bf 12 e8 00 8b a2 5f fc ff 00 00 00 00 70 02 ......._......p. 0030 40 00 18 86 00 00 02 04 05 b4 01 01 04 02 @............. Frame 32465 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.621405000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 355616.096201000 seconds Frame Number: 32465 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.69 (209.45.125.69) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3aaa Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4980 (incorrect, should be 0x3fdb) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.69 (209.45.125.69) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4839 (4839), Seq: 2138393702, Ack: 2724141424, Len: 0 Source port: netbios-ssn (139) Destination port: 4839 (4839) Sequence number: 2138393702 Acknowledgement number: 2724141424 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x2be4 (incorrect, should be 0x223f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a aa 40 00 7f 06 49 80 ac 10 86 bf d1 2d .0:.@...I......- 0020 7d 45 00 8b 12 e7 7f 75 4c 66 a2 5f 19 70 70 12 }E.....uLf._.pp. 0030 44 70 2b e4 00 00 02 04 05 b4 01 01 04 02 Dp+........... Frame 32466 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.621407000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 355616.096203000 seconds Frame Number: 32466 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.110 (209.45.125.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3aab Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4956 (incorrect, should be 0x3fb1) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.110 (209.45.125.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4840 (4840), Seq: 2138437608, Ack: 2724199680, Len: 0 Source port: netbios-ssn (139) Destination port: 4840 (4840) Sequence number: 2138437608 Acknowledgement number: 2724199680 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9ca6 (incorrect, should be 0x9301) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a ab 40 00 7f 06 49 56 ac 10 86 bf d1 2d .0:.@...IV.....- 0020 7d 6e 00 8b 12 e8 7f 75 f7 e8 a2 5f fd 00 70 12 }n.....u..._..p. 0030 44 70 9c a6 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32469 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.812440000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 355616.287236000 seconds Frame Number: 32469 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x401b Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x95ee (incorrect, should be 0x8c49) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4840 (4840), Dst Port: netbios-ssn (139), Seq: 2724199680, Ack: 2724199680, Len: 0 Source port: 4840 (4840) Destination port: netbios-ssn (139) Sequence number: 2724199680 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xe5e5 (incorrect, should be 0xdc40) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 40 1b 00 00 6d 06 95 ee d1 2d 7d 6e ac 10 .(@...m....-}n.. 0020 86 bf 12 e8 00 8b a2 5f fd 00 a2 5f fd 00 50 04 ......._..._..P. 0030 00 00 e5 e5 00 00 00 00 00 00 00 00 ............ Frame 32470 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:05.812452000 Time delta from previous packet: 0.000012000 seconds Time relative to first packet: 355616.287248000 seconds Frame Number: 32470 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x401c Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x9616 (incorrect, should be 0x8c71) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4839 (4839), Dst Port: netbios-ssn (139), Seq: 2724141424, Ack: 2724141424, Len: 0 Source port: 4839 (4839) Destination port: netbios-ssn (139) Sequence number: 2724141424 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xad31 (incorrect, should be 0xa38c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 40 1c 00 00 6d 06 96 16 d1 2d 7d 45 ac 10 .(@...m....-}E.. 0020 86 bf 12 e7 00 8b a2 5f 19 70 a2 5f 19 70 50 04 ......._.p._.pP. 0030 00 00 ad 31 00 00 00 00 00 00 00 00 ...1........ Frame 32505 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.121172000 Time delta from previous packet: 0.000012000 seconds Time relative to first packet: 355619.595968000 seconds Frame Number: 32505 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x452a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x5100 (incorrect, should be 0x475b) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3179 (3179), Dst Port: netbios-ssn (139), Seq: 2739931722, Ack: 0, Len: 0 Source port: 3179 (3179) Destination port: netbios-ssn (139) Sequence number: 2739931722 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x10f1 (incorrect, should be 0x074c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 45 2a 40 00 6d 06 51 00 d1 2d 7d 45 ac 10 .0E*@.m.Q..-}E.. 0020 86 bf 0c 6b 00 8b a3 50 0a 4a 00 00 00 00 70 02 ...k...P.J....p. 0030 40 00 10 f1 00 00 02 04 05 b4 01 01 04 02 @............. Frame 32506 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.121488000 Time delta from previous packet: 0.000316000 seconds Time relative to first packet: 355619.596284000 seconds Frame Number: 32506 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x452b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x50d6 (incorrect, should be 0x4731) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3180 (3180), Dst Port: netbios-ssn (139), Seq: 2739971010, Ack: 0, Len: 0 Source port: 3180 (3180) Destination port: netbios-ssn (139) Sequence number: 2739971010 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x774e (incorrect, should be 0x6da9) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 45 2b 40 00 6d 06 50 d6 d1 2d 7d 6e ac 10 .0E+@.m.P..-}n.. 0020 86 bf 0c 6c 00 8b a3 50 a3 c2 00 00 00 00 70 02 ...l...P......p. 0030 40 00 77 4e 00 00 02 04 05 b4 01 01 04 02 @.wN.......... Frame 32509 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.128082000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 355619.602878000 seconds Frame Number: 32509 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.69 (209.45.125.69) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3abf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x496b (incorrect, should be 0x3fc6) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.69 (209.45.125.69) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3179 (3179), Seq: 2139407629, Ack: 2739931723, Len: 0 Source port: netbios-ssn (139) Destination port: 3179 (3179) Sequence number: 2139407629 Acknowledgement number: 2739931723 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xc7dd (incorrect, should be 0xbe38) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a bf 40 00 7f 06 49 6b ac 10 86 bf d1 2d .0:.@...Ik.....- 0020 7d 45 00 8b 0c 6b 7f 84 c5 0d a3 50 0a 4b 70 12 }E...k.....P.Kp. 0030 44 70 c7 dd 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32510 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.128084000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 355619.602880000 seconds Frame Number: 32510 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.110 (209.45.125.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3ac0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4941 (incorrect, should be 0x3f9c) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.110 (209.45.125.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3180 (3180), Seq: 2139453535, Ack: 2739971011, Len: 0 Source port: netbios-ssn (139) Destination port: 3180 (3180) Sequence number: 2139453535 Acknowledgement number: 2739971011 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7ae8 (incorrect, should be 0x7143) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a c0 40 00 7f 06 49 41 ac 10 86 bf d1 2d .0:.@...IA.....- 0020 7d 6e 00 8b 0c 6c 7f 85 78 5f a3 50 a3 c3 70 12 }n...l..x_.P..p. 0030 44 70 7a e8 00 00 02 04 05 b4 01 01 04 02 Dpz........... Frame 32514 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.331196000 Time delta from previous packet: 0.008123000 seconds Time relative to first packet: 355619.805992000 seconds Frame Number: 32514 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x456f Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x90c3 (incorrect, should be 0x871e) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3179 (3179), Dst Port: netbios-ssn (139), Seq: 2739931723, Ack: 2739931723, Len: 0 Source port: 3179 (3179) Destination port: netbios-ssn (139) Sequence number: 2739931723 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xd015 (incorrect, should be 0xc670) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 45 6f 00 00 6d 06 90 c3 d1 2d 7d 45 ac 10 .(Eo..m....-}E.. 0020 86 bf 0c 6b 00 8b a3 50 0a 4b a3 50 0a 4b 50 04 ...k...P.K.P.KP. 0030 00 00 d0 15 00 00 00 00 00 00 00 00 ............ Frame 32515 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:09.331251000 Time delta from previous packet: 0.000055000 seconds Time relative to first packet: 355619.806047000 seconds Frame Number: 32515 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4572 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x9097 (incorrect, should be 0x86f2) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3180 (3180), Dst Port: netbios-ssn (139), Seq: 2739971011, Ack: 2739971011, Len: 0 Source port: 3180 (3180) Destination port: netbios-ssn (139) Sequence number: 2739971011 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x9cfa (incorrect, should be 0x9355) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 45 72 00 00 6d 06 90 97 d1 2d 7d 6e ac 10 .(Er..m....-}n.. 0020 86 bf 0c 6c 00 8b a3 50 a3 c3 a3 50 a3 c3 50 04 ...l...P...P..P. 0030 00 00 9c fa 00 00 00 00 00 00 00 00 ............ Frame 32574 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:14.838904000 Time delta from previous packet: 0.005631000 seconds Time relative to first packet: 355625.313700000 seconds Frame Number: 32574 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4d25 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x4905 (incorrect, should be 0x3f60) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3703 (3703), Dst Port: netbios-ssn (139), Seq: 2765675372, Ack: 0, Len: 0 Source port: 3703 (3703) Destination port: netbios-ssn (139) Sequence number: 2765675372 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x3c3a (incorrect, should be 0x3295) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4d 25 40 00 6d 06 49 05 d1 2d 7d 45 ac 10 .0M%@.m.I..-}E.. 0020 86 bf 0e 77 00 8b a4 d8 db 6c 00 00 00 00 70 02 ...w.....l....p. 0030 40 00 3c 3a 00 00 02 04 05 b4 01 01 04 02 @.<:.......... Frame 32575 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:14.838906000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 355625.313702000 seconds Frame Number: 32575 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4d26 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x48db (incorrect, should be 0x3f36) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3704 (3704), Dst Port: netbios-ssn (139), Seq: 2765734365, Ack: 0, Len: 0 Source port: 3704 (3704) Destination port: netbios-ssn (139) Sequence number: 2765734365 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x559e (incorrect, should be 0x4bf9) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4d 26 40 00 6d 06 48 db d1 2d 7d 6e ac 10 .0M&@.m.H..-}n.. 0020 86 bf 0e 78 00 8b a4 d9 c1 dd 00 00 00 00 70 02 ...x..........p. 0030 40 00 55 9e 00 00 02 04 05 b4 01 01 04 02 @.U........... Frame 32576 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:14.839045000 Time delta from previous packet: 0.000139000 seconds Time relative to first packet: 355625.313841000 seconds Frame Number: 32576 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.69 (209.45.125.69) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3ae0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x494a (incorrect, should be 0x3fa5) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.69 (209.45.125.69) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3703 (3703), Seq: 2140955270, Ack: 2765675373, Len: 0 Source port: netbios-ssn (139) Destination port: 3703 (3703) Sequence number: 2140955270 Acknowledgement number: 2765675373 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x5596 (incorrect, should be 0x4bf1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a e0 40 00 7f 06 49 4a ac 10 86 bf d1 2d .0:.@...IJ.....- 0020 7d 45 00 8b 0e 77 7f 9c 62 86 a4 d8 db 6d 70 12 }E...w..b....mp. 0030 44 70 55 96 00 00 02 04 05 b4 01 01 04 02 DpU........... Frame 32577 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:55:14.839068000 Time delta from previous packet: 0.000023000 seconds Time relative to first packet: 355625.313864000 seconds Frame Number: 32577 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 209.45.125.110 (209.45.125.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3ae1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x4920 (incorrect, should be 0x3f7b) Source: 172.16.134.191 (172.16.134.191) Destination: 209.45.125.110 (209.45.125.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3704 (3704), Seq: 2141009190, Ack: 2765734366, Len: 0 Source port: netbios-ssn (139) Destination port: 3704 (3704) Sequence number: 2141009190 Acknowledgement number: 2765734366 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x9c59 (incorrect, should be 0x92b4) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3a e1 40 00 7f 06 49 20 ac 10 86 bf d1 2d .0:.@...I .....- 0020 7d 6e 00 8b 0e 78 7f 9d 35 26 a4 d9 c1 de 70 12 }n...x..5&....p. 0030 44 70 9c 59 00 00 02 04 05 b4 01 01 04 02 Dp.Y.......... Frame 32581 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:15.073966000 Time delta from previous packet: 0.000001000 seconds Time relative to first packet: 355625.548762000 seconds Frame Number: 32581 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.69 (209.45.125.69), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d7e Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x88b4 (incorrect, should be 0x7f0f) Source: 209.45.125.69 (209.45.125.69) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3703 (3703), Dst Port: netbios-ssn (139), Seq: 2765675373, Ack: 2765675373, Len: 0 Source port: 3703 (3703) Destination port: netbios-ssn (139) Sequence number: 2765675373 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x28b4 (incorrect, should be 0x1f0f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 7e 00 00 6d 06 88 b4 d1 2d 7d 45 ac 10 .(M~..m....-}E.. 0020 86 bf 0e 77 00 8b a4 d8 db 6d a4 d8 db 6d 50 04 ...w.....m...mP. 0030 00 00 28 b4 00 00 00 00 00 00 00 00 ..(......... Frame 32582 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:55:15.073970000 Time delta from previous packet: 0.000004000 seconds Time relative to first packet: 355625.548766000 seconds Frame Number: 32582 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 209.45.125.110 (209.45.125.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4d7f Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x888a (incorrect, should be 0x7ee5) Source: 209.45.125.110 (209.45.125.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3704 (3704), Dst Port: netbios-ssn (139), Seq: 2765734366, Ack: 2765734366, Len: 0 Source port: 3704 (3704) Destination port: netbios-ssn (139) Sequence number: 2765734366 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x5ba6 (incorrect, should be 0x5201) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4d 7f 00 00 6d 06 88 8a d1 2d 7d 6e ac 10 .(M...m....-}n.. 0020 86 bf 0e 78 00 8b a4 d9 c1 de a4 d9 c1 de 50 04 ...x..........P. 0030 00 00 5b a6 00 00 00 00 00 00 00 00 ..[......... Frame 32785 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:56:21.107125000 Time delta from previous packet: 1.204987000 seconds Time relative to first packet: 355691.581921000 seconds Frame Number: 32785 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.55.71.169 (61.55.71.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7757 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xe465 (incorrect, should be 0xdac0) Source: 61.55.71.169 (61.55.71.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1530 (1530), Dst Port: netbios-ssn (139), Seq: 1761918, Ack: 0, Len: 0 Source port: 1530 (1530) Destination port: netbios-ssn (139) Sequence number: 1761918 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xcc24 (incorrect, should be 0xc27f) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 77 57 40 00 71 06 e4 65 3d 37 47 a9 ac 10 .0wW@.q..e=7G... 0020 86 bf 05 fa 00 8b 00 1a e2 7e 00 00 00 00 70 02 .........~....p. 0030 20 00 cc 24 00 00 02 04 05 86 01 01 04 02 ..$.......... Frame 32786 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 03:56:21.113141000 Time delta from previous packet: 0.006016000 seconds Time relative to first packet: 355691.587937000 seconds Frame Number: 32786 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.55.71.169 (61.55.71.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x3b53 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x126a (incorrect, should be 0x08c5) Source: 172.16.134.191 (172.16.134.191) Destination: 61.55.71.169 (61.55.71.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1530 (1530), Seq: 2157945216, Ack: 1761919, Len: 0 Source port: netbios-ssn (139) Destination port: 1530 (1530) Sequence number: 2157945216 Acknowledgement number: 1761919 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x877d (incorrect, should be 0x7dd8) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 3b 53 40 00 7f 06 12 6a ac 10 86 bf 3d 37 .0;S@....j....=7 0020 47 a9 00 8b 05 fa 80 9f a1 80 00 1a e2 7f 70 12 G.............p. 0030 42 48 87 7d 00 00 02 04 05 b4 01 01 04 02 BH.}.......... Frame 32787 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:56:22.233039000 Time delta from previous packet: 1.119898000 seconds Time relative to first packet: 355692.707835000 seconds Frame Number: 32787 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.55.71.169 (61.55.71.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x8057 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xdb6d (incorrect, should be 0xd1c8) Source: 61.55.71.169 (61.55.71.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1530 (1530), Dst Port: netbios-ssn (139), Seq: 1761919, Ack: 2157945217, Len: 0 Source port: 1530 (1530) Destination port: netbios-ssn (139) Sequence number: 1761919 Acknowledgement number: 2157945217 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8484 Checksum: 0xd565 (incorrect, should be 0xcbc0) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 80 57 40 00 71 06 db 6d 3d 37 47 a9 ac 10 .(.W@.q..m=7G... 0020 86 bf 05 fa 00 8b 00 1a e2 7f 80 9f a1 81 50 10 ..............P. 0030 21 24 d5 65 00 00 00 00 00 00 00 00 !$.e........ Frame 32788 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 03:56:22.252926000 Time delta from previous packet: 0.019887000 seconds Time relative to first packet: 355692.727722000 seconds Frame Number: 32788 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.55.71.169 (61.55.71.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x8157 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xda25 (incorrect, should be 0xd080) Source: 61.55.71.169 (61.55.71.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1530 (1530), Dst Port: netbios-ssn (139), Seq: 1761919, Ack: 2157945217, Len: 72 Source port: 1530 (1530) Destination port: netbios-ssn (139) Sequence number: 1761919 Next sequence number: 1761991 Acknowledgement number: 2157945217 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8484 Checksum: 0xa350 (incorrect, should be 0x99ab) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 81 57 40 00 71 06 da 25 3d 37 47 a9 ac 10 .p.W@.q..%=7G... 0020 86 bf 05 fa 00 8b 00 1a e2 7f 80 9f a1 81 50 18 ..............P. 0030 21 24 a3 50 00 00 81 00 00 44 20 46 44 45 43 45 !$.P.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32789 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:56:22.253702000 Time delta from previous packet: 0.000776000 seconds Time relative to first packet: 355692.728498000 seconds Frame Number: 32789 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.55.71.169 (61.55.71.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x3b56 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x126b (incorrect, should be 0x08c6) Source: 172.16.134.191 (172.16.134.191) Destination: 61.55.71.169 (61.55.71.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1530 (1530), Seq: 2157945217, Ack: 1761991, Len: 4 Source port: netbios-ssn (139) Destination port: 1530 (1530) Sequence number: 2157945217 Next sequence number: 2157945221 Acknowledgement number: 1761991 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16896 Checksum: 0x3235 (incorrect, should be 0x2890) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 3b 56 40 00 7f 06 12 6b ac 10 86 bf 3d 37 .,;V@....k....=7 0020 47 a9 00 8b 05 fa 80 9f a1 81 00 1a e2 c7 50 18 G.............P. 0030 42 00 32 35 00 00 82 00 00 00 00 00 B.25........ Frame 32790 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 03:56:23.377716000 Time delta from previous packet: 1.124014000 seconds Time relative to first packet: 355693.852512000 seconds Frame Number: 32790 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.55.71.169 (61.55.71.169), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x8957 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xd22f (incorrect, should be 0xc88a) Source: 61.55.71.169 (61.55.71.169) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1530 (1530), Dst Port: netbios-ssn (139), Seq: 1761991, Ack: 2157945221, Len: 62 Source port: 1530 (1530) Destination port: netbios-ssn (139) Sequence number: 1761991 Next sequence number: 1762053 Acknowledgement number: 2157945221 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8480 Checksum: 0x4151 (incorrect, should be 0x57ab) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 89 57 40 00 71 06 d2 2f 3d 37 47 a9 ac 10 .f.W@.q../=7G... 0020 86 bf 05 fa 00 8b 00 1a e2 c7 80 9f a1 85 50 18 ..............P. 0030 21 20 41 51 00 00 00 00 00 3a ff 53 4d 42 75 00 ! AQ.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32791 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 03:56:23.381427000 Time delta from previous packet: 0.003711000 seconds Time relative to first packet: 355693.856223000 seconds Frame Number: 32791 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.55.71.169 (61.55.71.169) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x3b57 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x126e (incorrect, should be 0x08c9) Source: 172.16.134.191 (172.16.134.191) Destination: 61.55.71.169 (61.55.71.169) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1530 (1530), Seq: 2157945221, Ack: 1761991, Len: 0 Source port: netbios-ssn (139) Destination port: 1530 (1530) Sequence number: 2157945221 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xf649 (incorrect, should be 0xeca4) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 3b 57 40 00 7f 06 12 6e ac 10 86 bf 3d 37 .(;W@....n....=7 0020 47 a9 00 8b 05 fa 80 9f a1 85 00 1a e2 c7 50 04 G.............P. 0030 00 00 f6 49 00 00 00 00 00 00 00 00 ...I........ Frame 32795 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 04:49:34.989873000 Time delta from previous packet: 1.742386000 seconds Time relative to first packet: 358885.464669000 seconds Frame Number: 32795 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.251.129.118 (62.251.129.118), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x677e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xbdad (incorrect, should be 0xb408) Source: 62.251.129.118 (62.251.129.118) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1087 (1087), Dst Port: netbios-ssn (139), Seq: 2362646809, Ack: 0, Len: 0 Source port: 1087 (1087) Destination port: netbios-ssn (139) Sequence number: 2362646809 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa6cc (incorrect, should be 0x9d27) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 67 7e 40 00 6c 06 bd ad 3e fb 81 76 ac 10 .0g~@.l...>..v.. 0020 86 bf 04 3f 00 8b 8c d3 21 19 00 00 00 00 70 02 ...?....!.....p. 0030 40 00 a6 cc 00 00 02 04 05 b4 01 01 04 02 @............. Frame 32796 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 04:49:34.995923000 Time delta from previous packet: 0.006050000 seconds Time relative to first packet: 358885.470719000 seconds Frame Number: 32796 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.251.129.118 (62.251.129.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd22b (incorrect, should be 0xc886) Source: 172.16.134.191 (172.16.134.191) Destination: 62.251.129.118 (62.251.129.118) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1087 (1087), Seq: 2955351409, Ack: 2362646810, Len: 0 Source port: netbios-ssn (139) Destination port: 1087 (1087) Sequence number: 2955351409 Acknowledgement number: 2362646810 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xdcb2 (incorrect, should be 0xd30d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 40 00 40 00 7f 06 d2 2b ac 10 86 bf 3e fb .0@.@....+....>. 0020 81 76 00 8b 04 3f b0 27 15 71 8c d3 21 1a 70 12 .v...?.'.q..!.p. 0030 44 70 dc b2 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32797 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 04:49:35.437988000 Time delta from previous packet: 0.442065000 seconds Time relative to first packet: 358885.912784000 seconds Frame Number: 32797 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 62.251.129.118 (62.251.129.118), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6797 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xbd9c (incorrect, should be 0xb3f7) Source: 62.251.129.118 (62.251.129.118) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1087 (1087), Dst Port: netbios-ssn (139), Seq: 2362646810, Ack: 2955351410, Len: 0 Source port: 1087 (1087) Destination port: netbios-ssn (139) Sequence number: 2362646810 Acknowledgement number: 2955351410 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x0977 (incorrect, should be 0xffd1) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 67 97 40 00 6c 06 bd 9c 3e fb 81 76 ac 10 .(g.@.l...>..v.. 0020 86 bf 04 3f 00 8b 8c d3 21 1a b0 27 15 72 50 10 ...?....!..'.rP. 0030 44 70 09 77 00 00 00 00 00 00 00 00 Dp.w........ Frame 32798 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 04:49:35.796368000 Time delta from previous packet: 0.358380000 seconds Time relative to first packet: 358886.271164000 seconds Frame Number: 32798 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.251.129.118 (62.251.129.118), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x6798 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xbd53 (incorrect, should be 0xb3ae) Source: 62.251.129.118 (62.251.129.118) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1087 (1087), Dst Port: netbios-ssn (139), Seq: 2362646810, Ack: 2955351410, Len: 72 Source port: 1087 (1087) Destination port: netbios-ssn (139) Sequence number: 2362646810 Next sequence number: 2362646882 Acknowledgement number: 2955351410 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd65b (incorrect, should be 0xccb6) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 67 98 40 00 6c 06 bd 53 3e fb 81 76 ac 10 .pg.@.l..S>..v.. 0020 86 bf 04 3f 00 8b 8c d3 21 1a b0 27 15 72 50 18 ...?....!..'.rP. 0030 44 70 d6 5b 00 00 81 00 00 44 20 46 44 45 43 45 Dp.[.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32799 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 04:49:35.798377000 Time delta from previous packet: 0.002009000 seconds Time relative to first packet: 358886.273173000 seconds Frame Number: 32799 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.251.129.118 (62.251.129.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x4001 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd22e (incorrect, should be 0xc889) Source: 172.16.134.191 (172.16.134.191) Destination: 62.251.129.118 (62.251.129.118) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1087 (1087), Seq: 2955351410, Ack: 2362646882, Len: 4 Source port: netbios-ssn (139) Destination port: 1087 (1087) Sequence number: 2955351410 Next sequence number: 2955351414 Acknowledgement number: 2362646882 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x876a (incorrect, should be 0x7dc5) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 40 01 40 00 7f 06 d2 2e ac 10 86 bf 3e fb .,@.@.........>. 0020 81 76 00 8b 04 3f b0 27 15 72 8c d3 21 62 50 18 .v...?.'.r..!bP. 0030 44 28 87 6a 00 00 82 00 00 00 00 00 D(.j........ Frame 32800 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 04:49:36.244646000 Time delta from previous packet: 0.446269000 seconds Time relative to first packet: 358886.719442000 seconds Frame Number: 32800 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 62.251.129.118 (62.251.129.118), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x67b8 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xbd3d (incorrect, should be 0xb398) Source: 62.251.129.118 (62.251.129.118) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1087 (1087), Dst Port: netbios-ssn (139), Seq: 2362646882, Ack: 2955351414, Len: 62 Source port: 1087 (1087) Destination port: netbios-ssn (139) Sequence number: 2362646882 Next sequence number: 2362646944 Acknowledgement number: 2955351414 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0x7562 (incorrect, should be 0x8bbc) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 67 b8 40 00 6c 06 bd 3d 3e fb 81 76 ac 10 .fg.@.l..=>..v.. 0020 86 bf 04 3f 00 8b 8c d3 21 62 b0 27 15 76 50 18 ...?....!b.'.vP. 0030 44 6c 75 62 00 00 00 00 00 3a ff 53 4d 42 75 00 Dlub.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32801 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 04:49:36.249416000 Time delta from previous packet: 0.004770000 seconds Time relative to first packet: 358886.724212000 seconds Frame Number: 32801 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 62.251.129.118 (62.251.129.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4002 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd231 (incorrect, should be 0xc88c) Source: 172.16.134.191 (172.16.134.191) Destination: 62.251.129.118 (62.251.129.118) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1087 (1087), Seq: 2955351414, Ack: 2362646882, Len: 0 Source port: netbios-ssn (139) Destination port: 1087 (1087) Sequence number: 2955351414 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x4da7 (incorrect, should be 0x4402) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 40 02 40 00 7f 06 d2 31 ac 10 86 bf 3e fb .(@.@....1....>. 0020 81 76 00 8b 04 3f b0 27 15 76 8c d3 21 62 50 04 .v...?.'.v..!bP. 0030 00 00 4d a7 00 00 00 00 00 00 00 00 ..M......... Frame 32804 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.379125000 Time delta from previous packet: 3.162662000 seconds Time relative to first packet: 360178.853921000 seconds Frame Number: 32804 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 164.125.76.48 (164.125.76.48), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xf54f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0x01a0 (incorrect, should be 0xf7fa) Source: 164.125.76.48 (164.125.76.48) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4512 (4512), Dst Port: netbios-ssn (139), Seq: 29065355, Ack: 0, Len: 0 Source port: 4512 (4512) Destination port: netbios-ssn (139) Sequence number: 29065355 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xb4d5 (incorrect, should be 0xab30) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 f5 4f 40 00 6a 06 01 a0 a4 7d 4c 30 ac 10 .0.O@.j....}L0.. 0020 86 bf 11 a0 00 8b 01 bb 80 8b 00 00 00 00 70 02 ..............p. 0030 20 00 b4 d5 00 00 02 04 05 b4 01 01 04 02 ............. Frame 32805 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.384231000 Time delta from previous packet: 0.005106000 seconds Time relative to first packet: 360178.859027000 seconds Frame Number: 32805 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 164.125.76.48 (164.125.76.48) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x41d3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa01c (incorrect, should be 0x9677) Source: 172.16.134.191 (172.16.134.191) Destination: 164.125.76.48 (164.125.76.48) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4512 (4512), Seq: 3279876818, Ack: 29065356, Len: 0 Source port: netbios-ssn (139) Destination port: 4512 (4512) Sequence number: 3279876818 Acknowledgement number: 29065356 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xda02 (incorrect, should be 0xd05d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 41 d3 40 00 7f 06 a0 1c ac 10 86 bf a4 7d .0A.@..........} 0020 4c 30 00 8b 11 a0 c3 7e f2 d2 01 bb 80 8c 70 12 L0.....~......p. 0030 44 70 da 02 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32806 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.548912000 Time delta from previous packet: 0.164681000 seconds Time relative to first packet: 360179.023708000 seconds Frame Number: 32806 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 164.125.76.48 (164.125.76.48), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xf84f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0xfea7 (incorrect, should be 0xf502) Source: 164.125.76.48 (164.125.76.48) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4512 (4512), Dst Port: netbios-ssn (139), Seq: 29065356, Ack: 3279876819, Len: 0 Source port: 4512 (4512) Destination port: netbios-ssn (139) Sequence number: 29065356 Acknowledgement number: 3279876819 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x28ff (incorrect, should be 0x1f5a) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 f8 4f 40 00 6a 06 fe a7 a4 7d 4c 30 ac 10 .(.O@.j....}L0.. 0020 86 bf 11 a0 00 8b 01 bb 80 8c c3 7e f2 d3 50 10 ...........~..P. 0030 22 38 28 ff 00 00 00 00 00 00 00 00 "8(......... Frame 32807 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.558923000 Time delta from previous packet: 0.010011000 seconds Time relative to first packet: 360179.033719000 seconds Frame Number: 32807 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 164.125.76.48 (164.125.76.48), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xf94f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0xfd5f (incorrect, should be 0xf3ba) Source: 164.125.76.48 (164.125.76.48) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4512 (4512), Dst Port: netbios-ssn (139), Seq: 29065356, Ack: 3279876819, Len: 72 Source port: 4512 (4512) Destination port: netbios-ssn (139) Sequence number: 29065356 Next sequence number: 29065428 Acknowledgement number: 3279876819 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf5e3 (incorrect, should be 0xec3e) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 f9 4f 40 00 6a 06 fd 5f a4 7d 4c 30 ac 10 .p.O@.j.._.}L0.. 0020 86 bf 11 a0 00 8b 01 bb 80 8c c3 7e f2 d3 50 18 ...........~..P. 0030 22 38 f5 e3 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32808 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.559607000 Time delta from previous packet: 0.000684000 seconds Time relative to first packet: 360179.034403000 seconds Frame Number: 32808 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 164.125.76.48 (164.125.76.48) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x41d4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa01f (incorrect, should be 0x967a) Source: 172.16.134.191 (172.16.134.191) Destination: 164.125.76.48 (164.125.76.48) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4512 (4512), Seq: 3279876819, Ack: 29065428, Len: 4 Source port: netbios-ssn (139) Destination port: 4512 (4512) Sequence number: 3279876819 Next sequence number: 3279876823 Acknowledgement number: 29065428 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x84ba (incorrect, should be 0x7b15) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 41 d4 40 00 7f 06 a0 1f ac 10 86 bf a4 7d .,A.@..........} 0020 4c 30 00 8b 11 a0 c3 7e f2 d3 01 bb 80 d4 50 18 L0.....~......P. 0030 44 28 84 ba 00 00 82 00 00 00 00 00 D(.......... Frame 32809 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:11:08.879091000 Time delta from previous packet: 0.319484000 seconds Time relative to first packet: 360179.353887000 seconds Frame Number: 32809 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 164.125.76.48 (164.125.76.48), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xfd4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0xf9a7 (incorrect, should be 0xf002) Source: 164.125.76.48 (164.125.76.48) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4512 (4512), Dst Port: netbios-ssn (139), Seq: 29065428, Ack: 3279876823, Len: 0 Source port: 4512 (4512) Destination port: netbios-ssn (139) Sequence number: 29065428 Acknowledgement number: 3279876823 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x28b7 (incorrect, should be 0x1f12) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 fd 4f 40 00 6a 06 f9 a7 a4 7d 4c 30 ac 10 .(.O@.j....}L0.. 0020 86 bf 11 a0 00 8b 01 bb 80 d4 c3 7e f2 d7 50 10 ...........~..P. 0030 22 34 28 b7 00 00 00 00 00 00 00 00 "4(......... Frame 32810 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 05:11:09.819689000 Time delta from previous packet: 0.940598000 seconds Time relative to first packet: 360180.294485000 seconds Frame Number: 32810 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 164.125.76.48 (164.125.76.48), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0150 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 106 Protocol: TCP (0x06) Header checksum: 0xf569 (incorrect, should be 0xebc4) Source: 164.125.76.48 (164.125.76.48) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4512 (4512), Dst Port: netbios-ssn (139), Seq: 29065428, Ack: 3279876823, Len: 62 Source port: 4512 (4512) Destination port: netbios-ssn (139) Sequence number: 29065428 Next sequence number: 29065490 Acknowledgement number: 3279876823 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x94ea (incorrect, should be 0xab44) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 01 50 40 00 6a 06 f5 69 a4 7d 4c 30 ac 10 .f.P@.j..i.}L0.. 0020 86 bf 11 a0 00 8b 01 bb 80 d4 c3 7e f2 d7 50 18 ...........~..P. 0030 22 34 94 ea 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32811 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:11:09.825829000 Time delta from previous packet: 0.006140000 seconds Time relative to first packet: 360180.300625000 seconds Frame Number: 32811 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 164.125.76.48 (164.125.76.48) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x41d5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa022 (incorrect, should be 0x967d) Source: 172.16.134.191 (172.16.134.191) Destination: 164.125.76.48 (164.125.76.48) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4512 (4512), Seq: 3279876823, Ack: 29065428, Len: 0 Source port: netbios-ssn (139) Destination port: 4512 (4512) Sequence number: 3279876823 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x4af7 (incorrect, should be 0x4152) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 41 d5 40 00 7f 06 a0 22 ac 10 86 bf a4 7d .(A.@....".....} 0020 4c 30 00 8b 11 a0 c3 7e f2 d7 01 bb 80 d4 50 04 L0.....~......P. 0030 00 00 4a f7 00 00 00 00 00 00 00 00 ..J......... Frame 32814 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:18:17.102364000 Time delta from previous packet: 1.471156000 seconds Time relative to first packet: 360607.577160000 seconds Frame Number: 32814 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.94.46.57 (219.94.46.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x28ef Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xb016 (incorrect, should be 0xa671) Source: 219.94.46.57 (219.94.46.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1075 (1075), Dst Port: netbios-ssn (139), Seq: 19991793, Ack: 0, Len: 0 Source port: 1075 (1075) Destination port: netbios-ssn (139) Sequence number: 19991793 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x1d85 (incorrect, should be 0x13e0) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 28 ef 40 00 6f 06 b0 16 db 5e 2e 39 ac 10 .0(.@.o....^.9.. 0020 86 bf 04 33 00 8b 01 31 0c f1 00 00 00 00 70 02 ...3...1......p. 0030 20 00 1d 85 00 00 02 04 05 ac 01 01 04 02 ............. Frame 32815 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:18:17.102995000 Time delta from previous packet: 0.000631000 seconds Time relative to first packet: 360607.577791000 seconds Frame Number: 32815 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.94.46.57 (219.94.46.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4272 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8693 (incorrect, should be 0x7cee) Source: 172.16.134.191 (172.16.134.191) Destination: 219.94.46.57 (219.94.46.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1075 (1075), Seq: 3385259931, Ack: 19991794, Len: 0 Source port: netbios-ssn (139) Destination port: 1075 (1075) Sequence number: 3385259931 Acknowledgement number: 19991794 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x37f9 (incorrect, should be 0x2e54) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 42 72 40 00 7f 06 86 93 ac 10 86 bf db 5e .0Br@..........^ 0020 2e 39 00 8b 04 33 c9 c6 f7 9b 01 31 0c f2 70 12 .9...3.....1..p. 0030 44 10 37 f9 00 00 02 04 05 b4 01 01 04 02 D.7........... Frame 32816 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:18:18.550480000 Time delta from previous packet: 1.447485000 seconds Time relative to first packet: 360609.025276000 seconds Frame Number: 32816 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 219.94.46.57 (219.94.46.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x59ef Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x7f1e (incorrect, should be 0x7579) Source: 219.94.46.57 (219.94.46.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1075 (1075), Dst Port: netbios-ssn (139), Seq: 19991794, Ack: 3385259932, Len: 0 Source port: 1075 (1075) Destination port: netbios-ssn (139) Sequence number: 19991794 Acknowledgement number: 3385259932 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0x86c5 (incorrect, should be 0x7d20) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 59 ef 40 00 6f 06 7f 1e db 5e 2e 39 ac 10 .(Y.@.o....^.9.. 0020 86 bf 04 33 00 8b 01 31 0c f2 c9 c6 f7 9c 50 10 ...3...1......P. 0030 22 08 86 c5 00 00 00 00 00 00 00 00 "........... Frame 32817 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 05:18:18.561014000 Time delta from previous packet: 0.010534000 seconds Time relative to first packet: 360609.035810000 seconds Frame Number: 32817 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.94.46.57 (219.94.46.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x5aef Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x7dd6 (incorrect, should be 0x7431) Source: 219.94.46.57 (219.94.46.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1075 (1075), Dst Port: netbios-ssn (139), Seq: 19991794, Ack: 3385259932, Len: 72 Source port: 1075 (1075) Destination port: netbios-ssn (139) Sequence number: 19991794 Next sequence number: 19991866 Acknowledgement number: 3385259932 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8712 Checksum: 0x5bb0 (incorrect, should be 0x520b) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 5a ef 40 00 6f 06 7d d6 db 5e 2e 39 ac 10 .pZ.@.o.}..^.9.. 0020 86 bf 04 33 00 8b 01 31 0c f2 c9 c6 f7 9c 50 18 ...3...1......P. 0030 22 08 5b b0 00 00 81 00 00 44 20 46 44 45 43 45 ".[......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32818 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:18:18.562454000 Time delta from previous packet: 0.001440000 seconds Time relative to first packet: 360609.037250000 seconds Frame Number: 32818 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.94.46.57 (219.94.46.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x4273 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8696 (incorrect, should be 0x7cf1) Source: 172.16.134.191 (172.16.134.191) Destination: 219.94.46.57 (219.94.46.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1075 (1075), Seq: 3385259932, Ack: 19991866, Len: 4 Source port: netbios-ssn (139) Destination port: 1075 (1075) Sequence number: 3385259932 Next sequence number: 3385259936 Acknowledgement number: 19991866 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0xe2b0 (incorrect, should be 0xd90b) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 42 73 40 00 7f 06 86 96 ac 10 86 bf db 5e .,Bs@..........^ 0020 2e 39 00 8b 04 33 c9 c6 f7 9c 01 31 0d 3a 50 18 .9...3.....1.:P. 0030 43 c8 e2 b0 00 00 82 00 00 00 00 00 C........... Frame 32819 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 05:18:19.981951000 Time delta from previous packet: 1.419497000 seconds Time relative to first packet: 360610.456747000 seconds Frame Number: 32819 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.94.46.57 (219.94.46.57), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x89ef Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x4ee0 (incorrect, should be 0x453b) Source: 219.94.46.57 (219.94.46.57) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1075 (1075), Dst Port: netbios-ssn (139), Seq: 19991866, Ack: 3385259936, Len: 62 Source port: 1075 (1075) Destination port: netbios-ssn (139) Sequence number: 19991866 Next sequence number: 19991928 Acknowledgement number: 3385259936 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8708 Checksum: 0xf2b0 (incorrect, should be 0x090b) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 89 ef 40 00 6f 06 4e e0 db 5e 2e 39 ac 10 .f..@.o.N..^.9.. 0020 86 bf 04 33 00 8b 01 31 0d 3a c9 c6 f7 a0 50 18 ...3...1.:....P. 0030 22 04 f2 b0 00 00 00 00 00 3a ff 53 4d 42 75 00 "........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32820 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:18:19.982667000 Time delta from previous packet: 0.000716000 seconds Time relative to first packet: 360610.457463000 seconds Frame Number: 32820 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.94.46.57 (219.94.46.57) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4276 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8697 (incorrect, should be 0x7cf2) Source: 172.16.134.191 (172.16.134.191) Destination: 219.94.46.57 (219.94.46.57) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1075 (1075), Seq: 3385259936, Ack: 19991866, Len: 0 Source port: netbios-ssn (139) Destination port: 1075 (1075) Sequence number: 3385259936 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa88d (incorrect, should be 0x9ee8) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 42 76 40 00 7f 06 86 97 ac 10 86 bf db 5e .(Bv@..........^ 0020 2e 39 00 8b 04 33 c9 c6 f7 a0 01 31 0d 3a 50 04 .9...3.....1.:P. 0030 00 00 a8 8d 00 00 00 00 00 00 00 00 ............ Frame 32823 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:22:17.850554000 Time delta from previous packet: 0.816303000 seconds Time relative to first packet: 360848.325350000 seconds Frame Number: 32823 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.140.149.137 (61.140.149.137), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x78a4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x94e3 (incorrect, should be 0x8b3e) Source: 61.140.149.137 (61.140.149.137) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1315 (1315), Dst Port: netbios-ssn (139), Seq: 7116167, Ack: 0, Len: 0 Source port: 1315 (1315) Destination port: netbios-ssn (139) Sequence number: 7116167 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xced9 (incorrect, should be 0xc534) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 78 a4 40 00 71 06 94 e3 3d 8c 95 89 ac 10 .0x.@.q...=..... 0020 86 bf 05 23 00 8b 00 6c 95 87 00 00 00 00 70 02 ...#...l......p. 0030 20 00 ce d9 00 00 02 04 02 18 01 01 04 02 ............. Frame 32824 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 05:22:17.855541000 Time delta from previous packet: 0.004987000 seconds Time relative to first packet: 360848.330337000 seconds Frame Number: 32824 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.140.149.137 (61.140.149.137) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x42d3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbcb4 (incorrect, should be 0xb30f) Source: 172.16.134.191 (172.16.134.191) Destination: 61.140.149.137 (61.140.149.137) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1315 (1315), Seq: 3445324717, Ack: 7116168, Len: 0 Source port: netbios-ssn (139) Destination port: 1315 (1315) Sequence number: 3445324717 Acknowledgement number: 7116168 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x613b (incorrect, should be 0x5796) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 42 d3 40 00 7f 06 bc b4 ac 10 86 bf 3d 8c .0B.@.........=. 0020 95 89 00 8b 05 23 cd 5b 7b ad 00 6c 95 88 70 12 .....#.[{..l..p. 0030 40 e8 61 3b 00 00 02 04 05 b4 01 01 04 02 @.a;.......... Frame 32825 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:22:18.689136000 Time delta from previous packet: 0.833595000 seconds Time relative to first packet: 360849.163932000 seconds Frame Number: 32825 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.140.149.137 (61.140.149.137), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x95a4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x77eb (incorrect, should be 0x6e46) Source: 61.140.149.137 (61.140.149.137) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1315 (1315), Dst Port: netbios-ssn (139), Seq: 7116168, Ack: 3445324718, Len: 0 Source port: 1315 (1315) Destination port: netbios-ssn (139) Sequence number: 7116168 Acknowledgement number: 3445324718 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xad67 (incorrect, should be 0xa3c2) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 95 a4 40 00 71 06 77 eb 3d 8c 95 89 ac 10 .(..@.q.w.=..... 0020 86 bf 05 23 00 8b 00 6c 95 88 cd 5b 7b ae 50 10 ...#...l...[{.P. 0030 21 80 ad 67 00 00 00 00 00 00 00 00 !..g........ Frame 32826 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 05:22:18.700600000 Time delta from previous packet: 0.011464000 seconds Time relative to first packet: 360849.175396000 seconds Frame Number: 32826 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.140.149.137 (61.140.149.137), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x96a4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x75a3 (incorrect, should be 0x6bfe) Source: 61.140.149.137 (61.140.149.137) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1315 (1315), Dst Port: netbios-ssn (139), Seq: 7116168, Ack: 3445324718, Len: 72 Source port: 1315 (1315) Destination port: netbios-ssn (139) Sequence number: 7116168 Next sequence number: 7116240 Acknowledgement number: 3445324718 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x8252 (incorrect, should be 0x78ad) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 96 a4 40 00 72 06 75 a3 3d 8c 95 89 ac 10 .p..@.r.u.=..... 0020 86 bf 05 23 00 8b 00 6c 95 88 cd 5b 7b ae 50 18 ...#...l...[{.P. 0030 21 80 82 52 00 00 81 00 00 44 20 46 44 45 43 45 !..R.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32827 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:22:18.702307000 Time delta from previous packet: 0.001707000 seconds Time relative to first packet: 360849.177103000 seconds Frame Number: 32827 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.140.149.137 (61.140.149.137) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x42d4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbcb7 (incorrect, should be 0xb312) Source: 172.16.134.191 (172.16.134.191) Destination: 61.140.149.137 (61.140.149.137) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1315 (1315), Seq: 3445324718, Ack: 7116240, Len: 4 Source port: netbios-ssn (139) Destination port: 1315 (1315) Sequence number: 3445324718 Next sequence number: 3445324722 Acknowledgement number: 7116240 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x0bf3 (incorrect, should be 0x024e) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 42 d4 40 00 7f 06 bc b7 ac 10 86 bf 3d 8c .,B.@.........=. 0020 95 89 00 8b 05 23 cd 5b 7b ae 00 6c 95 d0 50 18 .....#.[{..l..P. 0030 40 a0 0b f3 00 00 82 00 00 00 00 00 @........... Frame 32828 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 05:22:19.510130000 Time delta from previous packet: 0.807823000 seconds Time relative to first packet: 360849.984926000 seconds Frame Number: 32828 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.140.149.137 (61.140.149.137), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xb1a4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x5bad (incorrect, should be 0x5208) Source: 61.140.149.137 (61.140.149.137) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1315 (1315), Dst Port: netbios-ssn (139), Seq: 7116240, Ack: 3445324722, Len: 62 Source port: 1315 (1315) Destination port: netbios-ssn (139) Sequence number: 7116240 Next sequence number: 7116302 Acknowledgement number: 3445324722 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x1953 (incorrect, should be 0x2fad) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 b1 a4 40 00 71 06 5b ad 3d 8c 95 89 ac 10 .f..@.q.[.=..... 0020 86 bf 05 23 00 8b 00 6c 95 d0 cd 5b 7b b2 50 18 ...#...l...[{.P. 0030 21 7c 19 53 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.S.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32829 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 05:22:19.516066000 Time delta from previous packet: 0.005936000 seconds Time relative to first packet: 360849.990862000 seconds Frame Number: 32829 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.140.149.137 (61.140.149.137) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x42d5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xbcba (incorrect, should be 0xb315) Source: 172.16.134.191 (172.16.134.191) Destination: 61.140.149.137 (61.140.149.137) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1315 (1315), Seq: 3445324722, Ack: 7116240, Len: 0 Source port: netbios-ssn (139) Destination port: 1315 (1315) Sequence number: 3445324722 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xcea7 (incorrect, should be 0xc502) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 42 d5 40 00 7f 06 bc ba ac 10 86 bf 3d 8c .(B.@.........=. 0020 95 89 00 8b 05 23 cd 5b 7b b2 00 6c 95 d0 50 04 .....#.[{..l..P. 0030 00 00 ce a7 00 00 00 00 00 00 00 00 ............ Frame 32838 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.541142000 Time delta from previous packet: 0.286850000 seconds Time relative to first packet: 373649.015938000 seconds Frame Number: 32838 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.66.98.107 (200.66.98.107), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2cac Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x8b43 (incorrect, should be 0x819e) Source: 200.66.98.107 (200.66.98.107) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 9634 (9634), Dst Port: netbios-ssn (139), Seq: 1588749290, Ack: 0, Len: 0 Source port: 9634 (9634) Destination port: netbios-ssn (139) Sequence number: 1588749290 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x2ffd (incorrect, should be 0x2658) Options: (8 bytes) Maximum segment size: 1380 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 2c ac 40 00 6f 06 8b 43 c8 42 62 6b ac 10 .0,.@.o..C.Bbk.. 0020 86 bf 25 a2 00 8b 5e b2 63 ea 00 00 00 00 70 02 ..%...^.c.....p. 0030 16 d0 2f fd 00 00 02 04 05 64 01 01 04 02 ../......d.... Frame 32839 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.542537000 Time delta from previous packet: 0.001395000 seconds Time relative to first packet: 373649.017333000 seconds Frame Number: 32839 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.66.98.107 (200.66.98.107) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x557e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5271 (incorrect, should be 0x48cc) Source: 172.16.134.191 (172.16.134.191) Destination: 200.66.98.107 (200.66.98.107) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 9634 (9634), Seq: 2350742560, Ack: 1588749291, Len: 0 Source port: netbios-ssn (139) Destination port: 9634 (9634) Sequence number: 2350742560 Acknowledgement number: 1588749291 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16560 Checksum: 0xfd7d (incorrect, should be 0xf3d8) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 55 7e 40 00 7f 06 52 71 ac 10 86 bf c8 42 .0U~@...Rq.....B 0020 62 6b 00 8b 25 a2 8c 1d 7c 20 5e b2 63 eb 70 12 bk..%...| ^.c.p. 0030 40 b0 fd 7d 00 00 02 04 05 b4 01 01 04 02 @..}.......... Frame 32840 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.681259000 Time delta from previous packet: 0.138722000 seconds Time relative to first packet: 373649.156055000 seconds Frame Number: 32840 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 200.66.98.107 (200.66.98.107), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x32ac Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x854b (incorrect, should be 0x7ba6) Source: 200.66.98.107 (200.66.98.107) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 9634 (9634), Dst Port: netbios-ssn (139), Seq: 1588749291, Ack: 2350742561, Len: 0 Source port: 9634 (9634) Destination port: netbios-ssn (139) Sequence number: 1588749291 Acknowledgement number: 2350742561 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x5422 (incorrect, should be 0x4a7d) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 32 ac 40 00 6f 06 85 4b c8 42 62 6b ac 10 .(2.@.o..K.Bbk.. 0020 86 bf 25 a2 00 8b 5e b2 63 eb 8c 1d 7c 21 50 10 ..%...^.c...|!P. 0030 16 d0 54 22 00 00 00 00 00 00 00 00 ..T"........ Frame 32841 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.690589000 Time delta from previous packet: 0.009330000 seconds Time relative to first packet: 373649.165385000 seconds Frame Number: 32841 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.66.98.107 (200.66.98.107), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x34ac Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x8303 (incorrect, should be 0x795e) Source: 200.66.98.107 (200.66.98.107) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 9634 (9634), Dst Port: netbios-ssn (139), Seq: 1588749291, Ack: 2350742561, Len: 72 Source port: 9634 (9634) Destination port: netbios-ssn (139) Sequence number: 1588749291 Next sequence number: 1588749363 Acknowledgement number: 2350742561 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x0407 (incorrect, should be 0xfa61) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 34 ac 40 00 6f 06 83 03 c8 42 62 6b ac 10 .p4.@.o....Bbk.. 0020 86 bf 25 a2 00 8b 5e b2 63 eb 8c 1d 7c 21 50 18 ..%...^.c...|!P. 0030 16 d0 04 07 00 00 81 00 00 44 20 46 44 45 43 45 .........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32842 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.693005000 Time delta from previous packet: 0.002416000 seconds Time relative to first packet: 373649.167801000 seconds Frame Number: 32842 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.66.98.107 (200.66.98.107) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x557f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5274 (incorrect, should be 0x48cf) Source: 172.16.134.191 (172.16.134.191) Destination: 200.66.98.107 (200.66.98.107) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 9634 (9634), Seq: 2350742561, Ack: 1588749363, Len: 4 Source port: netbios-ssn (139) Destination port: 9634 (9634) Sequence number: 2350742561 Next sequence number: 2350742565 Acknowledgement number: 1588749363 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16488 Checksum: 0xa835 (incorrect, should be 0x9e90) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 55 7f 40 00 7f 06 52 74 ac 10 86 bf c8 42 .,U.@...Rt.....B 0020 62 6b 00 8b 25 a2 8c 1d 7c 21 5e b2 64 33 50 18 bk..%...|!^.d3P. 0030 40 68 a8 35 00 00 82 00 00 00 00 00 @h.5........ Frame 32843 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.842763000 Time delta from previous packet: 0.149758000 seconds Time relative to first packet: 373649.317559000 seconds Frame Number: 32843 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.66.98.107 (200.66.98.107), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x3bac Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0x7c0d (incorrect, should be 0x7268) Source: 200.66.98.107 (200.66.98.107) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 9634 (9634), Dst Port: netbios-ssn (139), Seq: 1588749363, Ack: 2350742565, Len: 62 Source port: 9634 (9634) Destination port: netbios-ssn (139) Sequence number: 1588749363 Next sequence number: 1588749425 Acknowledgement number: 2350742565 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5836 Checksum: 0xc00d (incorrect, should be 0xd667) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 3b ac 40 00 6f 06 7c 0d c8 42 62 6b ac 10 .f;.@.o.|..Bbk.. 0020 86 bf 25 a2 00 8b 5e b2 64 33 8c 1d 7c 25 50 18 ..%...^.d3..|%P. 0030 16 cc c0 0d 00 00 00 00 00 3a ff 53 4d 42 75 00 .........:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32844 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 08:55:38.842766000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 373649.317562000 seconds Frame Number: 32844 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.66.98.107 (200.66.98.107) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5580 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5277 (incorrect, should be 0x48d2) Source: 172.16.134.191 (172.16.134.191) Destination: 200.66.98.107 (200.66.98.107) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 9634 (9634), Seq: 2350742565, Ack: 1588749363, Len: 0 Source port: netbios-ssn (139) Destination port: 9634 (9634) Sequence number: 2350742565 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x6ab2 (incorrect, should be 0x610d) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 55 80 40 00 7f 06 52 77 ac 10 86 bf c8 42 .(U.@...Rw.....B 0020 62 6b 00 8b 25 a2 8c 1d 7c 25 5e b2 64 33 50 04 bk..%...|%^.d3P. 0030 00 00 6a b2 00 00 00 00 00 00 00 00 ..j......... Frame 32851 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.326869000 Time delta from previous packet: 0.216386000 seconds Time relative to first packet: 381756.801665000 seconds Frame Number: 32851 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.14.66.92 (61.14.66.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2034 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (0x06) Header checksum: 0x3eff (incorrect, should be 0x355a) Source: 61.14.66.92 (61.14.66.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4645 (4645), Dst Port: netbios-ssn (139), Seq: 7275372, Ack: 0, Len: 0 Source port: 4645 (4645) Destination port: netbios-ssn (139) Sequence number: 7275372 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa3ff (incorrect, should be 0x9a5a) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 20 34 40 00 73 06 3e ff 3d 0e 42 5c ac 10 .0 4@.s.>.=.B\.. 0020 86 bf 12 25 00 8b 00 6f 03 6c 00 00 00 00 70 02 ...%...o.l....p. 0030 20 00 a3 ff 00 00 02 04 05 b4 01 01 04 02 ............. Frame 32852 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.331048000 Time delta from previous packet: 0.004179000 seconds Time relative to first packet: 381756.805844000 seconds Frame Number: 32852 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.14.66.92 (61.14.66.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6163 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf1cf (incorrect, should be 0xe82a) Source: 172.16.134.191 (172.16.134.191) Destination: 61.14.66.92 (61.14.66.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4645 (4645), Seq: 87564995, Ack: 7275373, Len: 0 Source port: netbios-ssn (139) Destination port: 4645 (4645) Sequence number: 87564995 Acknowledgement number: 7275373 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x5783 (incorrect, should be 0x4dde) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 61 63 40 00 7f 06 f1 cf ac 10 86 bf 3d 0e .0ac@.........=. 0020 42 5c 00 8b 12 25 05 38 22 c3 00 6f 03 6d 70 12 B\...%.8"..o.mp. 0030 44 70 57 83 00 00 02 04 05 b4 01 01 04 02 DpW........... Frame 32853 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.524599000 Time delta from previous packet: 0.193551000 seconds Time relative to first packet: 381756.999395000 seconds Frame Number: 32853 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.14.66.92 (61.14.66.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x2834 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (0x06) Header checksum: 0x3707 (incorrect, should be 0x2d62) Source: 61.14.66.92 (61.14.66.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4645 (4645), Dst Port: netbios-ssn (139), Seq: 7275373, Ack: 87564996, Len: 0 Source port: 4645 (4645) Destination port: netbios-ssn (139) Sequence number: 7275373 Acknowledgement number: 87564996 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xa67f (incorrect, should be 0x9cda) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 28 34 40 00 73 06 37 07 3d 0e 42 5c ac 10 .((4@.s.7.=.B\.. 0020 86 bf 12 25 00 8b 00 6f 03 6d 05 38 22 c4 50 10 ...%...o.m.8".P. 0030 22 38 a6 7f 00 00 00 00 00 00 00 00 "8.......... Frame 32854 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.534650000 Time delta from previous packet: 0.010051000 seconds Time relative to first packet: 381757.009446000 seconds Frame Number: 32854 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.14.66.92 (61.14.66.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x2a34 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (0x06) Header checksum: 0x34bf (incorrect, should be 0x2b1a) Source: 61.14.66.92 (61.14.66.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4645 (4645), Dst Port: netbios-ssn (139), Seq: 7275373, Ack: 87564996, Len: 72 Source port: 4645 (4645) Destination port: netbios-ssn (139) Sequence number: 7275373 Next sequence number: 7275445 Acknowledgement number: 87564996 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x746a (incorrect, should be 0x6ac5) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 2a 34 40 00 73 06 34 bf 3d 0e 42 5c ac 10 .p*4@.s.4.=.B\.. 0020 86 bf 12 25 00 8b 00 6f 03 6d 05 38 22 c4 50 18 ...%...o.m.8".P. 0030 22 38 74 6a 00 00 81 00 00 44 20 46 44 45 43 45 "8tj.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32855 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.539743000 Time delta from previous packet: 0.005093000 seconds Time relative to first packet: 381757.014539000 seconds Frame Number: 32855 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.14.66.92 (61.14.66.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6164 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf1d2 (incorrect, should be 0xe82d) Source: 172.16.134.191 (172.16.134.191) Destination: 61.14.66.92 (61.14.66.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4645 (4645), Seq: 87564996, Ack: 7275445, Len: 4 Source port: netbios-ssn (139) Destination port: 4645 (4645) Sequence number: 87564996 Next sequence number: 87565000 Acknowledgement number: 7275445 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x023b (incorrect, should be 0xf895) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 61 64 40 00 7f 06 f1 d2 ac 10 86 bf 3d 0e .,ad@.........=. 0020 42 5c 00 8b 12 25 05 38 22 c4 00 6f 03 b5 50 18 B\...%.8"..o..P. 0030 44 28 02 3b 00 00 82 00 00 00 00 00 D(.;........ Frame 32856 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.745023000 Time delta from previous packet: 0.205280000 seconds Time relative to first packet: 381757.219819000 seconds Frame Number: 32856 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.14.66.92 (61.14.66.92), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x3834 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (0x06) Header checksum: 0x26c9 (incorrect, should be 0x1d24) Source: 61.14.66.92 (61.14.66.92) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4645 (4645), Dst Port: netbios-ssn (139), Seq: 7275445, Ack: 87565000, Len: 62 Source port: 4645 (4645) Destination port: netbios-ssn (139) Sequence number: 7275445 Next sequence number: 7275507 Acknowledgement number: 87565000 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x126b (incorrect, should be 0x28c5) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 38 34 40 00 73 06 26 c9 3d 0e 42 5c ac 10 .f84@.s.&.=.B\.. 0020 86 bf 12 25 00 8b 00 6f 03 b5 05 38 22 c8 50 18 ...%...o...8".P. 0030 22 34 12 6b 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.k.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32857 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 11:10:46.750095000 Time delta from previous packet: 0.005072000 seconds Time relative to first packet: 381757.224891000 seconds Frame Number: 32857 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.14.66.92 (61.14.66.92) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6165 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xf1d5 (incorrect, should be 0xe830) Source: 172.16.134.191 (172.16.134.191) Destination: 61.14.66.92 (61.14.66.92) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4645 (4645), Seq: 87565000, Ack: 7275445, Len: 0 Source port: netbios-ssn (139) Destination port: 4645 (4645) Sequence number: 87565000 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xc877 (incorrect, should be 0xbed2) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 61 65 40 00 7f 06 f1 d5 ac 10 86 bf 3d 0e .(ae@.........=. 0020 42 5c 00 8b 12 25 05 38 22 c8 00 6f 03 b5 50 04 B\...%.8"..o..P. 0030 00 00 c8 77 00 00 00 00 00 00 00 00 ...w........ Frame 32861 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.063913000 Time delta from previous packet: 2.511483000 seconds Time relative to first packet: 385788.538709000 seconds Frame Number: 32861 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.60.202.74 (200.60.202.74), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2b2b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x23eb (incorrect, should be 0x1a46) Source: 200.60.202.74 (200.60.202.74) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3313 (3313), Dst Port: netbios-ssn (139), Seq: 24145566, Ack: 0, Len: 0 Source port: 3313 (3313) Destination port: netbios-ssn (139) Sequence number: 24145566 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x29e3 (incorrect, should be 0x203e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 2b 2b 40 00 70 06 23 eb c8 3c ca 4a ac 10 .0++@.p.#..<.J.. 0020 86 bf 0c f1 00 8b 01 70 6e 9e 00 00 00 00 70 02 .......pn.....p. 0030 20 00 29 e3 00 00 02 04 05 b4 01 01 04 02 .)........... Frame 32862 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.064629000 Time delta from previous packet: 0.000716000 seconds Time relative to first packet: 385788.539425000 seconds Frame Number: 32862 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.60.202.74 (200.60.202.74) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6731 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd8e4 (incorrect, should be 0xcf3f) Source: 172.16.134.191 (172.16.134.191) Destination: 200.60.202.74 (200.60.202.74) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3313 (3313), Seq: 1095784859, Ack: 24145567, Len: 0 Source port: netbios-ssn (139) Destination port: 3313 (3313) Sequence number: 1095784859 Acknowledgement number: 24145567 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x6a76 (incorrect, should be 0x60d1) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 67 31 40 00 7f 06 d8 e4 ac 10 86 bf c8 3c .0g1@..........< 0020 ca 4a 00 8b 0c f1 41 50 59 9b 01 70 6e 9f 70 12 .J....APY..pn.p. 0030 44 70 6a 76 00 00 02 04 05 b4 01 01 04 02 Dpjv.......... Frame 32863 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.233800000 Time delta from previous packet: 0.169171000 seconds Time relative to first packet: 385788.708596000 seconds Frame Number: 32863 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 200.60.202.74 (200.60.202.74), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x2f2b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x1ff3 (incorrect, should be 0x164e) Source: 200.60.202.74 (200.60.202.74) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3313 (3313), Dst Port: netbios-ssn (139), Seq: 24145567, Ack: 1095784860, Len: 0 Source port: 3313 (3313) Destination port: netbios-ssn (139) Sequence number: 24145567 Acknowledgement number: 1095784860 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xb972 (incorrect, should be 0xafcd) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 2f 2b 40 00 70 06 1f f3 c8 3c ca 4a ac 10 .(/+@.p....<.J.. 0020 86 bf 0c f1 00 8b 01 70 6e 9f 41 50 59 9c 50 10 .......pn.APY.P. 0030 22 38 b9 72 00 00 00 00 00 00 00 00 "8.r........ Frame 32864 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.244780000 Time delta from previous packet: 0.010980000 seconds Time relative to first packet: 385788.719576000 seconds Frame Number: 32864 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.60.202.74 (200.60.202.74), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x302b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x1eab (incorrect, should be 0x1506) Source: 200.60.202.74 (200.60.202.74) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3313 (3313), Dst Port: netbios-ssn (139), Seq: 24145567, Ack: 1095784860, Len: 72 Source port: 3313 (3313) Destination port: netbios-ssn (139) Sequence number: 24145567 Next sequence number: 24145639 Acknowledgement number: 1095784860 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x6957 (incorrect, should be 0x5fb2) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 30 2b 40 00 70 06 1e ab c8 3c ca 4a ac 10 .p0+@.p....<.J.. 0020 86 bf 0c f1 00 8b 01 70 6e 9f 41 50 59 9c 50 18 .......pn.APY.P. 0030 22 38 69 57 00 00 81 00 00 44 20 46 44 45 43 45 "8iW.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32865 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.249387000 Time delta from previous packet: 0.004607000 seconds Time relative to first packet: 385788.724183000 seconds Frame Number: 32865 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.60.202.74 (200.60.202.74) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6732 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd8e7 (incorrect, should be 0xcf42) Source: 172.16.134.191 (172.16.134.191) Destination: 200.60.202.74 (200.60.202.74) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3313 (3313), Seq: 1095784860, Ack: 24145639, Len: 4 Source port: netbios-ssn (139) Destination port: 3313 (3313) Sequence number: 1095784860 Next sequence number: 1095784864 Acknowledgement number: 24145639 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x152e (incorrect, should be 0x0b89) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 67 32 40 00 7f 06 d8 e7 ac 10 86 bf c8 3c .,g2@..........< 0020 ca 4a 00 8b 0c f1 41 50 59 9c 01 70 6e e7 50 18 .J....APY..pn.P. 0030 44 28 15 2e 00 00 82 00 00 00 00 00 D(.......... Frame 32866 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.433723000 Time delta from previous packet: 0.184336000 seconds Time relative to first packet: 385788.908519000 seconds Frame Number: 32866 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 200.60.202.74 (200.60.202.74), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x352b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 112 Protocol: TCP (0x06) Header checksum: 0x19b5 (incorrect, should be 0x1010) Source: 200.60.202.74 (200.60.202.74) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3313 (3313), Dst Port: netbios-ssn (139), Seq: 24145639, Ack: 1095784864, Len: 62 Source port: 3313 (3313) Destination port: netbios-ssn (139) Sequence number: 24145639 Next sequence number: 24145701 Acknowledgement number: 1095784864 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x255e (incorrect, should be 0x3bb8) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 35 2b 40 00 70 06 19 b5 c8 3c ca 4a ac 10 .f5+@.p....<.J.. 0020 86 bf 0c f1 00 8b 01 70 6e e7 41 50 59 a0 50 18 .......pn.APY.P. 0030 22 34 25 5e 00 00 00 00 00 3a ff 53 4d 42 75 00 "4%^.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32867 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:17:58.434493000 Time delta from previous packet: 0.000770000 seconds Time relative to first packet: 385788.909289000 seconds Frame Number: 32867 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 200.60.202.74 (200.60.202.74) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6733 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xd8ea (incorrect, should be 0xcf45) Source: 172.16.134.191 (172.16.134.191) Destination: 200.60.202.74 (200.60.202.74) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3313 (3313), Seq: 1095784864, Ack: 24145639, Len: 0 Source port: netbios-ssn (139) Destination port: 3313 (3313) Sequence number: 1095784864 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xdb6a (incorrect, should be 0xd1c5) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 67 33 40 00 7f 06 d8 ea ac 10 86 bf c8 3c .(g3@..........< 0020 ca 4a 00 8b 0c f1 41 50 59 a0 01 70 6e e7 50 04 .J....APY..pn.P. 0030 00 00 db 6a 00 00 00 00 00 00 00 00 ...j........ Frame 32871 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 12:56:01.502351000 Time delta from previous packet: 0.778921000 seconds Time relative to first packet: 388071.977147000 seconds Frame Number: 32871 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.245.101 (217.227.245.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4d8a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xc3c9 (incorrect, should be 0xba24) Source: 217.227.245.101 (217.227.245.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1426 (1426), Dst Port: netbios-ssn (139), Seq: 1209030, Ack: 0, Len: 0 Source port: 1426 (1426) Destination port: netbios-ssn (139) Sequence number: 1209030 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xf241 (incorrect, should be 0xe89c) Options: (8 bytes) Maximum segment size: 1320 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4d 8a 40 00 71 06 c3 c9 d9 e3 f5 65 ac 10 .0M.@.q......e.. 0020 86 bf 05 92 00 8b 00 12 72 c6 00 00 00 00 70 02 ........r.....p. 0030 20 00 f2 41 00 00 02 04 05 28 01 01 04 02 ..A.....(.... Frame 32872 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 12:56:01.507790000 Time delta from previous packet: 0.005439000 seconds Time relative to first packet: 388071.982586000 seconds Frame Number: 32872 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.245.101 (217.227.245.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6a80 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x98d3 (incorrect, should be 0x8f2e) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.245.101 (217.227.245.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1426 (1426), Seq: 1661649098, Ack: 1209031, Len: 0 Source port: netbios-ssn (139) Destination port: 1426 (1426) Sequence number: 1661649098 Acknowledgement number: 1209031 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17160 Checksum: 0xaac7 (incorrect, should be 0xa122) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 6a 80 40 00 7f 06 98 d3 ac 10 86 bf d9 e3 .0j.@........... 0020 f5 65 00 8b 05 92 63 0a c0 ca 00 12 72 c7 70 12 .e....c.....r.p. 0030 43 08 aa c7 00 00 02 04 05 b4 01 01 04 02 C............. Frame 32873 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:56:01.732456000 Time delta from previous packet: 0.224666000 seconds Time relative to first packet: 388072.207252000 seconds Frame Number: 32873 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 217.227.245.101 (217.227.245.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x528a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xbed1 (incorrect, should be 0xb52c) Source: 217.227.245.101 (217.227.245.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1426 (1426), Dst Port: netbios-ssn (139), Seq: 1209031, Ack: 1661649099, Len: 0 Source port: 1426 (1426) Destination port: netbios-ssn (139) Sequence number: 1209031 Acknowledgement number: 1661649099 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 9240 Checksum: 0xf67b (incorrect, should be 0xecd6) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 52 8a 40 00 71 06 be d1 d9 e3 f5 65 ac 10 .(R.@.q......e.. 0020 86 bf 05 92 00 8b 00 12 72 c7 63 0a c0 cb 50 10 ........r.c...P. 0030 24 18 f6 7b 00 00 00 00 00 00 00 00 $..{........ Frame 32874 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 12:56:01.752300000 Time delta from previous packet: 0.019844000 seconds Time relative to first packet: 388072.227096000 seconds Frame Number: 32874 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.245.101 (217.227.245.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x538a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xbd89 (incorrect, should be 0xb3e4) Source: 217.227.245.101 (217.227.245.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1426 (1426), Dst Port: netbios-ssn (139), Seq: 1209031, Ack: 1661649099, Len: 72 Source port: 1426 (1426) Destination port: netbios-ssn (139) Sequence number: 1209031 Next sequence number: 1209103 Acknowledgement number: 1661649099 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 9240 Checksum: 0xc466 (incorrect, should be 0xbac1) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 53 8a 40 00 71 06 bd 89 d9 e3 f5 65 ac 10 .pS.@.q......e.. 0020 86 bf 05 92 00 8b 00 12 72 c7 63 0a c0 cb 50 18 ........r.c...P. 0030 24 18 c4 66 00 00 81 00 00 44 20 46 44 45 43 45 $..f.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32875 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:56:01.754036000 Time delta from previous packet: 0.001736000 seconds Time relative to first packet: 388072.228832000 seconds Frame Number: 32875 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.245.101 (217.227.245.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6a81 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x98d6 (incorrect, should be 0x8f31) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.245.101 (217.227.245.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1426 (1426), Seq: 1661649099, Ack: 1209103, Len: 4 Source port: netbios-ssn (139) Destination port: 1426 (1426) Sequence number: 1661649099 Next sequence number: 1661649103 Acknowledgement number: 1209103 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17088 Checksum: 0x557f (incorrect, should be 0x4bda) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 6a 81 40 00 7f 06 98 d6 ac 10 86 bf d9 e3 .,j.@........... 0020 f5 65 00 8b 05 92 63 0a c0 cb 00 12 73 0f 50 18 .e....c.....s.P. 0030 42 c0 55 7f 00 00 82 00 00 00 00 00 B.U......... Frame 32876 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 12:56:02.063656000 Time delta from previous packet: 0.309620000 seconds Time relative to first packet: 388072.538452000 seconds Frame Number: 32876 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 217.227.245.101 (217.227.245.101), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x5d8a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xb393 (incorrect, should be 0xa9ee) Source: 217.227.245.101 (217.227.245.101) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1426 (1426), Dst Port: netbios-ssn (139), Seq: 1209103, Ack: 1661649103, Len: 62 Source port: 1426 (1426) Destination port: netbios-ssn (139) Sequence number: 1209103 Next sequence number: 1209165 Acknowledgement number: 1661649103 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 9236 Checksum: 0x6267 (incorrect, should be 0x78c1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 5d 8a 40 00 71 06 b3 93 d9 e3 f5 65 ac 10 .f].@.q......e.. 0020 86 bf 05 92 00 8b 00 12 73 0f 63 0a c0 cf 50 18 ........s.c...P. 0030 24 14 62 67 00 00 00 00 00 3a ff 53 4d 42 75 00 $.bg.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32877 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 12:56:02.071169000 Time delta from previous packet: 0.007513000 seconds Time relative to first packet: 388072.545965000 seconds Frame Number: 32877 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 217.227.245.101 (217.227.245.101) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6a83 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x98d8 (incorrect, should be 0x8f33) Source: 172.16.134.191 (172.16.134.191) Destination: 217.227.245.101 (217.227.245.101) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1426 (1426), Seq: 1661649103, Ack: 1209103, Len: 0 Source port: netbios-ssn (139) Destination port: 1426 (1426) Sequence number: 1661649103 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x1a54 (incorrect, should be 0x10af) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 6a 83 40 00 7f 06 98 d8 ac 10 86 bf d9 e3 .(j.@........... 0020 f5 65 00 8b 05 92 63 0a c0 cf 00 12 73 0f 50 04 .e....c.....s.P. 0030 00 00 1a 54 00 00 00 00 00 00 00 00 ...T........ Frame 32895 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 16:11:01.814065000 Time delta from previous packet: 0.301183000 seconds Time relative to first packet: 399772.288861000 seconds Frame Number: 32895 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 203.115.96.146 (203.115.96.146), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x6635 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x5162 (incorrect, should be 0x47bd) Source: 203.115.96.146 (203.115.96.146) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1324 (1324), Dst Port: netbios-ssn (139), Seq: 94670980, Ack: 0, Len: 0 Source port: 1324 (1324) Destination port: netbios-ssn (139) Sequence number: 94670980 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x720f (incorrect, should be 0x686a) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 66 35 40 00 6e 06 51 62 cb 73 60 92 ac 10 .0f5@.n.Qb.s`... 0020 86 bf 05 2c 00 8b 05 a4 90 84 00 00 00 00 70 02 ...,..........p. 0030 20 00 72 0f 00 00 02 04 05 b4 01 01 04 02 .r........... Frame 32896 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 16:11:01.814874000 Time delta from previous packet: 0.000809000 seconds Time relative to first packet: 399772.289670000 seconds Frame Number: 32896 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 203.115.96.146 (203.115.96.146) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7ba2 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2af5 (incorrect, should be 0x2150) Source: 172.16.134.191 (172.16.134.191) Destination: 203.115.96.146 (203.115.96.146) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1324 (1324), Seq: 296972326, Ack: 94670981, Len: 0 Source port: netbios-ssn (139) Destination port: 1324 (1324) Sequence number: 296972326 Acknowledgement number: 94670981 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xcbb4 (incorrect, should be 0xc20f) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 7b a2 40 00 7f 06 2a f5 ac 10 86 bf cb 73 .0{.@...*......s 0020 60 92 00 8b 05 2c 11 b3 70 26 05 a4 90 85 70 12 `....,..p&....p. 0030 44 70 cb b4 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32897 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 16:11:02.121181000 Time delta from previous packet: 0.306307000 seconds Time relative to first packet: 399772.595977000 seconds Frame Number: 32897 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 203.115.96.146 (203.115.96.146), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x6f35 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x486a (incorrect, should be 0x3ec5) Source: 203.115.96.146 (203.115.96.146) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1324 (1324), Dst Port: netbios-ssn (139), Seq: 94670981, Ack: 296972327, Len: 0 Source port: 1324 (1324) Destination port: netbios-ssn (139) Sequence number: 94670981 Acknowledgement number: 296972327 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x1ab1 (incorrect, should be 0x110c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 6f 35 40 00 6e 06 48 6a cb 73 60 92 ac 10 .(o5@.n.Hj.s`... 0020 86 bf 05 2c 00 8b 05 a4 90 85 11 b3 70 27 50 10 ...,........p'P. 0030 22 38 1a b1 00 00 00 00 00 00 00 00 "8.......... Frame 32898 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 16:11:02.130997000 Time delta from previous packet: 0.009816000 seconds Time relative to first packet: 399772.605793000 seconds Frame Number: 32898 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 203.115.96.146 (203.115.96.146), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x7035 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x4722 (incorrect, should be 0x3d7d) Source: 203.115.96.146 (203.115.96.146) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1324 (1324), Dst Port: netbios-ssn (139), Seq: 94670981, Ack: 296972327, Len: 72 Source port: 1324 (1324) Destination port: netbios-ssn (139) Sequence number: 94670981 Next sequence number: 94671053 Acknowledgement number: 296972327 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xe89b (incorrect, should be 0xdef6) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 70 35 40 00 6e 06 47 22 cb 73 60 92 ac 10 .pp5@.n.G".s`... 0020 86 bf 05 2c 00 8b 05 a4 90 85 11 b3 70 27 50 18 ...,........p'P. 0030 22 38 e8 9b 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 32899 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 16:11:02.132889000 Time delta from previous packet: 0.001892000 seconds Time relative to first packet: 399772.607685000 seconds Frame Number: 32899 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 203.115.96.146 (203.115.96.146) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x7ba4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2af7 (incorrect, should be 0x2152) Source: 172.16.134.191 (172.16.134.191) Destination: 203.115.96.146 (203.115.96.146) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1324 (1324), Seq: 296972327, Ack: 94671053, Len: 4 Source port: netbios-ssn (139) Destination port: 1324 (1324) Sequence number: 296972327 Next sequence number: 296972331 Acknowledgement number: 94671053 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x766c (incorrect, should be 0x6cc7) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 7b a4 40 00 7f 06 2a f7 ac 10 86 bf cb 73 .,{.@...*......s 0020 60 92 00 8b 05 2c 11 b3 70 27 05 a4 90 cd 50 18 `....,..p'....P. 0030 44 28 76 6c 00 00 82 00 00 00 00 00 D(vl........ Frame 32900 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 16:11:02.440607000 Time delta from previous packet: 0.307718000 seconds Time relative to first packet: 399772.915403000 seconds Frame Number: 32900 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 203.115.96.146 (203.115.96.146), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x7935 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 110 Protocol: TCP (0x06) Header checksum: 0x3e2c (incorrect, should be 0x3487) Source: 203.115.96.146 (203.115.96.146) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1324 (1324), Dst Port: netbios-ssn (139), Seq: 94671053, Ack: 296972331, Len: 62 Source port: 1324 (1324) Destination port: netbios-ssn (139) Sequence number: 94671053 Next sequence number: 94671115 Acknowledgement number: 296972331 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x869c (incorrect, should be 0x9cf6) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 79 35 40 00 6e 06 3e 2c cb 73 60 92 ac 10 .fy5@.n.>,.s`... 0020 86 bf 05 2c 00 8b 05 a4 90 cd 11 b3 70 2b 50 18 ...,........p+P. 0030 22 34 86 9c 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 32901 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 16:11:02.441344000 Time delta from previous packet: 0.000737000 seconds Time relative to first packet: 399772.916140000 seconds Frame Number: 32901 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 203.115.96.146 (203.115.96.146) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7ba5 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x2afa (incorrect, should be 0x2155) Source: 172.16.134.191 (172.16.134.191) Destination: 203.115.96.146 (203.115.96.146) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1324 (1324), Seq: 296972331, Ack: 94671053, Len: 0 Source port: netbios-ssn (139) Destination port: 1324 (1324) Sequence number: 296972331 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x3ca9 (incorrect, should be 0x3304) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 7b a5 40 00 7f 06 2a fa ac 10 86 bf cb 73 .({.@...*......s 0020 60 92 00 8b 05 2c 11 b3 70 2b 05 a4 90 cd 50 04 `....,..p+....P. 0030 00 00 3c a9 00 00 00 00 00 00 00 00 ..<......... Frame 32916 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:00:39.253520000 Time delta from previous packet: 0.009022000 seconds Time relative to first packet: 402749.728316000 seconds Frame Number: 32916 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 129.116.182.239 (129.116.182.239), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe091 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xc7a7 (incorrect, should be 0xbe02) Source: 129.116.182.239 (129.116.182.239) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4606 (4606), Dst Port: netbios-ssn (139), Seq: 4443611, Ack: 0, Len: 0 Source port: 4606 (4606) Destination port: netbios-ssn (139) Sequence number: 4443611 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x00e9 (incorrect, should be 0xf743) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e0 91 40 00 71 06 c7 a7 81 74 b6 ef ac 10 .0..@.q....t.... 0020 86 bf 11 fe 00 8b 00 43 cd db 00 00 00 00 70 02 .......C......p. 0030 40 00 00 e9 00 00 02 04 05 b4 01 01 04 02 @............. Frame 32917 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:00:39.254366000 Time delta from previous packet: 0.000846000 seconds Time relative to first packet: 402749.729162000 seconds Frame Number: 32917 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 129.116.182.239 (129.116.182.239) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8001 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x1a38 (incorrect, should be 0x1093) Source: 172.16.134.191 (172.16.134.191) Destination: 129.116.182.239 (129.116.182.239) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4606 (4606), Seq: 1036199602, Ack: 4443612, Len: 0 Source port: netbios-ssn (139) Destination port: 4606 (4606) Sequence number: 1036199602 Acknowledgement number: 4443612 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x97f2 (incorrect, should be 0x8e4d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 80 01 40 00 7f 06 1a 38 ac 10 86 bf 81 74 .0..@....8.....t 0020 b6 ef 00 8b 11 fe 3d c3 26 b2 00 43 cd dc 70 12 ......=.&..C..p. 0030 44 70 97 f2 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 32921 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 17:00:39.313473000 Time delta from previous packet: 0.004057000 seconds Time relative to first packet: 402749.788269000 seconds Frame Number: 32921 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 129.116.182.239 (129.116.182.239), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe0a0 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0x07a1 (incorrect, should be 0xfdfb) Source: 129.116.182.239 (129.116.182.239) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4606 (4606), Dst Port: netbios-ssn (139), Seq: 4443612, Ack: 4443612, Len: 0 Source port: 4606 (4606) Destination port: netbios-ssn (139) Sequence number: 4443612 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x9f89 (incorrect, should be 0x95e4) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 e0 a0 00 00 71 06 07 a1 81 74 b6 ef ac 10 .(....q....t.... 0020 86 bf 11 fe 00 8b 00 43 cd dc 00 43 cd dc 50 04 .......C...C..P. 0030 00 00 9f 89 00 00 00 00 00 00 00 00 ............ Frame 33162 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:00:46.686330000 Time delta from previous packet: 0.010245000 seconds Time relative to first packet: 402757.161126000 seconds Frame Number: 33162 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 129.116.182.239 (129.116.182.239), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xe8a7 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xbf91 (incorrect, should be 0xb5ec) Source: 129.116.182.239 (129.116.182.239) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4745 (4745), Dst Port: netbios-ssn (139), Seq: 12711932, Ack: 0, Len: 0 Source port: 4745 (4745) Destination port: netbios-ssn (139) Sequence number: 12711932 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xd5be (incorrect, should be 0xcc19) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 e8 a7 40 00 71 06 bf 91 81 74 b6 ef ac 10 .0..@.q....t.... 0020 86 bf 12 89 00 8b 00 c1 f7 fc 00 00 00 00 70 02 ..............p. 0030 40 00 d5 be 00 00 02 04 05 b4 01 01 04 02 @............. Frame 33163 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:00:46.686979000 Time delta from previous packet: 0.000649000 seconds Time relative to first packet: 402757.161775000 seconds Frame Number: 33163 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 129.116.182.239 (129.116.182.239) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x807d Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x19bc (incorrect, should be 0x1017) Source: 172.16.134.191 (172.16.134.191) Destination: 129.116.182.239 (129.116.182.239) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4745 (4745), Seq: 1038159765, Ack: 12711933, Len: 0 Source port: netbios-ssn (139) Destination port: 4745 (4745) Sequence number: 1038159765 Acknowledgement number: 12711933 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x83c7 (incorrect, should be 0x7a22) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 80 7d 40 00 7f 06 19 bc ac 10 86 bf 81 74 .0.}@..........t 0020 b6 ef 00 8b 12 89 3d e1 0f 95 00 c1 f7 fd 70 12 ......=.......p. 0030 44 70 83 c7 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 33166 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 17:00:46.735044000 Time delta from previous packet: 0.000216000 seconds Time relative to first packet: 402757.209840000 seconds Frame Number: 33166 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 129.116.182.239 (129.116.182.239), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xe8b9 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 113 Protocol: TCP (0x06) Header checksum: 0xff87 (incorrect, should be 0xf5e2) Source: 129.116.182.239 (129.116.182.239) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4745 (4745), Dst Port: netbios-ssn (139), Seq: 12711933, Ack: 12711933, Len: 0 Source port: 4745 (4745) Destination port: netbios-ssn (139) Sequence number: 12711933 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x49c0 (incorrect, should be 0x401b) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 e8 b9 00 00 71 06 ff 87 81 74 b6 ef ac 10 .(....q....t.... 0020 86 bf 12 89 00 8b 00 c1 f7 fd 00 c1 f7 fd 50 04 ..............P. 0030 00 00 49 c0 00 00 00 00 00 00 00 00 ..I......... Frame 33208 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.031377000 Time delta from previous packet: 0.241762000 seconds Time relative to first packet: 404039.506173000 seconds Frame Number: 33208 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 212.110.30.110 (212.110.30.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00) 0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x1d2b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xd535 (incorrect, should be 0xcb90) Source: 212.110.30.110 (212.110.30.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2547 (2547), Dst Port: netbios-ssn (139), Seq: 146476660, Ack: 0, Len: 0 Source port: 2547 (2547) Destination port: netbios-ssn (139) Sequence number: 146476660 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x256b (incorrect, should be 0x1bc6) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 60 ..i...........E` 0010 00 30 1d 2b 40 00 6c 06 d5 35 d4 6e 1e 6e ac 10 .0.+@.l..5.n.n.. 0020 86 bf 09 f3 00 8b 08 bb 0e 74 00 00 00 00 70 02 .........t....p. 0030 20 00 25 6b 00 00 02 04 05 b4 01 01 04 02 .%k.......... Frame 33209 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.032075000 Time delta from previous packet: 0.000698000 seconds Time relative to first packet: 404039.506871000 seconds Frame Number: 33209 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 212.110.30.110 (212.110.30.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8270 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5d50 (incorrect, should be 0x53ab) Source: 172.16.134.191 (172.16.134.191) Destination: 212.110.30.110 (212.110.30.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2547 (2547), Seq: 1358921611, Ack: 146476661, Len: 0 Source port: netbios-ssn (139) Destination port: 2547 (2547) Sequence number: 1358921611 Acknowledgement number: 146476661 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x305f (incorrect, should be 0x26ba) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 82 70 40 00 7f 06 5d 50 ac 10 86 bf d4 6e .0.p@...]P.....n 0020 1e 6e 00 8b 09 f3 50 ff 7f 8b 08 bb 0e 75 70 12 .n....P......up. 0030 44 70 30 5f 00 00 02 04 05 b4 01 01 04 02 Dp0_.......... Frame 33210 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.289403000 Time delta from previous packet: 0.257328000 seconds Time relative to first packet: 404039.764199000 seconds Frame Number: 33210 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 212.110.30.110 (212.110.30.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00) 0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x212b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xd13d (incorrect, should be 0xc798) Source: 212.110.30.110 (212.110.30.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2547 (2547), Dst Port: netbios-ssn (139), Seq: 146476661, Ack: 1358921612, Len: 0 Source port: 2547 (2547) Destination port: netbios-ssn (139) Sequence number: 146476661 Acknowledgement number: 1358921612 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x7f5b (incorrect, should be 0x75b6) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 60 ..i...........E` 0010 00 28 21 2b 40 00 6c 06 d1 3d d4 6e 1e 6e ac 10 .(!+@.l..=.n.n.. 0020 86 bf 09 f3 00 8b 08 bb 0e 75 50 ff 7f 8c 50 10 .........uP...P. 0030 22 38 7f 5b 00 00 00 00 00 00 00 00 "8.[........ Frame 33211 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.299518000 Time delta from previous packet: 0.010115000 seconds Time relative to first packet: 404039.774314000 seconds Frame Number: 33211 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 212.110.30.110 (212.110.30.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00) 0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x222b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xcff5 (incorrect, should be 0xc650) Source: 212.110.30.110 (212.110.30.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2547 (2547), Dst Port: netbios-ssn (139), Seq: 146476661, Ack: 1358921612, Len: 72 Source port: 2547 (2547) Destination port: netbios-ssn (139) Sequence number: 146476661 Next sequence number: 146476733 Acknowledgement number: 1358921612 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x5446 (incorrect, should be 0x4aa1) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 60 ..i...........E` 0010 00 70 22 2b 40 00 6c 06 cf f5 d4 6e 1e 6e ac 10 .p"+@.l....n.n.. 0020 86 bf 09 f3 00 8b 08 bb 0e 75 50 ff 7f 8c 50 18 .........uP...P. 0030 22 38 54 46 00 00 81 00 00 44 20 46 44 45 43 45 "8TF.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 33212 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.301296000 Time delta from previous packet: 0.001778000 seconds Time relative to first packet: 404039.776092000 seconds Frame Number: 33212 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 212.110.30.110 (212.110.30.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x8271 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5d53 (incorrect, should be 0x53ae) Source: 172.16.134.191 (172.16.134.191) Destination: 212.110.30.110 (212.110.30.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2547 (2547), Seq: 1358921612, Ack: 146476733, Len: 4 Source port: netbios-ssn (139) Destination port: 2547 (2547) Sequence number: 1358921612 Next sequence number: 1358921616 Acknowledgement number: 146476733 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0xdb16 (incorrect, should be 0xd171) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 82 71 40 00 7f 06 5d 53 ac 10 86 bf d4 6e .,.q@...]S.....n 0020 1e 6e 00 8b 09 f3 50 ff 7f 8c 08 bb 0e bd 50 18 .n....P.......P. 0030 44 28 db 16 00 00 82 00 00 00 00 00 D(.......... Frame 33213 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.549516000 Time delta from previous packet: 0.248220000 seconds Time relative to first packet: 404040.024312000 seconds Frame Number: 33213 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 212.110.30.110 (212.110.30.110), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x60 (DSCP 0x18: Class Selector 3; ECN: 0x00) 0110 00.. = Differentiated Services Codepoint: Class Selector 3 (0x18) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x252b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 108 Protocol: TCP (0x06) Header checksum: 0xccff (incorrect, should be 0xc35a) Source: 212.110.30.110 (212.110.30.110) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2547 (2547), Dst Port: netbios-ssn (139), Seq: 146476733, Ack: 1358921616, Len: 62 Source port: 2547 (2547) Destination port: netbios-ssn (139) Sequence number: 146476733 Next sequence number: 146476795 Acknowledgement number: 1358921616 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0xeb46 (incorrect, should be 0x01a1) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 60 ..i...........E` 0010 00 66 25 2b 40 00 6c 06 cc ff d4 6e 1e 6e ac 10 .f%+@.l....n.n.. 0020 86 bf 09 f3 00 8b 08 bb 0e bd 50 ff 7f 90 50 18 ..........P...P. 0030 22 34 eb 46 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.F.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 33214 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 17:22:09.550303000 Time delta from previous packet: 0.000787000 seconds Time relative to first packet: 404040.025099000 seconds Frame Number: 33214 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 212.110.30.110 (212.110.30.110) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x8272 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5d56 (incorrect, should be 0x53b1) Source: 172.16.134.191 (172.16.134.191) Destination: 212.110.30.110 (212.110.30.110) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2547 (2547), Seq: 1358921616, Ack: 146476733, Len: 0 Source port: netbios-ssn (139) Destination port: 2547 (2547) Sequence number: 1358921616 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xa153 (incorrect, should be 0x97ae) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 82 72 40 00 7f 06 5d 56 ac 10 86 bf d4 6e .(.r@...]V.....n 0020 1e 6e 00 8b 09 f3 50 ff 7f 90 08 bb 0e bd 50 04 .n....P.......P. 0030 00 00 a1 53 00 00 00 00 00 00 00 00 ...S........ Frame 33225 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 19:35:31.101683000 Time delta from previous packet: 0.005498000 seconds Time relative to first packet: 412041.576479000 seconds Frame Number: 33225 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.111.101.78 (61.111.101.78), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7ada Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xc705 (incorrect, should be 0xbd60) Source: 61.111.101.78 (61.111.101.78) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1696 (1696), Dst Port: netbios-ssn (139), Seq: 1679947992, Ack: 0, Len: 0 Source port: 1696 (1696) Destination port: netbios-ssn (139) Sequence number: 1679947992 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x5821 (incorrect, should be 0x4e7c) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 7a da 40 00 6d 06 c7 05 3d 6f 65 4e ac 10 .0z.@.m...=oeN.. 0020 86 bf 06 a0 00 8b 64 21 f8 d8 00 00 00 00 70 02 ......d!......p. 0030 fa f0 58 21 00 00 02 04 05 b4 01 01 04 02 ..X!.......... Frame 33226 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 19:35:31.101686000 Time delta from previous packet: 0.000003000 seconds Time relative to first packet: 412041.576482000 seconds Frame Number: 33226 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.111.101.78 (61.111.101.78) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8e16 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa1c9 (incorrect, should be 0x9824) Source: 172.16.134.191 (172.16.134.191) Destination: 61.111.101.78 (61.111.101.78) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1696 (1696), Seq: 3359456153, Ack: 1679947993, Len: 0 Source port: netbios-ssn (139) Destination port: 1696 (1696) Sequence number: 3359456153 Acknowledgement number: 1679947993 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x0aba (incorrect, should be 0x0115) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 8e 16 40 00 7f 06 a1 c9 ac 10 86 bf 3d 6f .0..@.........=o 0020 65 4e 00 8b 06 a0 c8 3d 3b 99 64 21 f8 d9 70 12 eN.....=;.d!..p. 0030 44 70 0a ba 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 33230 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 19:35:31.279472000 Time delta from previous packet: 0.008663000 seconds Time relative to first packet: 412041.754268000 seconds Frame Number: 33230 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.111.101.78 (61.111.101.78), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7adf Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x0709 (incorrect, should be 0xfd63) Source: 61.111.101.78 (61.111.101.78) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1696 (1696), Dst Port: netbios-ssn (139), Seq: 1679947993, Ack: 1679947993, Len: 0 Source port: 1696 (1696) Destination port: netbios-ssn (139) Sequence number: 1679947993 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x22d7 (incorrect, should be 0x1932) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7a df 00 00 6d 06 07 09 3d 6f 65 4e ac 10 .(z...m...=oeN.. 0020 86 bf 06 a0 00 8b 64 21 f8 d9 64 21 f8 d9 50 04 ......d!..d!..P. 0030 00 00 22 d7 00 00 00 00 00 00 00 00 .."......... Frame 33267 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 19:35:34.589571000 Time delta from previous packet: 0.010716000 seconds Time relative to first packet: 412045.064367000 seconds Frame Number: 33267 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.111.101.78 (61.111.101.78), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x7af3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0xc6ec (incorrect, should be 0xbd47) Source: 61.111.101.78 (61.111.101.78) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1698 (1698), Dst Port: netbios-ssn (139), Seq: 1680879914, Ack: 0, Len: 0 Source port: 1698 (1698) Destination port: netbios-ssn (139) Sequence number: 1680879914 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0x1fbf (incorrect, should be 0x161a) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 7a f3 40 00 6d 06 c6 ec 3d 6f 65 4e ac 10 .0z.@.m...=oeN.. 0020 86 bf 06 a2 00 8b 64 30 31 2a 00 00 00 00 70 02 ......d01*....p. 0030 fa f0 1f bf 00 00 02 04 05 b4 01 01 04 02 .............. Frame 33269 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 19:35:34.625901000 Time delta from previous packet: 0.000028000 seconds Time relative to first packet: 412045.100697000 seconds Frame Number: 33269 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.111.101.78 (61.111.101.78) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8e2c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa1b3 (incorrect, should be 0x980e) Source: 172.16.134.191 (172.16.134.191) Destination: 61.111.101.78 (61.111.101.78) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1698 (1698), Seq: 3360373591, Ack: 1680879915, Len: 0 Source port: netbios-ssn (139) Destination port: 1698 (1698) Sequence number: 3360373591 Acknowledgement number: 1680879915 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd28b (incorrect, should be 0xc8e6) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 8e 2c 40 00 7f 06 a1 b3 ac 10 86 bf 3d 6f .0.,@.........=o 0020 65 4e 00 8b 06 a2 c8 4b 3b 57 64 30 31 2b 70 12 eN.....K;Wd01+p. 0030 44 70 d2 8b 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 33272 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 19:35:34.806882000 Time delta from previous packet: 0.000001000 seconds Time relative to first packet: 412045.281678000 seconds Frame Number: 33272 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.111.101.78 (61.111.101.78), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x7af6 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x06f2 (incorrect, should be 0xfd4c) Source: 61.111.101.78 (61.111.101.78) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1698 (1698), Dst Port: netbios-ssn (139), Seq: 1680879915, Ack: 1680879915, Len: 0 Source port: 1698 (1698) Destination port: netbios-ssn (139) Sequence number: 1680879915 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xb214 (incorrect, should be 0xa86f) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 7a f6 00 00 6d 06 06 f2 3d 6f 65 4e ac 10 .(z...m...=oeN.. 0020 86 bf 06 a2 00 8b 64 30 31 2b 64 30 31 2b 50 04 ......d01+d01+P. 0030 00 00 b2 14 00 00 00 00 00 00 00 00 ............ Frame 35787 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.823140000 Time delta from previous packet: 0.109674000 seconds Time relative to first packet: 414534.297936000 seconds Frame Number: 35787 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.161.196.103 (24.161.196.103), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8fc3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 117 Protocol: TCP (0x06) Header checksum: 0x6fd1 (incorrect, should be 0x662c) Source: 24.161.196.103 (24.161.196.103) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64773 (64773), Dst Port: netbios-ssn (139), Seq: 7928047, Ack: 0, Len: 0 Source port: 64773 (64773) Destination port: netbios-ssn (139) Sequence number: 7928047 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0x85f3 (incorrect, should be 0x7c4e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 8f c3 40 00 75 06 6f d1 18 a1 c4 67 ac 10 .0..@.u.o....g.. 0020 86 bf fd 05 00 8b 00 78 f8 ef 00 00 00 00 70 02 .......x......p. 0030 ff ff 85 f3 00 00 02 04 05 b4 01 01 04 02 .............. Frame 35788 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.824302000 Time delta from previous packet: 0.001162000 seconds Time relative to first packet: 414534.299098000 seconds Frame Number: 35788 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.161.196.103 (24.161.196.103) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x968a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5f0a (incorrect, should be 0x5565) Source: 172.16.134.191 (172.16.134.191) Destination: 24.161.196.103 (24.161.196.103) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64773 (64773), Seq: 4021477693, Ack: 7928048, Len: 0 Source port: netbios-ssn (139) Destination port: 64773 (64773) Sequence number: 4021477693 Acknowledgement number: 7928048 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x7081 (incorrect, should be 0x66dc) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 96 8a 40 00 7f 06 5f 0a ac 10 86 bf 18 a1 .0..@..._....... 0020 c4 67 00 8b fd 05 ef b2 e1 3d 00 78 f8 f0 70 12 .g.......=.x..p. 0030 44 70 70 81 00 00 02 04 05 b4 01 01 04 02 Dpp........... Frame 35789 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.873205000 Time delta from previous packet: 0.048903000 seconds Time relative to first packet: 414534.348001000 seconds Frame Number: 35789 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 24.161.196.103 (24.161.196.103), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x91c3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 117 Protocol: TCP (0x06) Header checksum: 0x6dd9 (incorrect, should be 0x6434) Source: 24.161.196.103 (24.161.196.103) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64773 (64773), Dst Port: netbios-ssn (139), Seq: 7928048, Ack: 4021477694, Len: 0 Source port: 64773 (64773) Destination port: netbios-ssn (139) Sequence number: 7928048 Acknowledgement number: 4021477694 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xe1b5 (incorrect, should be 0xd810) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 91 c3 40 00 75 06 6d d9 18 a1 c4 67 ac 10 .(..@.u.m....g.. 0020 86 bf fd 05 00 8b 00 78 f8 f0 ef b2 e1 3e 50 10 .......x.....>P. 0030 ff ff e1 b5 00 00 00 00 00 00 00 00 ............ Frame 35790 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.873716000 Time delta from previous packet: 0.000511000 seconds Time relative to first packet: 414534.348512000 seconds Frame Number: 35790 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.161.196.103 (24.161.196.103), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x92c3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 117 Protocol: TCP (0x06) Header checksum: 0x6c91 (incorrect, should be 0x62ec) Source: 24.161.196.103 (24.161.196.103) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64773 (64773), Dst Port: netbios-ssn (139), Seq: 7928048, Ack: 4021477694, Len: 72 Source port: 64773 (64773) Destination port: netbios-ssn (139) Sequence number: 7928048 Next sequence number: 7928120 Acknowledgement number: 4021477694 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65535 Checksum: 0xafa0 (incorrect, should be 0xa5fb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 92 c3 40 00 75 06 6c 91 18 a1 c4 67 ac 10 .p..@.u.l....g.. 0020 86 bf fd 05 00 8b 00 78 f8 f0 ef b2 e1 3e 50 18 .......x.....>P. 0030 ff ff af a0 00 00 81 00 00 44 20 46 44 45 43 45 .........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 35791 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.877435000 Time delta from previous packet: 0.003719000 seconds Time relative to first packet: 414534.352231000 seconds Frame Number: 35791 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.161.196.103 (24.161.196.103) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x968b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5f0d (incorrect, should be 0x5568) Source: 172.16.134.191 (172.16.134.191) Destination: 24.161.196.103 (24.161.196.103) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64773 (64773), Seq: 4021477694, Ack: 7928120, Len: 4 Source port: netbios-ssn (139) Destination port: 64773 (64773) Sequence number: 4021477694 Next sequence number: 4021477698 Acknowledgement number: 7928120 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x1b39 (incorrect, should be 0x1194) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 96 8b 40 00 7f 06 5f 0d ac 10 86 bf 18 a1 .,..@..._....... 0020 c4 67 00 8b fd 05 ef b2 e1 3e 00 78 f9 38 50 18 .g.......>.x.8P. 0030 44 28 1b 39 00 00 82 00 00 00 00 00 D(.9........ Frame 35792 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.923105000 Time delta from previous packet: 0.045670000 seconds Time relative to first packet: 414534.397901000 seconds Frame Number: 35792 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 24.161.196.103 (24.161.196.103), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x94c3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 117 Protocol: TCP (0x06) Header checksum: 0x6a9b (incorrect, should be 0x60f6) Source: 24.161.196.103 (24.161.196.103) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 64773 (64773), Dst Port: netbios-ssn (139), Seq: 7928120, Ack: 4021477698, Len: 62 Source port: 64773 (64773) Destination port: netbios-ssn (139) Sequence number: 7928120 Next sequence number: 7928182 Acknowledgement number: 4021477698 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65531 Checksum: 0x4da1 (incorrect, should be 0x63fb) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 94 c3 40 00 75 06 6a 9b 18 a1 c4 67 ac 10 .f..@.u.j....g.. 0020 86 bf fd 05 00 8b 00 78 f9 38 ef b2 e1 42 50 18 .......x.8...BP. 0030 ff fb 4d a1 00 00 00 00 00 3a ff 53 4d 42 75 00 ..M......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 35793 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 20:17:03.925035000 Time delta from previous packet: 0.001930000 seconds Time relative to first packet: 414534.399831000 seconds Frame Number: 35793 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 24.161.196.103 (24.161.196.103) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x968c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5f10 (incorrect, should be 0x556b) Source: 172.16.134.191 (172.16.134.191) Destination: 24.161.196.103 (24.161.196.103) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 64773 (64773), Seq: 4021477698, Ack: 7928120, Len: 0 Source port: netbios-ssn (139) Destination port: 64773 (64773) Sequence number: 4021477698 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xe175 (incorrect, should be 0xd7d0) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 96 8c 40 00 7f 06 5f 10 ac 10 86 bf 18 a1 .(..@..._....... 0020 c4 67 00 8b fd 05 ef b2 e1 42 00 78 f9 38 50 04 .g.......B.x.8P. 0030 00 00 e1 75 00 00 00 00 00 00 00 00 ...u........ Frame 51181 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 23:57:27.306593000 Time delta from previous packet: 0.004502000 seconds Time relative to first packet: 427757.781389000 seconds Frame Number: 51181 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.8.163.125 (66.8.163.125), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x14ad Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe56a (incorrect, should be 0xdbc5) Source: 66.8.163.125 (66.8.163.125) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3745 (3745), Dst Port: netbios-ssn (139), Seq: 1848837533, Ack: 0, Len: 0 Source port: 3745 (3745) Destination port: netbios-ssn (139) Sequence number: 1848837533 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 64240 Checksum: 0xf689 (incorrect, should be 0xece4) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 14 ad 40 00 72 06 e5 6a 42 08 a3 7d ac 10 .0..@.r..jB..}.. 0020 86 bf 0e a1 00 8b 6e 33 05 9d 00 00 00 00 70 02 ......n3......p. 0030 fa f0 f6 89 00 00 02 04 05 ac 01 01 04 02 .............. Frame 51182 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 5, 2003 23:57:27.306595000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 427757.781391000 seconds Frame Number: 51182 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.8.163.125 (66.8.163.125) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x53ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x9929 (incorrect, should be 0x8f84) Source: 172.16.134.191 (172.16.134.191) Destination: 66.8.163.125 (66.8.163.125) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3745 (3745), Seq: 3738545071, Ack: 1848837534, Len: 0 Source port: netbios-ssn (139) Destination port: 3745 (3745) Sequence number: 3738545071 Acknowledgement number: 1848837534 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x22cc (incorrect, should be 0x1927) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 53 ee 40 00 7f 06 99 29 ac 10 86 bf 42 08 .0S.@....)....B. 0020 a3 7d 00 8b 0e a1 de d5 ab af 6e 33 05 9e 70 12 .}........n3..p. 0030 44 10 22 cc 00 00 02 04 05 b4 01 01 04 02 D."........... Frame 51186 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 23:57:27.558949000 Time delta from previous packet: 0.106723000 seconds Time relative to first packet: 427758.033745000 seconds Frame Number: 51186 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.8.163.125 (66.8.163.125), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x14b0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe56f (incorrect, should be 0xdbca) Source: 66.8.163.125 (66.8.163.125) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3745 (3745), Dst Port: netbios-ssn (139), Seq: 1848837534, Ack: 3738545072, Len: 0 Source port: 3745 (3745) Destination port: netbios-ssn (139) Sequence number: 1848837534 Acknowledgement number: 3738545072 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65340 Checksum: 0x9463 (incorrect, should be 0x8abe) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 14 b0 40 00 72 06 e5 6f 42 08 a3 7d ac 10 .(..@.r..oB..}.. 0020 86 bf 0e a1 00 8b 6e 33 05 9e de d5 ab b0 50 10 ......n3......P. 0030 ff 3c 94 63 00 00 00 00 00 00 00 00 .<.c........ Frame 51187 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 5, 2003 23:57:27.570155000 Time delta from previous packet: 0.011206000 seconds Time relative to first packet: 427758.044951000 seconds Frame Number: 51187 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.8.163.125 (66.8.163.125), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x14b1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe56e (incorrect, should be 0xdbc9) Source: 66.8.163.125 (66.8.163.125) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3745 (3745), Dst Port: netbios-ssn (139), Seq: 1848837534, Ack: 3738545072, Len: 0 Source port: 3745 (3745) Destination port: netbios-ssn (139) Sequence number: 1848837534 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x93ac (incorrect, should be 0x8a07) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 14 b1 40 00 72 06 e5 6e 42 08 a3 7d ac 10 .(..@.r..nB..}.. 0020 86 bf 0e a1 00 8b 6e 33 05 9e de d5 ab b0 50 04 ......n3......P. 0030 00 00 93 ac 00 00 00 00 00 00 00 00 ............