Frame 3 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.817956000 Time delta from previous packet: 0.292751000 seconds Time relative to first packet: 0.292752000 seconds Frame Number: 3 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0713 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715630, Ack: 0, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715630 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xe299 (incorrect, should be 0xd8f4) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 07 13 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .0..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2e 00 00 00 00 70 02 ...T..s.......p. 0030 40 00 e2 99 00 00 02 04 05 86 01 01 04 02 @............. Frame 4 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.818908000 Time delta from previous packet: 0.000952000 seconds Time relative to first packet: 0.293704000 seconds Frame Number: 4 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x82ee Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x550e (incorrect, should be 0x4b69) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847240, Ack: 1943715631, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847240 Acknowledgement number: 1943715631 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x9be8 (incorrect, should be 0x9243) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 82 ee 40 00 7f 06 55 0e ac 10 86 bf db 76 .0..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 88 73 da bf 2f 70 12 .*...T....s../p. 0030 42 48 9b e8 00 00 02 04 05 b4 01 01 04 02 BH............ Frame 5 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.923263000 Time delta from previous packet: 0.104355000 seconds Time relative to first packet: 0.398059000 seconds Frame Number: 5 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x071b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0e9 (incorrect, should be 0xd744) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 0 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0xc8ac (incorrect, should be 0xbf07) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 07 1b 40 00 6f 06 e0 e9 db 76 1f 2a ac 10 .(..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 10 ...T..s../....P. 0030 42 48 c8 ac 00 00 00 00 00 00 00 00 BH.......... Frame 6 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933135000 Time delta from previous packet: 0.009872000 seconds Time relative to first packet: 0.407931000 seconds Frame Number: 6 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x071c Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a0 (incorrect, should be 0xd6fb) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715631, Ack: 2476847241, Len: 72 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715631 Next sequence number: 1943715703 Acknowledgement number: 2476847241 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x7891 (incorrect, should be 0x6eec) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 07 1c 40 00 6f 06 e0 a0 db 76 1f 2a ac 10 .p..@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 2f 93 a1 b0 89 50 18 ...T..s../....P. 0030 42 48 78 91 00 00 81 00 00 44 20 46 44 45 43 45 BHx......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 7 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:09.933137000 Time delta from previous packet: 0.000002000 seconds Time relative to first packet: 0.407933000 seconds Frame Number: 7 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x82fb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5505 (incorrect, should be 0x4b60) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847241, Ack: 1943715703, Len: 4 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847241 Next sequence number: 2476847245 Acknowledgement number: 1943715703 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16896 Checksum: 0x46a0 (incorrect, should be 0x3cfb) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 82 fb 40 00 7f 06 55 05 ac 10 86 bf db 76 .,..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 89 73 da bf 77 50 18 .*...T....s..wP. 0030 42 00 46 a0 00 00 82 00 00 00 00 00 B.F......... Frame 8 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.039478000 Time delta from previous packet: 0.106341000 seconds Time relative to first packet: 0.514274000 seconds Frame Number: 8 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 219.118.31.42 (219.118.31.42), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0x0722 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 111 Protocol: TCP (0x06) Header checksum: 0xe0a4 (incorrect, should be 0xd6ff) Source: 219.118.31.42 (219.118.31.42) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 2388 (2388), Dst Port: netbios-ssn (139), Seq: 1943715703, Ack: 2476847245, Len: 62 Source port: 2388 (2388) Destination port: netbios-ssn (139) Sequence number: 1943715703 Next sequence number: 1943715765 Acknowledgement number: 2476847245 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16964 Checksum: 0x3498 (incorrect, should be 0x4af2) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 07 22 40 00 6f 06 e0 a4 db 76 1f 2a ac 10 .f."@.o....v.*.. 0020 86 bf 09 54 00 8b 73 da bf 77 93 a1 b0 8d 50 18 ...T..s..w....P. 0030 42 44 34 98 00 00 00 00 00 3a ff 53 4d 42 75 00 BD4......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 9 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 01:08:10.042384000 Time delta from previous packet: 0.002906000 seconds Time relative to first packet: 0.517180000 seconds Frame Number: 9 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 219.118.31.42 (219.118.31.42) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x82fc Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x5508 (incorrect, should be 0x4b63) Source: 172.16.134.191 (172.16.134.191) Destination: 219.118.31.42 (219.118.31.42) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 2388 (2388), Seq: 2476847245, Ack: 1943715703, Len: 0 Source port: netbios-ssn (139) Destination port: 2388 (2388) Sequence number: 2476847245 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0ab5 (incorrect, should be 0x0110) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 82 fc 40 00 7f 06 55 08 ac 10 86 bf db 76 .(..@...U......v 0020 1f 2a 00 8b 09 54 93 a1 b0 8d 73 da bf 77 50 04 .*...T....s..wP. 0030 00 00 0a b5 00 00 00 00 00 00 00 00 ............ Frame 13 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.676082000 Time delta from previous packet: 0.256298000 seconds Time relative to first packet: 8703.150878000 seconds Frame Number: 13 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xf3bb Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e5 (incorrect, should be 0xfe3f) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164465, Ack: 0, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164465 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xc042 (incorrect, should be 0xb69d) Options: (8 bytes) Maximum segment size: 1414 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 f3 bb 40 00 72 06 07 e5 da a3 09 59 ac 10 .0..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f1 00 00 00 00 70 02 ......r.......p. 0030 40 00 c0 42 00 00 02 04 05 86 01 01 04 02 @..B.......... Frame 14 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.678268000 Time delta from previous packet: 0.002186000 seconds Time relative to first packet: 8703.153064000 seconds Frame Number: 14 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 218.163.9.89 (218.163.9.89) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x2030 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xce70 (incorrect, should be 0xc4cb) Source: 172.16.134.191 (172.16.134.191) Destination: 218.163.9.89 (218.163.9.89) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4760 (4760), Seq: 406492478, Ack: 1926164466, Len: 0 Source port: netbios-ssn (139) Destination port: 4760 (4760) Sequence number: 406492478 Acknowledgement number: 1926164466 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x1043 (incorrect, should be 0x069e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 20 30 40 00 7f 06 ce 70 ac 10 86 bf da a3 .0 0@....p...... 0020 09 59 00 8b 12 98 18 3a 95 3e 72 ce ef f2 70 12 .Y.....:.>r...p. 0030 42 48 10 43 00 00 02 04 05 b4 01 01 04 02 BH.C.......... Frame 15 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 03:33:12.895758000 Time delta from previous packet: 0.217490000 seconds Time relative to first packet: 8703.370554000 seconds Frame Number: 15 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 218.163.9.89 (218.163.9.89), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xf3c4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x07e4 (incorrect, should be 0xfe3e) Source: 218.163.9.89 (218.163.9.89) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4760 (4760), Dst Port: netbios-ssn (139), Seq: 1926164466, Ack: 406492479, Len: 0 Source port: 4760 (4760) Destination port: netbios-ssn (139) Sequence number: 1926164466 Acknowledgement number: 406492479 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16968 Checksum: 0x3d07 (incorrect, should be 0x3362) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 f3 c4 40 00 72 06 07 e4 da a3 09 59 ac 10 .(..@.r......Y.. 0020 86 bf 12 98 00 8b 72 ce ef f2 18 3a 95 3f 50 10 ......r....:.?P. 0030 42 48 3d 07 00 00 00 00 00 00 00 00 BH=......... Frame 36 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.804840000 Time delta from previous packet: 2.724544000 seconds Time relative to first packet: 21085.279636000 seconds Frame Number: 36 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x8829 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xde42 (incorrect, should be 0xd49d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055695, Ack: 0, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055695 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x5e41 (incorrect, should be 0x549c) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 88 29 40 00 2f 06 de 42 3d 9b 7e 96 ac 10 .0.)@./..B=.~... 0020 86 bf 06 b4 00 8b 00 10 1b cf 00 00 00 00 70 02 ..............p. 0030 20 00 5e 41 00 00 02 04 02 18 01 01 04 02 .^A.......... Frame 37 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 06:59:34.809838000 Time delta from previous packet: 0.004998000 seconds Time relative to first packet: 21085.284634000 seconds Frame Number: 37 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9506 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8165 (incorrect, should be 0x77c0) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138197, Ack: 1055696, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138197 Acknowledgement number: 1055696 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0x1538 (incorrect, should be 0x0b93) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 06 40 00 7f 06 81 65 ac 10 86 bf 3d 9b .0..@....e....=. 0020 7e 96 00 8b 06 b4 ba de 69 95 00 10 1b d0 70 12 ~.......i.....p. 0030 40 e8 15 38 00 00 02 04 05 b4 01 01 04 02 @..8.......... Frame 38 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.965907000 Time delta from previous packet: 1.156069000 seconds Time relative to first packet: 21086.440703000 seconds Frame Number: 38 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9529 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xd14a (incorrect, should be 0xc7a5) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 0 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x6164 (incorrect, should be 0x57bf) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 95 29 40 00 2f 06 d1 4a 3d 9b 7e 96 ac 10 .(.)@./..J=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 10 ............i.P. 0030 21 80 61 64 00 00 00 00 00 00 00 00 !.ad........ Frame 39 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.975130000 Time delta from previous packet: 0.009223000 seconds Time relative to first packet: 21086.449926000 seconds Frame Number: 39 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x9629 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 48 Protocol: TCP (0x06) Header checksum: 0xcf02 (incorrect, should be 0xc55d) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055696, Ack: 3135138198, Len: 72 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055696 Next sequence number: 1055768 Acknowledgement number: 3135138198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x1149 (incorrect, should be 0x07a4) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 96 29 40 00 30 06 cf 02 3d 9b 7e 96 ac 10 .p.)@.0...=.~... 0020 86 bf 06 b4 00 8b 00 10 1b d0 ba de 69 96 50 18 ............i.P. 0030 21 80 11 49 00 00 81 00 00 44 20 46 44 45 43 45 !..I.....D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 40 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:35.976852000 Time delta from previous packet: 0.001722000 seconds Time relative to first packet: 21086.451648000 seconds Frame Number: 40 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x9507 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x8168 (incorrect, should be 0x77c3) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138198, Ack: 1055768, Len: 4 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138198 Next sequence number: 3135138202 Acknowledgement number: 1055768 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0xbfef (incorrect, should be 0xb64a) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 07 40 00 7f 06 81 68 ac 10 86 bf 3d 9b .,..@....h....=. 0020 7e 96 00 8b 06 b4 ba de 69 96 00 10 1c 18 50 18 ~.......i.....P. 0030 40 a0 bf ef 00 00 82 00 00 00 00 00 @........... Frame 41 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.663771000 Time delta from previous packet: 1.686919000 seconds Time relative to first packet: 21088.138567000 seconds Frame Number: 41 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 61.155.126.150 (61.155.126.150), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xbd29 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 47 Protocol: TCP (0x06) Header checksum: 0xa90c (incorrect, should be 0x9f67) Source: 61.155.126.150 (61.155.126.150) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1716 (1716), Dst Port: netbios-ssn (139), Seq: 1055768, Ack: 3135138202, Len: 62 Source port: 1716 (1716) Destination port: netbios-ssn (139) Sequence number: 1055768 Next sequence number: 1055830 Acknowledgement number: 3135138202 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0xcd4f (incorrect, should be 0xe3a9) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 bd 29 40 00 2f 06 a9 0c 3d 9b 7e 96 ac 10 .f.)@./...=.~... 0020 86 bf 06 b4 00 8b 00 10 1c 18 ba de 69 9a 50 18 ............i.P. 0030 21 7c cd 4f 00 00 00 00 00 3a ff 53 4d 42 75 00 !|.O.....:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 42 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 06:59:37.668662000 Time delta from previous packet: 0.004891000 seconds Time relative to first packet: 21088.143458000 seconds Frame Number: 42 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 61.155.126.150 (61.155.126.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9508 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x816b (incorrect, should be 0x77c6) Source: 172.16.134.191 (172.16.134.191) Destination: 61.155.126.150 (61.155.126.150) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1716 (1716), Seq: 3135138202, Ack: 1055768, Len: 0 Source port: netbios-ssn (139) Destination port: 1716 (1716) Sequence number: 3135138202 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x82a4 (incorrect, should be 0x78ff) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 08 40 00 7f 06 81 6b ac 10 86 bf 3d 9b .(..@....k....=. 0020 7e 96 00 8b 06 b4 ba de 69 9a 00 10 1c 18 50 04 ~.......i.....P. 0030 00 00 82 a4 00 00 00 00 00 00 00 00 ............ Frame 48 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.723351000 Time delta from previous packet: 0.054471000 seconds Time relative to first packet: 27333.198147000 seconds Frame Number: 48 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xca8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8ad6 (incorrect, should be 0x8131) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820556, Ack: 0, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820556 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x0f86 (incorrect, should be 0x05e1) Options: (8 bytes) Maximum segment size: 1456 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 ca 8e 40 00 76 06 8a d6 42 be 43 7a ac 10 .0..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cc 00 00 00 00 70 02 ...%..........p. 0030 20 00 0f 86 00 00 02 04 05 b0 01 01 04 02 ............. Frame 49 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.728268000 Time delta from previous packet: 0.004917000 seconds Time relative to first packet: 27333.203064000 seconds Frame Number: 49 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x9549 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71b (incorrect, should be 0xad76) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464892, Ack: 62820557, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464892 Acknowledgement number: 62820557 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17472 Checksum: 0xa632 (incorrect, should be 0x9c8d) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 95 49 40 00 7f 06 b7 1b ac 10 86 bf 42 be .0.I@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fc 03 be 90 cd 70 12 Cz...%../.....p. 0030 44 40 a6 32 00 00 02 04 05 b4 01 01 04 02 D@.2.......... Frame 50 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.781436000 Time delta from previous packet: 0.053168000 seconds Time relative to first packet: 27333.256232000 seconds Frame Number: 50 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xcb8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x89de (incorrect, should be 0x8039) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 0 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xf516 (incorrect, should be 0xeb71) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 cb 8e 40 00 76 06 89 de 42 be 43 7a ac 10 .(..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 10 ...%......../.P. 0030 22 20 f5 16 00 00 00 00 00 00 00 00 " .......... Frame 51 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.792531000 Time delta from previous packet: 0.011095000 seconds Time relative to first packet: 27333.267327000 seconds Frame Number: 51 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xcc8e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x8896 (incorrect, should be 0x7ef1) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820557, Ack: 352464893, Len: 72 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820557 Next sequence number: 62820629 Acknowledgement number: 352464893 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8736 Checksum: 0xa4fb (incorrect, should be 0x9b56) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 cc 8e 40 00 76 06 88 96 42 be 43 7a ac 10 .p..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 90 cd 15 02 2f fd 50 18 ...%......../.P. 0030 22 20 a4 fb 00 00 81 00 00 44 20 46 44 45 43 45 " .......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 52 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.793233000 Time delta from previous packet: 0.000702000 seconds Time relative to first packet: 27333.268029000 seconds Frame Number: 52 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x954a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb71e (incorrect, should be 0xad79) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464893, Ack: 62820629, Len: 4 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464893 Next sequence number: 352464897 Acknowledgement number: 62820629 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17400 Checksum: 0x50ea (incorrect, should be 0x4745) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 95 4a 40 00 7f 06 b7 1e ac 10 86 bf 42 be .,.J@.........B. 0020 43 7a 00 8b 0f 25 15 02 2f fd 03 be 91 15 50 18 Cz...%../.....P. 0030 43 f8 50 ea 00 00 82 00 00 00 00 00 C.P......... Frame 53 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.851438000 Time delta from previous packet: 0.058205000 seconds Time relative to first packet: 27333.326234000 seconds Frame Number: 53 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 66.190.67.122 (66.190.67.122), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd08e Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 118 Protocol: TCP (0x06) Header checksum: 0x84a0 (incorrect, should be 0x7afb) Source: 66.190.67.122 (66.190.67.122) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3877 (3877), Dst Port: netbios-ssn (139), Seq: 62820629, Ack: 352464897, Len: 62 Source port: 3877 (3877) Destination port: netbios-ssn (139) Sequence number: 62820629 Next sequence number: 62820691 Acknowledgement number: 352464897 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8732 Checksum: 0x6102 (incorrect, should be 0x775c) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d0 8e 40 00 76 06 84 a0 42 be 43 7a ac 10 .f..@.v...B.Cz.. 0020 86 bf 0f 25 00 8b 03 be 91 15 15 02 30 01 50 18 ...%........0.P. 0030 22 1c 61 02 00 00 00 00 00 3a ff 53 4d 42 75 00 ".a......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 54 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 08:43:42.856216000 Time delta from previous packet: 0.004778000 seconds Time relative to first packet: 27333.331012000 seconds Frame Number: 54 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 66.190.67.122 (66.190.67.122) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x954b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb721 (incorrect, should be 0xad7c) Source: 172.16.134.191 (172.16.134.191) Destination: 66.190.67.122 (66.190.67.122) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3877 (3877), Seq: 352464897, Ack: 62820629, Len: 0 Source port: netbios-ssn (139) Destination port: 3877 (3877) Sequence number: 352464897 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x16f7 (incorrect, should be 0x0d52) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 95 4b 40 00 7f 06 b7 21 ac 10 86 bf 42 be .(.K@....!....B. 0020 43 7a 00 8b 0f 25 15 02 30 01 03 be 91 15 50 04 Cz...%..0.....P. 0030 00 00 16 f7 00 00 00 00 00 00 00 00 ............ Frame 78 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.724406000 Time delta from previous packet: 0.270061000 seconds Time relative to first packet: 29730.199202000 seconds Frame Number: 78 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xd732 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5db (incorrect, should be 0xdc36) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911004, Ack: 0, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911004 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16384 Checksum: 0x0ab6 (incorrect, should be 0x0111) Options: (8 bytes) Maximum segment size: 1452 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 d7 32 40 00 6b 06 e5 db 8d 95 9b f9 ac 10 .0.2@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5c 00 00 00 00 70 02 ......^+.\....p. 0030 40 00 0a b6 00 00 02 04 05 ac 01 01 04 02 @............. Frame 79 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.729626000 Time delta from previous packet: 0.005220000 seconds Time relative to first packet: 29730.204422000 seconds Frame Number: 79 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x0067 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8a7 (incorrect, should be 0x9f02) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537797, Ack: 1579911005, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537797 Acknowledgement number: 1579911005 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17424 Checksum: 0x8ead (incorrect, should be 0x8508) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 67 40 00 7f 06 a8 a7 ac 10 86 bf 8d 95 .0.g@........... 0020 9b f9 00 8b ff a4 8a d9 ed 05 5e 2b 87 5d 70 12 ..........^+.]p. 0030 44 10 8e ad 00 00 02 04 05 b4 01 01 04 02 D............. Frame 80 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.834366000 Time delta from previous packet: 0.104740000 seconds Time relative to first packet: 29730.309162000 seconds Frame Number: 80 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xd735 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe5e0 (incorrect, should be 0xdc3b) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 0 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xbb11 (incorrect, should be 0xb16c) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 d7 35 40 00 6b 06 e5 e0 8d 95 9b f9 ac 10 .(.5@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 10 ......^+.]....P. 0030 44 70 bb 11 00 00 00 00 00 00 00 00 Dp.......... Frame 81 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.854313000 Time delta from previous packet: 0.019947000 seconds Time relative to first packet: 29730.329109000 seconds Frame Number: 81 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xd737 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe596 (incorrect, should be 0xdbf1) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911005, Ack: 2329537798, Len: 72 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911005 Next sequence number: 1579911077 Acknowledgement number: 2329537798 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x88fc (incorrect, should be 0x7f57) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: GUSTAVO<01><01><20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 d7 37 40 00 6b 06 e5 96 8d 95 9b f9 ac 10 .p.7@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 5d 8a d9 ed 06 50 18 ......^+.]....P. 0030 44 70 88 fc 00 00 81 00 00 44 20 46 44 45 43 45 Dp.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 46 ACACACACACA. EHF 0060 46 46 44 46 45 45 42 46 47 45 50 41 42 41 42 43 FFDFEEBFGEPABABC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 82 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.861339000 Time delta from previous packet: 0.007026000 seconds Time relative to first packet: 29730.336135000 seconds Frame Number: 82 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0068 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8aa (incorrect, should be 0x9f05) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537798, Ack: 1579911077, Len: 4 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537798 Next sequence number: 2329537802 Acknowledgement number: 1579911077 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17352 Checksum: 0x3965 (incorrect, should be 0x2fc0) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 68 40 00 7f 06 a8 aa ac 10 86 bf 8d 95 .,.h@........... 0020 9b f9 00 8b ff a4 8a d9 ed 06 5e 2b 87 a5 50 18 ..........^+..P. 0030 43 c8 39 65 00 00 82 00 00 00 00 00 C.9e........ Frame 83 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 09:23:39.974692000 Time delta from previous packet: 0.113353000 seconds Time relative to first packet: 29730.449488000 seconds Frame Number: 83 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 141.149.155.249 (141.149.155.249), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xd73a Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 107 Protocol: TCP (0x06) Header checksum: 0xe59d (incorrect, should be 0xdbf8) Source: 141.149.155.249 (141.149.155.249) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 65444 (65444), Dst Port: netbios-ssn (139), Seq: 1579911077, Ack: 2329537802, Len: 62 Source port: 65444 (65444) Destination port: netbios-ssn (139) Sequence number: 1579911077 Next sequence number: 1579911139 Acknowledgement number: 2329537802 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17516 Checksum: 0x26fd (incorrect, should be 0x3d57) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 d7 3a 40 00 6b 06 e5 9d 8d 95 9b f9 ac 10 .f.:@.k......... 0020 86 bf ff a4 00 8b 5e 2b 87 a5 8a d9 ed 0a 50 18 ......^+......P. 0030 44 6c 26 fd 00 00 00 00 00 3a ff 53 4d 42 75 00 Dl&......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 84 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 09:23:40.025756000 Time delta from previous packet: 0.051064000 seconds Time relative to first packet: 29730.500552000 seconds Frame Number: 84 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 141.149.155.249 (141.149.155.249) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0069 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xa8ad (incorrect, should be 0x9f08) Source: 172.16.134.191 (172.16.134.191) Destination: 141.149.155.249 (141.149.155.249) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 65444 (65444), Seq: 2329537802, Ack: 1579911077, Len: 0 Source port: netbios-ssn (139) Destination port: 65444 (65444) Sequence number: 2329537802 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0xff41 (incorrect, should be 0xf59c) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 69 40 00 7f 06 a8 ad ac 10 86 bf 8d 95 .(.i@........... 0020 9b f9 00 8b ff a4 8a d9 ed 0a 5e 2b 87 a5 50 04 ..........^+..P. 0030 00 00 ff 41 00 00 00 00 00 00 00 00 ...A........ Frame 87 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.846107000 Time delta from previous packet: 0.374606000 seconds Time relative to first packet: 38563.320903000 seconds Frame Number: 87 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0xa84f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1a5c (incorrect, should be 0x10b7) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596531, Ack: 0, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596531 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0x1d57 (incorrect, should be 0x13b2) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 a8 4f 40 00 72 06 1a 5c cf 06 4d eb ac 10 .0.O@.r..\..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 33 00 00 00 00 70 02 ...,.....3....p. 0030 20 00 1d 57 00 00 02 04 05 b4 01 01 04 02 ..W.......... Frame 88 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.851313000 Time delta from previous packet: 0.005206000 seconds Time relative to first packet: 38563.326109000 seconds Frame Number: 88 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ec (incorrect, should be 0xab47) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654193, Ack: 96596532, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654193 Acknowledgement number: 96596532 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0xd5b9 (incorrect, should be 0xcc14) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 bf 40 00 7f 06 b4 ec ac 10 86 bf cf 06 .0..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 71 05 c1 f2 34 70 12 M....,...q...4p. 0030 44 70 d5 b9 00 00 02 04 05 b4 01 01 04 02 Dp............ Frame 89 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.906054000 Time delta from previous packet: 0.054741000 seconds Time relative to first packet: 38563.380850000 seconds Frame Number: 89 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0xab4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1764 (incorrect, should be 0x0dbf) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 0 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x24b6 (incorrect, should be 0x1b11) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 ab 4f 40 00 72 06 17 64 cf 06 4d eb ac 10 .(.O@.r..d..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 10 ...,.....4...rP. 0030 22 38 24 b6 00 00 00 00 00 00 00 00 "8$......... Frame 90 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.915574000 Time delta from previous packet: 0.009520000 seconds Time relative to first packet: 38563.390370000 seconds Frame Number: 90 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xac4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x161c (incorrect, should be 0x0c77) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596532, Ack: 128654194, Len: 72 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596532 Next sequence number: 96596604 Acknowledgement number: 128654194 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0xf9a0 (incorrect, should be 0xeffb) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: 50163099SP<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 ac 4f 40 00 72 06 16 1c cf 06 4d eb ac 10 .p.O@.r.....M... 0020 86 bf 07 2c 00 8b 05 c1 f2 34 07 ab 1b 72 50 18 ...,.....4...rP. 0030 22 38 f9 a0 00 00 81 00 00 44 20 46 44 45 43 45 "8.......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 44 46 44 ACACACACACA. DFD 0060 41 44 42 44 47 44 44 44 41 44 4a 44 4a 46 44 46 ADBDGDDDADJDJFDF 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 91 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.921795000 Time delta from previous packet: 0.006221000 seconds Time relative to first packet: 38563.396591000 seconds Frame Number: 91 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x00c0 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4ef (incorrect, should be 0xab4a) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654194, Ack: 96596604, Len: 4 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654194 Next sequence number: 128654198 Acknowledgement number: 96596604 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 17448 Checksum: 0x8071 (incorrect, should be 0x76cc) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 00 c0 40 00 7f 06 b4 ef ac 10 86 bf cf 06 .,..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 72 05 c1 f2 7c 50 18 M....,...r...|P. 0030 44 28 80 71 00 00 82 00 00 00 00 00 D(.q........ Frame 92 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 11:50:52.997396000 Time delta from previous packet: 0.075601000 seconds Time relative to first packet: 38563.472192000 seconds Frame Number: 92 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 207.6.77.235 (207.6.77.235), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xad4f Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0x1526 (incorrect, should be 0x0b81) Source: 207.6.77.235 (207.6.77.235) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 1836 (1836), Dst Port: netbios-ssn (139), Seq: 96596604, Ack: 128654198, Len: 62 Source port: 1836 (1836) Destination port: netbios-ssn (139) Sequence number: 96596604 Next sequence number: 96596666 Acknowledgement number: 128654198 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8756 Checksum: 0x90a1 (incorrect, should be 0xa6fb) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 ad 4f 40 00 72 06 15 26 cf 06 4d eb ac 10 .f.O@.r..&..M... 0020 86 bf 07 2c 00 8b 05 c1 f2 7c 07 ab 1b 76 50 18 ...,.....|...vP. 0030 22 34 90 a1 00 00 00 00 00 3a ff 53 4d 42 75 00 "4.......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 93 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 11:50:53.002337000 Time delta from previous packet: 0.004941000 seconds Time relative to first packet: 38563.477133000 seconds Frame Number: 93 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 207.6.77.235 (207.6.77.235) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x00c1 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0xb4f2 (incorrect, should be 0xab4d) Source: 172.16.134.191 (172.16.134.191) Destination: 207.6.77.235 (207.6.77.235) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1836 (1836), Seq: 128654198, Ack: 96596604, Len: 0 Source port: netbios-ssn (139) Destination port: 1836 (1836) Sequence number: 128654198 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x46ae (incorrect, should be 0x3d09) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 00 c1 40 00 7f 06 b4 f2 ac 10 86 bf cf 06 .(..@........... 0020 4d eb 00 8b 07 2c 07 ab 1b 76 05 c1 f2 7c 50 04 M....,...v...|P. 0030 00 00 46 ae 00 00 00 00 00 00 00 00 ..F......... Frame 96 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.567150000 Time delta from previous packet: 0.354194000 seconds Time relative to first packet: 44458.041946000 seconds Frame Number: 96 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x915b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xee23 (incorrect, should be 0xe47e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002209, Ack: 0, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002209 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xbe10 (incorrect, should be 0xb46b) Options: (8 bytes) Maximum segment size: 536 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 91 5b 40 00 72 06 ee 23 a2 21 bd fc ac 10 .0.[@.r..#.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a1 00 00 00 00 70 02 .......=......p. 0030 20 00 be 10 00 00 02 04 02 18 01 01 04 02 ............. Frame 97 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.572129000 Time delta from previous packet: 0.004979000 seconds Time relative to first packet: 44458.046925000 seconds Frame Number: 97 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x00ff Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7180 (incorrect, should be 0x67db) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017930, Ack: 4002210, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017930 Acknowledgement number: 4002210 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 16616 Checksum: 0xa1c3 (incorrect, should be 0x981e) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 00 ff 40 00 7f 06 71 80 ac 10 86 bf a2 21 .0..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4a 00 3d 11 a2 70 12 ......_m.J.=..p. 0030 40 e8 a1 c3 00 00 02 04 05 b4 01 01 04 02 @............. Frame 98 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.785226000 Time delta from previous packet: 0.213097000 seconds Time relative to first packet: 44458.260022000 seconds Frame Number: 98 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x9e5b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xe12b (incorrect, should be 0xd786) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 0 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0xedef (incorrect, should be 0xe44a) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 9e 5b 40 00 72 06 e1 2b a2 21 bd fc ac 10 .(.[@.r..+.!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 10 .......=.._m.KP. 0030 21 80 ed ef 00 00 00 00 00 00 00 00 !........... Frame 99 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.815584000 Time delta from previous packet: 0.030358000 seconds Time relative to first packet: 44458.290380000 seconds Frame Number: 99 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xa05b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xdee3 (incorrect, should be 0xd53e) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002210, Ack: 1601017931, Len: 72 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002210 Next sequence number: 4002282 Acknowledgement number: 1601017931 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8576 Checksum: 0x9dd4 (incorrect, should be 0x942f) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: LOCALHOST<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 a0 5b 40 00 72 06 de e3 a2 21 bd fc ac 10 .p.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 a2 5f 6d 98 4b 50 18 .......=.._m.KP. 0030 21 80 9d d4 00 00 81 00 00 44 20 46 44 45 43 45 !........D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 4d 45 ACACACACACA. EME 0060 50 45 44 45 42 45 4d 45 49 45 50 46 44 46 45 43 PEDEBEMEIEPFDFEC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 100 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:07.818345000 Time delta from previous packet: 0.002761000 seconds Time relative to first packet: 44458.293141000 seconds Frame Number: 100 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x0100 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7183 (incorrect, should be 0x67de) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017931, Ack: 4002282, Len: 4 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017931 Next sequence number: 1601017935 Acknowledgement number: 4002282 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16544 Checksum: 0x4c7b (incorrect, should be 0x42d6) NetBIOS Session Service Message Type: Positive session response Flags: 0x00 .... ...0 = Add 0 to length Length: 0 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 2c 01 00 40 00 7f 06 71 83 ac 10 86 bf a2 21 .,..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4b 00 3d 11 ea 50 18 ......_m.K.=..P. 0030 40 a0 4c 7b 00 00 82 00 00 00 00 00 @.L{........ Frame 101 (116 bytes on wire, 116 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.005494000 Time delta from previous packet: 0.187149000 seconds Time relative to first packet: 44458.480290000 seconds Frame Number: 101 Packet Length: 116 bytes Capture Length: 116 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 162.33.189.252 (162.33.189.252), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 102 Identification: 0xa65b Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 114 Protocol: TCP (0x06) Header checksum: 0xd8ed (incorrect, should be 0xcf48) Source: 162.33.189.252 (162.33.189.252) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 3321 (3321), Dst Port: netbios-ssn (139), Seq: 4002282, Ack: 1601017935, Len: 62 Source port: 3321 (3321) Destination port: netbios-ssn (139) Sequence number: 4002282 Next sequence number: 4002344 Acknowledgement number: 1601017935 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8572 Checksum: 0x59db (incorrect, should be 0x7035) NetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 58 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Tree Connect AndX (0x75) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Reserved: 000000000000000000000000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Tree Connect AndX Request (0x75) Word Count (WCT): 4 AndXCommand: No further commands Reserved: 00 AndXOffset: 0 Flags: 0x0000 .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Password Length: 1 Byte Count (BCC): 15 Password: 21 Path: \\PC0191\C Service: A: 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 66 a6 5b 40 00 72 06 d8 ed a2 21 bd fc ac 10 .f.[@.r....!.... 0020 86 bf 0c f9 00 8b 00 3d 11 ea 5f 6d 98 4f 50 18 .......=.._m.OP. 0030 21 7c 59 db 00 00 00 00 00 3a ff 53 4d 42 75 00 !|Y......:.SMBu. 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050 00 00 00 00 00 00 00 00 00 00 04 ff 00 00 00 00 ................ 0060 00 01 00 0f 00 21 5c 5c 50 43 30 31 39 31 5c 43 .....!\\PC0191\C 0070 00 41 3a 00 .A:. Frame 102 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 13:29:08.010304000 Time delta from previous packet: 0.004810000 seconds Time relative to first packet: 44458.485100000 seconds Frame Number: 102 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 162.33.189.252 (162.33.189.252) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0101 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x7186 (incorrect, should be 0x67e1) Source: 172.16.134.191 (172.16.134.191) Destination: 162.33.189.252 (162.33.189.252) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 3321 (3321), Seq: 1601017935, Ack: 4002282, Len: 0 Source port: netbios-ssn (139) Destination port: 3321 (3321) Sequence number: 1601017935 Header length: 20 bytes Flags: 0x0004 (RST) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .1.. = Reset: Set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 0 Checksum: 0x0f30 (incorrect, should be 0x058b) 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 28 01 01 40 00 7f 06 71 86 ac 10 86 bf a2 21 .(..@...q......! 0020 bd fc 00 8b 0c f9 5f 6d 98 4f 00 3d 11 ea 50 04 ......_m.O.=..P. 0030 00 00 0f 30 00 00 00 00 00 00 00 00 ...0........ Frame 107 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.507005000 Time delta from previous packet: 0.163706000 seconds Time relative to first packet: 64400.981801000 seconds Frame Number: 107 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x4bbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x5ddc (incorrect, should be 0x5437) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206342, Ack: 0, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206342 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xa0ee (incorrect, should be 0x9749) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 30 4b bf 40 00 6d 06 5d dc 40 11 fa f0 ac 10 .0K.@.m.].@..... 0020 86 bf 0f cf 00 8b 07 a4 46 06 00 00 00 00 70 02 ........F.....p. 0030 20 00 a0 ee 00 00 02 04 05 b4 01 01 04 02 ............. Frame 108 (62 bytes on wire, 62 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.511341000 Time delta from previous packet: 0.004336000 seconds Time relative to first packet: 64400.986137000 seconds Frame Number: 108 Packet Length: 62 bytes Capture Length: 62 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 48 Identification: 0x01d3 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95c8 (incorrect, should be 0x8c23) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770117, Ack: 128206343, Len: 0 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770117 Acknowledgement number: 128206343 Header length: 28 bytes Flags: 0x0012 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 17520 Checksum: 0x50ce (incorrect, should be 0x4729) Options: (8 bytes) Maximum segment size: 1460 bytes NOP NOP SACK permitted 0000 00 e0 b6 05 ce 0a 00 05 69 00 01 e2 08 00 45 00 ........i.....E. 0010 00 30 01 d3 40 00 7f 06 95 c8 ac 10 86 bf 40 11 .0..@.........@. 0020 fa f0 00 8b 0f cf 88 99 a3 05 07 a4 46 07 70 12 ............F.p. 0030 44 70 50 ce 00 00 02 04 05 b4 01 01 04 02 DpP........... Frame 109 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.636530000 Time delta from previous packet: 0.125189000 seconds Time relative to first packet: 64401.111326000 seconds Frame Number: 109 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4fbf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x59e4 (incorrect, should be 0x503f) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 0 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x9fca (incorrect, should be 0x9625) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 28 4f bf 40 00 6d 06 59 e4 40 11 fa f0 ac 10 .(O.@.m.Y.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 10 ........F.....P. 0030 22 38 9f ca 00 00 00 00 00 00 00 00 "8.......... Frame 110 (126 bytes on wire, 126 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.647166000 Time delta from previous packet: 0.010636000 seconds Time relative to first packet: 64401.121962000 seconds Frame Number: 110 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II, Src: 00:e0:b6:05:ce:0a, Dst: 00:05:69:00:01:e2 Destination: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Source: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Type: IP (0x0800) Internet Protocol, Src Addr: 64.17.250.240 (64.17.250.240), Dst Addr: 172.16.134.191 (172.16.134.191) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x50bf Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 109 Protocol: TCP (0x06) Header checksum: 0x589c (incorrect, should be 0x4ef7) Source: 64.17.250.240 (64.17.250.240) Destination: 172.16.134.191 (172.16.134.191) Transmission Control Protocol, Src Port: 4047 (4047), Dst Port: netbios-ssn (139), Seq: 128206343, Ack: 2291770118, Len: 72 Source port: 4047 (4047) Destination port: netbios-ssn (139) Sequence number: 128206343 Next sequence number: 128206415 Acknowledgement number: 2291770118 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x6caf (incorrect, should be 0x630a) NetBIOS Session Service Message Type: Session request Flags: 0x00 .... ...0 = Add 0 to length Length: 68 Called name: SBM191<20> (Server service) Calling name: ALEVRIUS!<20> (Server service) 0000 00 05 69 00 01 e2 00 e0 b6 05 ce 0a 08 00 45 00 ..i...........E. 0010 00 70 50 bf 40 00 6d 06 58 9c 40 11 fa f0 ac 10 .pP.@.m.X.@..... 0020 86 bf 0f cf 00 8b 07 a4 46 07 88 99 a3 06 50 18 ........F.....P. 0030 22 38 6c af 00 00 81 00 00 44 20 46 44 45 43 45 "8l......D FDECE 0040 4e 44 42 44 4a 44 42 43 41 43 41 43 41 43 41 43 NDBDJDBCACACACAC 0050 41 43 41 43 41 43 41 43 41 43 41 00 20 45 42 45 ACACACACACA. EBE 0060 4d 45 46 46 47 46 43 45 4a 46 46 46 44 43 42 43 MEFFGFCEJFFFDCBC 0070 41 43 41 43 41 43 41 43 41 43 41 43 41 00 ACACACACACACA. Frame 111 (60 bytes on wire, 60 bytes captured) Arrival Time: Mar 1, 2003 19:01:30.653087000 Time delta from previous packet: 0.005921000 seconds Time relative to first packet: 64401.127883000 seconds Frame Number: 111 Packet Length: 60 bytes Capture Length: 60 bytes Ethernet II, Src: 00:05:69:00:01:e2, Dst: 00:e0:b6:05:ce:0a Destination: 00:e0:b6:05:ce:0a (00:e0:b6:05:ce:0a) Source: 00:05:69:00:01:e2 (00:05:69:00:01:e2) Type: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: 172.16.134.191 (172.16.134.191), Dst Addr: 64.17.250.240 (64.17.250.240) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x01d4 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: TCP (0x06) Header checksum: 0x95cb (incorrect, should be 0x8c26) Source: 172.16.134.191 (172.16.134.191) Destination: 64.17.250.240 (64.17.250.240) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 4047 (4047), Seq: 2291770118, Ack: 128206415, Len: 4 Source port: netbios-ssn (139) Destination port: 4047 (4047) Sequence number: 2291770118 Next sequence number: 2291770122 Acknowledgement number: 128206415 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set ..