• ********** CIFS trace sample. Created with Linkbit Packet Craft **********
  • 13:20:25.256 192.168.1.115:1588 -> 192.168.1.106:445 IPv4.TCP.NETBIOS.NEGOTIATE ClientRequest 
    • 00 40 F4 60 45 A1 00 11 11 77 AC 65 08 00 45 00 00 5B 4F 1E 40 00 80 06 27 51 C0 A8 01 73 C0 A8
01 6A 06 34 01 BD A9 63 BB C4 93 A4 24 03 50 18 FF FF D6 DE 00 00 00 00 00 2F FF 53 4D 42 72 00
00 00 00 18 53 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FE 00 00 00 00 00 0C 00 02 4E 54
20 4C 4D 20 30 2E 31 32 00
      POS
      		BINARY
      		NAME
      		VALUE
      		Ethernet.
      0-5
      .
                                
      		Dst6 Octets (hex): 00 40 F4 60 45....
      6-11
      .
                                
      		Src6 Octets (hex): 00 11 11 77 AC....
      12-13
      .
                                
      		TypeIPv4 (8).
      14-104
      .
                                
      		Data91 Octets (hex): 45 00 00 5B 4F....
      		IPv4.
      14
      		0100....
      .
                                
      		Version4 (Version 4).
      		....0101
      .
                                
      		IHL5.
      		Type Of Service.
      15
      		000.....
      .
                                
      		PrecedenceRoutine (0).
      		...0....
      .
                                
      		DelayNormal Delay (0).
      		....0...
      .
                                
      		ThroughputNormal Throughput (0).
      		.....0..
      .
                                
      		ReliabilityNormal Reliability (0).
      		......00
      .
                                
      		Reserved0.
      		Total Length.
      16-17
      .
                                
      		Total Length91.
      		Identification.
      18-19
      .
                                
      		Identification20254.
      		Flags.
      20
      		0.......
      .
                                
      		Reserved0.
      		.1......
      .
                                
      		FragmentationDon't Fragment (1).
      		..0.....
      .
                                
      		FragmentLast Fragment (0).
      		Fragment Offset.
      20-21
      .
                                
      		Fragment Offset0.
      		TTL.
      22
      		10000000
      .
                                
      		TTL128.
      		Protocol.
      23
      		00000110
      .
                                
      		Protocol6 (TCP).
      		Header Checksum.
      24-25
      .
                                
      		Header Checksum10065.
      		Source Address.
      26-29
      .
                                
      		Source Address192.168.1.115.
      		Destination Address.
      30-33
      .
                                
      		Destination Address192.168.1.106.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      34-104
      .
                                
      		Data71 Octets (hex): 06 34 01 BD A9....
      		TCP.
      34-35
      .
                                
      		Source Port1588.
      36-37
      .
                                
      		Destination Port445.
      38-41
      .
                                
      		Sequence Number2841885636.
      42-45
      .
                                
      		Acknowledgment Number2477007875.
      46
      		0101....
      .
                                
      		Data Offset5.
      46-47
      .
                                
      		Reserved0.
      		Control Bits.
      47
      		..0.....
      .
                                
      		URGfield not significant (0).
      		...1....
      .
                                
      		ACKfield significant (1).
      		....1...
      .
                                
      		PSHenable (1).
      		.....0..
      .
                                
      		RSTdisable (0).
      		......0.
      .
                                
      		SYNdisable (0).
      		.......0
      .
                                
      		FINmore data (0).
      		Window.
      48-49
      .
                                
      		Window65535.
      		Checksum.
      50-51
      .
                                
      		Checksum55006.
      		Urgent Pointer.
      52-53
      .
                                
      		Urgent Pointer0.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      54-104
      .
                                
      		Data51 Octets (hex): 00 00 00 2F FF....
      		NETBIOS.
      54
      		00000000
      .
                                
      		MessageType0 (sessionMessage).
      55-57
      .
                                
      		Length47.
      58-104
      .
                                
      		Data47 Octets (hex): FF 53 4D 42 72....
      		CIFS:  NEGOTIATE ClientRequest.
      		SMB HEADER.
      58-61
      .
                                
      		Protocol4 Octets (hex): FF 53 4D 42.
      62
      		01110010
      .
                                
      		Command114.
      63-66
      .
                                
      		Status0 (SUCCESS).
      67
      		00011000
      		Flagssee below.
      		.......0
      .
                                
      		Lock&Read/Write&Unlock supported 0 (no).
      		......0.
      .
                                
      		Receive Buffer Posted0 (no).
      		.....0..
      .
                                
      		reserved0.
      		....1...
      .
                                
      		Caseless Pathnames1 (yes).
      		...1....
      .
                                
      		Canonicalized Pathnames1 (yes).
      		..0.....
      .
                                
      		Oplocks requested/granted0 (no).
      		.0......
      .
                                
      		Notify client on any action0 (no).
      		0.......
      .
                                
      		Request/Response0 (request).
      68-69
      		Flags2see below.
      68
      		.......1
      .
                                
      		Long Names Allowed1 (yes).
      		......1.
      .
                                
      		Extended Attributes1 (yes).
      		.....0..
      .
                                
      		Security Signatures0 (no).
      		..010...
      .
                                
      		reserved12.
      		.1......
      .
                                
      		Long Names Used1 (yes).
      68-69
      .
                                
      		reserved20.
      69
      		....0...
      .
                                
      		Extended Security Negotiation0 (no).
      		...0....
      .
                                
      		DFS0 (no).
      		..0.....
      .
                                
      		Execute-only Reads0 (no).
      		.1......
      .
                                
      		Error Code Type1 (NT).
      		1.......
      .
                                
      		Unicode Strings1 (yes).
      70-81
      		Extrasee below.
      70-71
      .
                                
      		PidHigh0.
      72-79
      .
                                
      		SecuritySignature8 Octets (hex): 00 00 00 00 00....
      80-81
      .
                                
      		Reserved0.
      82-83
      .
                                
      		Tid0.
      84-85
      .
                                
      		Pid65279.
      86-87
      .
                                
      		Uid0.
      88-89
      .
                                
      		Mid0.
      		SMB PARAMETERS.
      90
      		00000000
      .
                                
      		WordCount0.
      		SMB DATA.
      91-92
      .
                                
      		ByteCount12.
      93-104
      		Dialects1 Elements.
      93-104
      		Dialects[0]see below.
      93
      		00000010
      .
                                
      		BufferFormat2.
      94-104
      .
                                
      		DialectName10 Chars: "NT LM 0.12".
  •  13:20:25.256
192.168.1.115:1588    <-    192.168.1.106:445      IPv4.TCP.NETBIOS.NEGOTIATE ServerResponse

    • 00 11 11 77 AC 65 00 40 F4 60 45 A1 08 00 45 00 00 97 2E A8 40 00 80 06 47 8B C0 A8 01 6A C0 A8
01 73 01 BD 06 34 93 A4 24 03 A9 63 BB F7 50 18 FF CC 17 58 00 00 00 00 00 6B FF 53 4D 42 72 00
00 00 00 98 53 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FE 00 00 00 00 11 00 00 0F 32 00
01 00 04 41 00 00 00 00 01 00 00 00 00 00 FD F3 01 00 97 B9 2F 4C 0D 0D C8 01 A4 01 08 26 00 C0
85 38 5D 19 52 5F 12 57 00 4F 00 52 00 4B 00 47 00 52 00 4F 00 55 00 50 00 00 00 46 00 53 00 30
00 33 00 00 00

      POS
      		BINARY
      		NAME
      		VALUE
      		Ethernet.
      0-5
      .
                                
      		Dst6 Octets (hex): 00 11 11 77 AC....
      6-11
      .
                                
      		Src6 Octets (hex): 00 40 F4 60 45....
      12-13
      .
                                
      		TypeIPv4 (8).
      14-164
      .
                                
      		Data151 Octets (hex): 45 00 00 97 2E....
      		IPv4.
      14
      		0100....
      .
                                
      		Version4 (Version 4).
      		....0101
      .
                                
      		IHL5.
      		Type Of Service.
      15
      		000.....
      .
                                
      		PrecedenceRoutine (0).
      		...0....
      .
                                
      		DelayNormal Delay (0).
      		....0...
      .
                                
      		ThroughputNormal Throughput (0).
      		.....0..
      .
                                
      		ReliabilityNormal Reliability (0).
      		......00
      .
                                
      		Reserved0.
      		Total Length.
      16-17
      .
                                
      		Total Length151.
      		Identification.
      18-19
      .
                                
      		Identification11944.
      		Flags.
      20
      		0.......
      .
                                
      		Reserved0.
      		.1......
      .
                                
      		FragmentationDon't Fragment (1).
      		..0.....
      .
                                
      		FragmentLast Fragment (0).
      		Fragment Offset.
      20-21
      .
                                
      		Fragment Offset0.
      		TTL.
      22
      		10000000
      .
                                
      		TTL128.
      		Protocol.
      23
      		00000110
      .
                                
      		Protocol6 (TCP).
      		Header Checksum.
      24-25
      .
                                
      		Header Checksum18315.
      		Source Address.
      26-29
      .
                                
      		Source Address192.168.1.106.
      		Destination Address.
      30-33
      .
                                
      		Destination Address192.168.1.115.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      34-164
      .
                                
      		Data131 Octets (hex): 01 BD 06 34 93....
      		TCP.
      34-35
      .
                                
      		Source Port445.
      36-37
      .
                                
      		Destination Port1588.
      38-41
      .
                                
      		Sequence Number2477007875.
      42-45
      .
                                
      		Acknowledgment Number2841885687.
      46
      		0101....
      .
                                
      		Data Offset5.
      46-47
      .
                                
      		Reserved0.
      		Control Bits.
      47
      		..0.....
      .
                                
      		URGfield not significant (0).
      		...1....
      .
                                
      		ACKfield significant (1).
      		....1...
      .
                                
      		PSHenable (1).
      		.....0..
      .
                                
      		RSTdisable (0).
      		......0.
      .
                                
      		SYNdisable (0).
      		.......0
      .
                                
      		FINmore data (0).
      		Window.
      48-49
      .
                                
      		Window65484.
      		Checksum.
      50-51
      .
                                
      		Checksum5976.
      		Urgent Pointer.
      52-53
      .
                                
      		Urgent Pointer0.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      54-164
      .
                                
      		Data111 Octets (hex): 00 00 00 6B FF....
      		NETBIOS.
      54
      		00000000
      .
                                
      		MessageType0 (sessionMessage).
      55-57
      .
                                
      		Length107.
      58-164
      .
                                
      		Data107 Octets (hex): FF 53 4D 42 72....
      		CIFS:  NEGOTIATE ServerResponse.
      		SMB HEADER.
      58-61
      .
                                
      		Protocol4 Octets (hex): FF 53 4D 42.
      62
      		01110010
      .
                                
      		Command114.
      63-66
      .
                                
      		Status0 (SUCCESS).
      67
      		10011000
      		Flagssee below.
      		.......0
      .
                                
      		Lock&Read/Write&Unlock supported 0 (no).
      		......0.
      .
                                
      		Receive Buffer Posted0 (no).
      		.....0..
      .
                                
      		reserved0.
      		....1...
      .
                                
      		Caseless Pathnames1 (yes).
      		...1....
      .
                                
      		Canonicalized Pathnames1 (yes).
      		..0.....
      .
                                
      		Oplocks requested/granted0 (no).
      		.0......
      .
                                
      		Notify client on any action0 (no).
      		1.......
      .
                                
      		Request/Response1 (response).
      68-69
      		Flags2see below.
      68
      		.......1
      .
                                
      		Long Names Allowed1 (yes).
      		......1.
      .
                                
      		Extended Attributes1 (yes).
      		.....0..
      .
                                
      		Security Signatures0 (no).
      		..010...
      .
                                
      		reserved12.
      		.1......
      .
                                
      		Long Names Used1 (yes).
      68-69
      .
                                
      		reserved20.
      69
      		....0...
      .
                                
      		Extended Security Negotiation0 (no).
      		...0....
      .
                                
      		DFS0 (no).
      		..0.....
      .
                                
      		Execute-only Reads0 (no).
      		.1......
      .
                                
      		Error Code Type1 (NT).
      		1.......
      .
                                
      		Unicode Strings1 (yes).
      70-81
      		Extrasee below.
      70-71
      .
                                
      		PidHigh0.
      72-79
      .
                                
      		SecuritySignature8 Octets (hex): 00 00 00 00 00....
      80-81
      .
                                
      		Reserved0.
      82-83
      .
                                
      		Tid0.
      84-85
      .
                                
      		Pid65279.
      86-87
      .
                                
      		Uid0.
      88-89
      .
                                
      		Mid0.
      		SMB PARAMETERS.
      90
      		00010001
      .
                                
      		WordCount17.
      91-92
      .
                                
      		DialectIndex0.
      93-124
      		Parameters (NT LM 0.12)......... see below.
      93
      		00001111
      		SecurityModesee below.
      		.......1
      .
                                
      		user/share1 (user).
      		......1.
      .
                                
      		encrypt passwords1 (yes).
      		.....1..
      .
                                
      		Security Signatures enabled1 (yes).
      		....1...
      .
                                
      		Security Signatures required1 (yes).
      		0000....
      .
                                
      		reserved0.
      94-95
      .
                                
      		MaxMpxCount50.
      96-97
      .
                                
      		MaxNumberVcs1.
      98-101
      .
                                
      		MaxBufferSize16644.
      102-105
      .
                                
      		MaxRawSize65536.
      106-109
      .
                                
      		SessionKey0.
      110-113
      		Capabilitiessee below.
      110
      		.......1
      .
                                
      		CAP_RAW_MODE1 (yes).
      		......0.
      .
                                
      		CAP_MPX_MODE0 (no).
      		.....1..
      .
                                
      		CAP_UNICODE1 (yes).
      		....1...
      .
                                
      		CAP_LARGE_FILES1 (yes).
      		...1....
      .
                                
      		CAP_NT_SMBS1 (yes).
      		..1.....
      .
                                
      		CAP_RPC_REMOTE_APIS1 (yes).
      		.1......
      .
                                
      		CAP_STATUS321 (yes).
      		1.......
      .
                                
      		CAP_LEVEL_II_OPLOCKS1 (yes).
      111
      		.......1
      .
                                
      		CAP_LOCK_AND_READ1 (yes).
      		......1.
      .
                                
      		CAP_NT_FIND1 (yes).
      		....00..
      .
                                
      		reserved10.
      		...1....
      .
                                
      		CAP_DFS1 (yes).
      111-113
      .
                                
      		reserved215.
      113
      		..0.....
      .
                                
      		CAP_BULK_TRANSFER0 (no).
      		.0......
      .
                                
      		CAP_COMPRESSED_DATA0 (no).
      		0.......
      .
                                
      		CAP_EXTENDED_SECURITY0 (no).
      114-117
      .
                                
      		SystemTimeLow1278196119.
      118-121
      .
                                
      		SystemTimeHigh29887757.
      122-123
      .
                                
      		ServerTimeZone420.
      124
      		00001000
      .
                                
      		EncryptionKeyLength8.
      		SMB DATA (NT LM 0.12, no Extended security).
      125-126
      .
                                
      		ByteCount38.
      127-134
      .
                                
      		EncryptionKey8 Octets (hex): C0 85 38 5D 19....
      135-164
      .
                                
      		OemDomainName15 Chars: "WORKGROUP\0000FS03\0000".
  •  13:20:25.281
192.168.1.115:1588      ->  192.168.1.106:445      IPv4.TCP.NETBIOS.SESSION_SETUP_ANDX ClientRequest

    • 00 40 F4 60 45 A1 00 11 11 77 AC 65 08 00 45 00 01 08 4F 1F 40 00 80 06 26 A3 C0 A8 01 73 C0 A8
01 6A 06 34 01 BD A9 63 BB F7 93 A4 24 72 50 18 FF 90 44 52 00 00 00 00 00 DC FF 53 4D 42 73 00
00 00 00 18 07 C0 00 00 84 9D 94 6B 69 FE 55 7B 00 00 00 00 FF FE 00 00 10 00 0D FF 00 CA 00 04
11 0A 00 00 00 00 00 00 00 18 00 18 00 00 00 00 00 D4 00 00 00 9F 00 99 9B 93 A4 60 46 1A 25 A1
55 81 27 5E 1F 37 67 35 25 E0 BA 92 FF 91 7B 75 D1 80 EE CC 59 20 70 0D 8A 8A 6E 1B 53 BA 34 49
E9 BC 6C 8A CD A6 80 00 45 00 6E 00 67 00 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00
20 00 32 00 30 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00
63 00 6B 00 20 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00
73 00 20 00 32 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00

      POS
      		BINARY
      		NAME
      		VALUE
      		Ethernet.
      0-5
      .
                                
      		Dst6 Octets (hex): 00 40 F4 60 45....
      6-11
      .
                                
      		Src6 Octets (hex): 00 11 11 77 AC....
      12-13
      .
                                
      		TypeIPv4 (8).
      14-277
      .
                                
      		Data264 Octets (hex): 45 00 01 08 4F....
      		IPv4.
      14
      		0100....
      .
                                
      		Version4 (Version 4).
      		....0101
      .
                                
      		IHL5.
      		Type Of Service.
      15
      		000.....
      .
                                
      		PrecedenceRoutine (0).
      		...0....
      .
                                
      		DelayNormal Delay (0).
      		....0...
      .
                                
      		ThroughputNormal Throughput (0).
      		.....0..
      .
                                
      		ReliabilityNormal Reliability (0).
      		......00
      .
                                
      		Reserved0.
      		Total Length.
      16-17
      .
                                
      		Total Length264.
      		Identification.
      18-19
      .
                                
      		Identification20255.
      		Flags.
      20
      		0.......
      .
                                
      		Reserved0.
      		.1......
      .
                                
      		FragmentationDon't Fragment (1).
      		..0.....
      .
                                
      		FragmentLast Fragment (0).
      		Fragment Offset.
      20-21
      .
                                
      		Fragment Offset0.
      		TTL.
      22
      		10000000
      .
                                
      		TTL128.
      		Protocol.
      23
      		00000110
      .
                                
      		Protocol6 (TCP).
      		Header Checksum.
      24-25
      .
                                
      		Header Checksum9891.
      		Source Address.
      26-29
      .
                                
      		Source Address192.168.1.115.
      		Destination Address.
      30-33
      .
                                
      		Destination Address192.168.1.106.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      34-277
      .
                                
      		Data244 Octets (hex): 06 34 01 BD A9....
      		TCP.
      34-35
      .
                                
      		Source Port1588.
      36-37
      .
                                
      		Destination Port445.
      38-41
      .
                                
      		Sequence Number2841885687.
      42-45
      .
                                
      		Acknowledgment Number2477007986.
      46
      		0101....
      .
                                
      		Data Offset5.
      46-47
      .
                                
      		Reserved0.
      		Control Bits.
      47
      		..0.....
      .
                                
      		URGfield not significant (0).
      		...1....
      .
                                
      		ACKfield significant (1).
      		....1...
      .
                                
      		PSHenable (1).
      		.....0..
      .
                                
      		RSTdisable (0).
      		......0.
      .
                                
      		SYNdisable (0).
      		.......0
      .
                                
      		FINmore data (0).
      		Window.
      48-49
      .
                                
      		Window65424.
      		Checksum.
      50-51
      .
                                
      		Checksum17490.
      		Urgent Pointer.
      52-53
      .
                                
      		Urgent Pointer0.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      54-277
      .
                                
      		Data224 Octets (hex): 00 00 00 DC FF....
      		NETBIOS.
      54
      		00000000
      .
                                
      		MessageType0 (sessionMessage).
      55-57
      .
                                
      		Length220.
      58-277
      .
                                
      		Data220 Octets (hex): FF 53 4D 42 73....
      		CIFS:  SESSION_SETUP_ANDX ClientRequest.
      		SMB HEADER.
      58-61
      .
                                
      		Protocol4 Octets (hex): FF 53 4D 42.
      62
      		01110011
      .
                                
      		Command115.
      63-66
      .
                                
      		Status0 (SUCCESS).
      67
      		00011000
      		Flagssee below.
      		.......0
      .
                                
      		Lock&Read/Write&Unlock supported 0 (no).
      		......0.
      .
                                
      		Receive Buffer Posted0 (no).
      		.....0..
      .
                                
      		reserved0.
      		....1...
      .
                                
      		Caseless Pathnames1 (yes).
      		...1....
      .
                                
      		Canonicalized Pathnames1 (yes).
      		..0.....
      .
                                
      		Oplocks requested/granted0 (no).
      		.0......
      .
                                
      		Notify client on any action0 (no).
      		0.......
      .
                                
      		Request/Response0 (request).
      68-69
      		Flags2see below.
      68
      		.......1
      .
                                
      		Long Names Allowed1 (yes).
      		......1.
      .
                                
      		Extended Attributes1 (yes).
      		.....1..
      .
                                
      		Security Signatures1 (yes).
      		..000...
      .
                                
      		reserved10.
      		.0......
      .
                                
      		Long Names Used0 (no).
      68-69
      .
                                
      		reserved20.
      69
      		....0...
      .
                                
      		Extended Security Negotiation0 (no).
      		...0....
      .
                                
      		DFS0 (no).
      		..0.....
      .
                                
      		Execute-only Reads0 (no).
      		.1......
      .
                                
      		Error Code Type1 (NT).
      		1.......
      .
                                
      		Unicode Strings1 (yes).
      70-81
      		Extrasee below.
      70-71
      .
                                
      		PidHigh0.
      72-79
      .
                                
      		SecuritySignature8 Octets (hex): 84 9D 94 6B 69....
      80-81
      .
                                
      		Reserved0.
      82-83
      .
                                
      		Tid0.
      84-85
      .
                                
      		Pid65279.
      86-87
      .
                                
      		Uid0.
      88-89
      .
                                
      		Mid16.
      		SMB PARAMETERS.
      90
      		00001101
      .
                                
      		WordCount13.
      91
      		11111111
      .
                                
      		AndXCommand255 (No further command).
      92
      		00000000
      .
                                
      		AndXReserved0.
      93-94
      .
                                
      		AndXOffset202.
      95-96
      .
                                
      		MaxBufferSize4356.
      97-98
      .
                                
      		MaxMpxCount10.
      99-100
      .
                                
      		VcNumber0.
      101-104
      .
                                
      		SessionKey0.
      105-106
      .
                                
      		CaseInsensitivePasswordLength24.
      107-108
      .
                                
      		CaseSensitivePasswordLength24.
      109-112
      .
                                
      		Reserved0.
      113-116
      		Capabilitiessee below.
      113
      		......00
      .
                                
      		reserved10.
      		.....1..
      .
                                
      		CAP_UNICODE1 (yes).
      		....0...
      .
                                
      		CAP_LARGE_FILES0 (no).
      		...1....
      .
                                
      		CAP_NT_SMBS1 (yes).
      		..0.....
      .
                                
      		reserved20.
      		.1......
      .
                                
      		CAP_STATUS321 (yes).
      		1.......
      .
                                
      		CAP_LEVEL_II_OPLOCKS1 (yes).
      114
      		.......0
      .
                                
      		reserved30.
      		......0.
      .
                                
      		CAP_NT_FIND0 (no).
      114-116
      .
                                
      		reserved40.
      		SMB DATA (NT LM 0.12, no Extended Security).
      117-118
      .
                                
      		ByteCount159.
      119-142
      .
                                
      		CaseInsensitivePassword24 Octets (hex): 99 9B 93 A4 60....
      143-166
      .
                                
      		CaseSensitivePassword24 Octets (hex): 75 D1 80 EE CC....
      167-175
      .
                                
      		AccountName3 Chars: "Eng".
      176-177
      .
                                
      		PrimaryDomain0 Chars.
      178-243
      .
                                
      		NativeOS32 Chars: "Windows 2002 Service Pack 2 2600".
      244-277
      .
                                
      		NativeLanMan16 Chars: "Windows 2002 5.1".
  •  13:20:25.284
192.168.1.115:1588    <-    192.168.1.106:445      IPv4.TCP.NETBIOS.SESSION_SETUP_ANDX ServerResponse

    • 00 11 11 77 AC 65 00 40 F4 60 45 A1 08 00 45 00 00 E9 2E A9 40 00 80 06 47 38 C0 A8 01 6A C0 A8
01 73 01 BD 06 34 93 A4 24 72 A9 63 BC D7 50 18 FE EC 28 CD 00 00 00 00 00 BD FF 53 4D 42 73 00
00 00 00 98 07 C0 00 00 DC 0E 34 DF C5 5F FD B9 00 00 00 00 FF FE 03 C8 10 00 03 FF 00 BD 00 00
00 94 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00
20 00 32 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 00 76 00 69 00
63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00
73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 00 35 00 2E 00
32 00 00 00 57 00 4F 00 52 00 4B 00 47 00 52 00 4F 00 55 00 50 00 00

      POS
      		BINARY
      		NAME
      		VALUE
      		Ethernet.
      0-5
      .
                                
      		Dst6 Octets (hex): 00 11 11 77 AC....
      6-11
      .
                                
      		Src6 Octets (hex): 00 40 F4 60 45....
      12-13
      .
                                
      		TypeIPv4 (8).
      14-246
      .
                                
      		Data233 Octets (hex): 45 00 00 E9 2E....
      		IPv4.
      14
      		0100....
      .
                                
      		Version4 (Version 4).
      		....0101
      .
                                
      		IHL5.
      		Type Of Service.
      15
      		000.....
      .
                                
      		PrecedenceRoutine (0).
      		...0....
      .
                                
      		DelayNormal Delay (0).
      		....0...
      .
                                
      		ThroughputNormal Throughput (0).
      		.....0..
      .
                                
      		ReliabilityNormal Reliability (0).
      		......00
      .
                                
      		Reserved0.
      		Total Length.
      16-17
      .
                                
      		Total Length233.
      		Identification.
      18-19
      .
                                
      		Identification11945.
      		Flags.
      20
      		0.......
      .
                                
      		Reserved0.
      		.1......
      .
                                
      		FragmentationDon't Fragment (1).
      		..0.....
      .
                                
      		FragmentLast Fragment (0).
      		Fragment Offset.
      20-21
      .
                                
      		Fragment Offset0.
      		TTL.
      22
      		10000000
      .
                                
      		TTL128.
      		Protocol.
      23
      		00000110
      .
                                
      		Protocol6 (TCP).
      		Header Checksum.
      24-25
      .
                                
      		Header Checksum18232.
      		Source Address.
      26-29
      .
                                
      		Source Address192.168.1.106.
      		Destination Address.
      30-33
      .
                                
      		Destination Address192.168.1.115.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      34-246
      .
                                
      		Data213 Octets (hex): 01 BD 06 34 93....
      		TCP.
      34-35
      .
                                
      		Source Port445.
      36-37
      .
                                
      		Destination Port1588.
      38-41
      .
                                
      		Sequence Number2477007986.
      42-45
      .
                                
      		Acknowledgment Number2841885911.
      46
      		0101....
      .
                                
      		Data Offset5.
      46-47
      .
                                
      		Reserved0.
      		Control Bits.
      47
      		..0.....
      .
                                
      		URGfield not significant (0).
      		...1....
      .
                                
      		ACKfield significant (1).
      		....1...
      .
                                
      		PSHenable (1).
      		.....0..
      .
                                
      		RSTdisable (0).
      		......0.
      .
                                
      		SYNdisable (0).
      		.......0
      .
                                
      		FINmore data (0).
      		Window.
      48-49
      .
                                
      		Window65260.
      		Checksum.
      50-51
      .
                                
      		Checksum10445.
      		Urgent Pointer.
      52-53
      .
                                
      		Urgent Pointer0.
      		Options.
      .
                                
      		Options0 Elements.
      		Padding.
      .
                                
      		Padding0 Bits.
      		Data.
      54-246
      .
                                
      		Data193 Octets (hex): 00 00 00 BD FF....
      		NETBIOS.
      54
      		00000000
      .
                                
      		MessageType0 (sessionMessage).
      55-57
      .
                                
      		Length189.
      58-246
      .
                                
      		Data189 Octets (hex): FF 53 4D 42 73....
      		CIFS:  SESSION_SETUP_ANDX ServerResponse.
      		SMB HEADER.
      58-61
      .
                                
      		Protocol4 Octets (hex): FF 53 4D 42.
      62
      		01110011
      .
                                
      		Command115.
      63-66
      .
                                
      		Status0 (SUCCESS).
      67
      		10011000
      		Flagssee below.
      		.......0
      .
                                
      		Lock&Read/Write&Unlock supported 0 (no).
      		......0.
      .
                                
      		Receive Buffer Posted0 (no).
      		.....0..
      .
                                
      		reserved0.
      		....1...
      .
                                
      		Caseless Pathnames1 (yes).
      		...1....
      .
                                
      		Canonicalized Pathnames1 (yes).
      		..0.....
      .
                                
      		Oplocks requested/granted0 (no).
      		.0......
      .
                                
      		Notify client on any action0 (no).
      		1.......
      .
                                
      		Request/Response1 (response).
      68-69
      		Flags2see below.
      68
      		.......1
      .
                                
      		Long Names Allowed1 (yes).
      		......1.
      .
                                
      		Extended Attributes1 (yes).
      		.....1..
      .
                                
      		Security Signatures1 (yes).
      		..000...
      .
                                
      		reserved10.
      		.0......
      .
                                
      		Long Names Used0 (no).
      68-69
      .
                                
      		reserved20.
      69
      		....0...
      .
                                
      		Extended Security Negotiation0 (no).
      		...0....
      .
                                
      		DFS0 (no).
      		..0.....
      .
                                
      		Execute-only Reads0 (no).
      		.1......
      .
                                
      		Error Code Type1 (NT).
      		1.......
      .
                                
      		Unicode Strings1 (yes).
      70-81
      		Extrasee below.
      70-71
      .
                                
      		PidHigh0.
      72-79
      .
                                
      		SecuritySignature8 Octets (hex): DC 0E 34 DF C5....
      80-81
      .
                                
      		Reserved0.
      82-83
      .
                                
      		Tid0.
      84-85
      .
                                
      		Pid65279.
      86-87
      .
                                
      		Uid51203.
      88-89
      .
                                
      		Mid16.
      		SMB PARAMETERS.
      90
      		00000011
      .
                                
      		WordCount3.
      91
      		11111111
      .
                                
      		AndXCommand255 (No further command).
      92
      		00000000
      .
                                
      		AndXReserved0.
      93-94
      .
                                
      		AndXOffset189.
      95-96
      		Actionsee below.
      95
      		.......0
      .
                                
      		logged in as GUEST0 (no).
      95-96
      .
                                
      		reserved0.
      		SMB DATA.
      97-98
      .
                                
      		ByteCount148.
      .
                                
      		SecurityBlob0 Octets.
      99-179
      .
                                
      		NativeOS39 Chars: "Windows Server 2003 3790 Service Pack 1".
      180-227
      .
                                
      		NativeLanMan23 Chars: "Windows Server 2003 5.2".
      228-246
      .
                                
      		PrimaryDomain9 Chars: "WORKGROUP".
  • 
********** Edit and replay Pcap trace files with Linkbit PacketCraft **********