net rpc info -d10 -SMERLIN MERLIN merlin:/var/log/samba # net rpc info -d10 -S MERLIN -Uroot%not24get [2005/10/28 18:41:36, 5] lib/debug.c:debug_dump_status(368) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 [2005/10/28 18:41:36, 3] param/loadparm.c:lp_load(4085) lp_load: refreshing parameters [2005/10/28 18:41:36, 3] param/loadparm.c:init_globals(1377) Initialising global parameters [2005/10/28 18:41:36, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2005/10/28 18:41:36, 3] param/loadparm.c:do_section(3545) Processing section "[global]" doing parameter workgroup = MIDEARTH doing parameter netbios name = MERLIN [2005/10/28 18:41:36, 4] param/loadparm.c:handle_netbios_name(2885) handle_netbios_name: set global_myname to: MERLIN doing parameter netbios aliases = SAURON doing parameter server string = Main Server %L doing parameter interfaces = eth0, lo doing parameter bind interfaces only = Yes doing parameter passdb backend = ldapsam:ldap://localhost doing parameter enable privileges = Yes doing parameter username map = /etc/samba/smbusers doing parameter log level = 10 doing parameter syslog = 0 doing parameter log file = /var/log/samba/%L-%m doing parameter max log size = 0 doing parameter smb ports = 139 doing parameter name resolve order = wins bcast hosts doing parameter time server = Yes doing parameter addprinter command = /etc/samba/scripts/smbaddprinter.pl doing parameter deleteprinter command = /etc/samba/scripts/smbdelprinter.pl doing parameter add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" doing parameter delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" doing parameter add group script = /opt/IDEALX/sbin/smbldap-groupadd "%g" doing parameter delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" doing parameter add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" doing parameter delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" doing parameter set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" doing parameter add machine script = /opt/IDEALX/sbin/smbldap-useradd -w -g "Domain Computers" "%u" doing parameter logon script = scripts\logon.bat doing parameter logon path = \\%L\profiles\%U doing parameter logon drive = H: doing parameter domain logons = Yes doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter wins proxy = Yes doing parameter wins support = Yes doing parameter ldap admin dn = cn=Manager,dc=terpstra-world,dc=org doing parameter ldap group suffix = ou=Groups doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap machine suffix = ou=Computers,ou=Users doing parameter ldap passwd sync = Yes doing parameter ldap suffix = dc=terpstra-world,dc=org doing parameter ldap user suffix = ou=People,ou=Users doing parameter add share command = /etc/samba/scripts/modify_samba_config.pl doing parameter delete share command = /etc/samba/scripts/modify_samba_config.pl doing parameter panic action = "/bin/sleep 90000" doing parameter idmap backend = ldap:ldap://merlin.terpstra-world.org doing parameter idmap uid = 150000-200000 doing parameter idmap gid = 150000-200000 doing parameter winbind nested groups = Yes doing parameter inherit acls = Yes doing parameter ea support = Yes doing parameter map acl inherit = Yes doing parameter cups options = raw doing parameter include = /etc/samba/smb-%L.conf [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2LE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2LE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16LE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16LE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS-2BE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS-2BE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-16BE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-16BE [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF8 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF8 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UTF-8 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UTF-8 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ASCII [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset ASCII [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset 646 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset 646 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset ISO-8859-1 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset ISO-8859-1 [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(103) Attempting to register new charset UCS2-HEX [2005/10/28 18:41:36, 5] lib/iconv.c:smb_register_charset(111) Registered charset UCS2-HEX [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file "/etc/samba/smb-MERLIN.conf" [2005/10/28 18:41:36, 3] param/loadparm.c:do_section(3545) Processing section "[global]" doing parameter workgroup = MIDEARTH doing parameter netbios name = MERLIN [2005/10/28 18:41:36, 4] param/loadparm.c:handle_netbios_name(2885) handle_netbios_name: set global_myname to: MERLIN doing parameter log file = /var/log/samba/%L-%m [2005/10/28 18:41:36, 4] param/loadparm.c:lp_load(4116) pm_process() returned Yes [2005/10/28 18:41:36, 7] param/loadparm.c:lp_servicenumber(4229) lp_servicenumber: couldn't find homes [2005/10/28 18:41:36, 10] param/loadparm.c:set_server_role(4034) set_server_role: role = ROLE_DOMAIN_PDC [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2005/10/28 18:41:36, 5] lib/util.c:init_names(260) Netbios name list:- my_netbios_names[0]="MERLIN" my_netbios_names[1]="SAURON" [2005/10/28 18:41:36, 2] lib/interface.c:add_interface(81) added interface ip=172.16.10.4 bcast=172.16.10.255 nmask=255.255.255.0 [2005/10/28 18:41:36, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2005/10/28 18:41:36, 10] libsmb/namequery.c:internal_resolve_name(1028) internal_resolve_name: looking up MERLIN#20 [2005/10/28 18:41:36, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lib/samba/gencache.tdb [2005/10/28 18:41:36, 10] lib/gencache.c:gencache_get(269) Returning expired cache entry: key = NBT/MERLIN#20, value = 172.16.10.4:0, timeout = Fri Oct 28 18:23:39 2005 [2005/10/28 18:41:36, 5] libsmb/namecache.c:namecache_fetch(195) no entry for MERLIN#20 found. [2005/10/28 18:41:36, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/MERLIN#20) [2005/10/28 18:41:36, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name MERLIN<0x20> [2005/10/28 18:41:36, 10] lib/gencache.c:gencache_get(269) Returning expired cache entry: key = WINS_SRV_DEAD/127.0.0.1,0.0.0.0, value = DOWN, timeout = Fri Oct 28 00:11:58 2005 [2005/10/28 18:41:36, 4] lib/wins_srv.c:wins_srv_is_dead(111) wins_srv_is_dead: 127.0.0.1 is alive [2005/10/28 18:41:36, 3] libsmb/namequery.c:resolve_wins(791) resolve_wins: using WINS server 127.0.0.1 and tag '*' [2005/10/28 18:41:36, 10] lib/util_sock.c:open_socket_in(832) bind succeeded on port 0 [2005/10/28 18:41:36, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 50 to (127.0.0.1) on port 137 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_udp_socket(286) read_udp_socket: lastip 127.0.0.1 lastport 137 read: 62 [2005/10/28 18:41:36, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 23414 [2005/10/28 18:41:36, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 62 from (127.0.0.1) port 137 [2005/10/28 18:41:36, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 127.0.0.1(137) header: id=23414 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=MERLIN<20> rr_type=32 rr_class=1 ttl=258660 answers 0 char `..... hex 6000AC100A04 [2005/10/28 18:41:36, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 127.0.0.1 ( 172.16.10.4 ) [2005/10/28 18:41:36, 10] libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2005/10/28 18:41:36, 5] libsmb/namecache.c:namecache_store(131) namecache_store: storing 1 address for MERLIN#20: 172.16.10.4:0 [2005/10/28 18:41:36, 10] lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/MERLIN#20; value = 172.16.10.4:0 and timeout = Fri Oct 28 18:52:36 2005 (660 seconds ahead) [2005/10/28 18:41:36, 10] libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 172.16.10.4:0 [2005/10/28 18:41:36, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=MERLIN [2005/10/28 18:41:36, 3] lib/util_sock.c:open_socket_out(867) Connecting to 172.16.10.4 at port 445 [2005/10/28 18:41:36, 2] lib/util_sock.c:open_socket_out(904) error connecting to 172.16.10.4:445 (Connection refused) [2005/10/28 18:41:36, 3] lib/util_sock.c:open_socket_out(867) Connecting to 172.16.10.4 at port 139 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_KEEPALIVE = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_REUSEADDR = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_BROADCAST = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_NODELAY = 1 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPCNT = 9 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPIDLE = 7200 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option TCP_KEEPINTVL = 75 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_LOWDELAY = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option IPTOS_THROUGHPUT = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDBUF = 50592 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVBUF = 87888 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDLOWAT = 1 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVLOWAT = 1 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_SNDTIMEO = 0 [2005/10/28 18:41:36, 5] lib/util_sock.c:print_socket_options(203) socket option SO_RCVTIMEO = 0 [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,72) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,72) wrote 72 [2005/10/28 18:41:36, 5] libsmb/cliconnect.c:cli_session_request(1233) Sent session request [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 0 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,183) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,183) wrote 183 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 85 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6233 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=23040 (0x5A00) smb_vwv[ 8]= 24 (0x18) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=13472 (0x34A0) smb_vwv[13]= 8580 (0x2184) smb_vwv[14]=50652 (0xC5DC) smb_vwv[15]=26625 (0x6801) smb_vwv[16]= 1 (0x1) smb_bcc=16 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6233 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=23040 (0x5A00) smb_vwv[ 8]= 24 (0x18) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=13472 (0x34A0) smb_vwv[13]= 8580 (0x2184) smb_vwv[14]=50652 (0xC5DC) smb_vwv[15]=26625 (0x6801) smb_vwv[16]= 1 (0x1) smb_bcc=16 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 6D 65 72 6C 69 6E 00 00 00 00 00 00 00 00 00 00 merlin.. ........ [2005/10/28 18:41:36, 4] lib/time.c:get_serverzone(125) Serverzone is 21600 [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,92) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,92) wrote 92 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 150 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=150 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6233 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=109 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 31 00 70 00 72 00 65 00 31 00 2D 00 53 00 56 .1.p.r.e .1.-.S.V [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 2D .U.N.K.N .O.W.N.- [050] 00 53 00 55 00 53 00 45 00 00 00 4D 00 49 00 44 .S.U.S.E ...M.I.D [060] 00 45 00 41 00 52 00 54 00 48 00 00 00 .E.A.R.T .H... [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=150 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6233 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=109 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 31 00 70 00 72 00 65 00 31 00 2D 00 53 00 56 .1.p.r.e .1.-.S.V [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 2D .U.N.K.N .O.W.N.- [050] 00 53 00 55 00 53 00 45 00 00 00 4D 00 49 00 44 .S.U.S.E ...M.I.D [060] 00 45 00 41 00 52 00 54 00 48 00 00 00 .E.A.R.T .H... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,80) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,80) wrote 80 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 48 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 49 50 43 00 00 00 00 IPC.... [2005/10/28 18:41:36, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,104) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,104) wrote 104 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 103 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 6656 (0x1A00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2042) Bind RPC Pipe[751a]: \lsarpc auth_type 0, auth_level 0 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:valid_pipe_name(1645) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:valid_pipe_name(1648) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0010 max_tsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0012 max_rsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 assoc_gid: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_contexts: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c context_id : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001e num_transfer_syntaxes: 01 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 12345778 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1234 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : abcd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0028 data : ef 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 002a data : 01 23 45 67 89 ab [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000000 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 data : 8a885d04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0038 data : 1ceb [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003a data : 11c9 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003c data : 9f e8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003e data : 08 00 2b 10 48 60 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0044 version: 00000002 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29978 (0x751A) smb_bcc=87 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,158) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,158) wrote 158 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 124 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 68 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a returned 68 bytes. [2005/10/28 18:41:36, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2079) rpc_pipe_bind: Remote machine MERLIN pipe \lsarpc fnum 0x751a bind request returned ok. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0010 max_tsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0012 max_rsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 assoc_gid: 000053f0 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0018 len: 000c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 001a str: \PIPE\lsass. [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 num_results: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002c result : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002e reason : 0000 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 data : 8a885d04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0034 data : 1ceb [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0036 data : 11c9 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0038 data : 9f e8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003a data : 08 00 2b 10 48 60 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 version: 00000002 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:check_bind_response(1699) check_bind_response: accepted! [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2235) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine MERLIN and bound anonymously. [2005/10/28 18:41:36, 5] rpc_parse/parse_lsa.c:init_q_open_pol(261) init_open_pol: attr:0 da:33554432 [2005/10/28 18:41:36, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(193) init_lsa_obj_attr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 system_name: 005c [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 len : 00000018 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c ptr_root_dir: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 ptr_obj_name: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 attributes : 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 ptr_sec_desc: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c ptr_sec_qos : 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 des_access: 02000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 003c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000024 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0006 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29978 (0x751A) smb_bcc=75 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,146) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,146) wrote 146 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 104 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 48 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a returned 48 bytes. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 0014 status: NT_STATUS_OK [2005/10/28 18:41:36, 5] rpc_parse/parse_lsa.c:init_q_query(445) init_q_query [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 info_class: 0005 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000016 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0007 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29978 (0x751A) smb_bcc=61 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 40 C5 62 43 5A 18 00 00 05 00 ...@.bCZ ..... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,132) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,132) wrote 132 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 160 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 4D 00 49 00 44 00 45 ........ .M.I.D.E [040] 00 41 00 52 00 54 00 48 00 04 00 00 00 01 04 00 .A.R.T.H ........ [050] 00 00 00 00 05 15 00 00 00 8F 99 4A 2B C5 38 1A ........ ...J+.8. [060] F6 3D 1C A1 45 00 00 00 00 .=..E... . [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0068 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000050 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 104, data_len 80, ss_len 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 104 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a returned 160 bytes. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 22000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 info_class: 0005 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 uni_dom_max_len: 0010 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a uni_dom_str_len: 0012 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c buffer_dom_name: 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 buffer_dom_sid : 00000001 [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 uni_max_len: 00000009 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 offset : 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_str_len: 00000008 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 0020 buffer : M.I.D.E.A.R.T.H. [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 num_auths: 00000004 [2005/10/28 18:41:36, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0034 sid_rev_num: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0035 num_auths : 04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0036 id_auth[0] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0037 id_auth[1] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 id_auth[2] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 id_auth[3] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[4] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[5] : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32s(930) 003c sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 004c status: NT_STATUS_OK [2005/10/28 18:41:36, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(1192) init_lsa_q_close [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000014 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0000 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29978 (0x751A) smb_bcc=59 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 40 C5 62 43 5A 18 00 00 ...@.bCZ ... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,130) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,130) wrote 130 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 104 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000004 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 48 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \lsarpc fnum 0x751a returned 48 bytes. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 00 00 00 00 00 00 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 0014 status: NT_STATUS_OK [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,45) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,45) wrote 45 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2005/10/28 18:41:36, 10] libsmb/clientgen.c:cli_rpc_pipe_close(373) cli_rpc_pipe_close: closed pipe \lsarpc to machine MERLIN [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,100) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,100) wrote 100 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 103 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=11 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 6912 (0x1B00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2042) Bind RPC Pipe[751b]: \samr auth_type 0, auth_level 0 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:valid_pipe_name(1645) Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4... ...#Eg.. [010] 01 00 00 00 .... [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:valid_pipe_name(1648) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0010 max_tsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0012 max_rsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 assoc_gid: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_contexts: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c context_id : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001e num_transfer_syntaxes: 01 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 12345778 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1234 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : abcd [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0028 data : ef 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 002a data : 01 23 45 67 89 ac [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000001 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 data : 8a885d04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0038 data : 1ceb [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 003a data : 11c9 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003c data : 9f e8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003e data : 08 00 2b 10 48 60 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0044 version: 00000002 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29979 (0x751B) smb_bcc=87 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,158) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,158) wrote 158 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 124 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 68 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b returned 68 bytes. [2005/10/28 18:41:36, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2079) rpc_pipe_bind: Remote machine MERLIN pipe \samr fnum 0x751b bind request returned ok. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000005 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0010 max_tsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0012 max_rsize: 10b8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 assoc_gid: 000053f0 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0018 len: 000c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 001a str: \PIPE\lsass. [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0028 num_results: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002c result : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002e reason : 0000 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 data : 8a885d04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0034 data : 1ceb [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0036 data : 11c9 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 0038 data : 9f e8 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 003a data : 08 00 2b 10 48 60 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0040 version: 00000002 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:check_bind_response(1699) check_bind_response: accepted! [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2235) cli_rpc_pipe_open_noauth: opened pipe \samr to machine MERLIN and bound anonymously. [2005/10/28 18:41:36, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) cli_samr_connect to MERLIN [2005/10/28 18:41:36, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6666) init_samr_q_connect [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr_srv_name: 00000001 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000007 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000007 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875) 0010 buffer : M.E.R.L.I.N... [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 access_mask: 02000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 003c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000024 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0039 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29979 (0x751B) smb_bcc=75 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 39 00 01 00 00 00 07 00 00 00 00 .....9.. ........ [030] 00 00 00 07 00 00 00 4D 00 45 00 52 00 4C 00 49 .......M .E.R.L.I [040] 00 4E 00 00 00 00 00 00 00 00 02 .N...... ... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,146) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,146) wrote 146 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 104 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000006 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 48 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b returned 48 bytes. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 0014 status: NT_STATUS_OK [2005/10/28 18:41:36, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) cli_samr_open_domain with sid S-1-5-21-726309263-4128913605-1168186429 [2005/10/28 18:41:36, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) samr_init_samr_q_open_domain [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 flags: 02000000 [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 num_auths: 00000004 [2005/10/28 18:41:36, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001c sid_rev_num: 01 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001d num_auths : 04 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001e id_auth[0] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 001f id_auth[1] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0020 id_auth[2] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0021 id_auth[3] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0022 id_auth[4] : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0023 id_auth[5] : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32s(930) 0024 sub_auths : 00000015 2b4a998f f61a38c5 45a11c3d [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 004c [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000034 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0007 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29979 (0x751B) smb_bcc=91 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 02 04 ...@.bCZ ........ [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 8F ........ ........ [050] 99 4A 2B C5 38 1A F6 3D 1C A1 45 .J+.8..= ..E [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,162) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,162) wrote 162 [2005/10/28 18:41:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 104 [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 40 C5 62 43 5A 18 00 00 00 00 00 .....@.b CZ...... [030] 00 . [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000007 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(841) rpc_api_pipe: got PDU len of 48 at offset 0 [2005/10/28 18:41:36, 10] rpc_client/cli_pipe.c:rpc_api_pipe(892) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b returned 48 bytes. [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000003 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_ntstatus(733) 0014 status: NT_STATUS_OK [2005/10/28 18:41:36, 10] rpc_client/cli_samr.c:rpccli_samr_query_dom_info(1097) cli_samr_query_dom_info [2005/10/28 18:41:36, 5] rpc_parse/parse_samr.c:init_samr_q_query_dom_info(466) samr_init_samr_q_query_dom_info [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_query_dom_info [2005/10/28 18:41:36, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000003 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8s(790) 000c data5: 40 c5 62 43 5a 18 00 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 switch_value: 0002 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000008 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000016 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2005/10/28 18:41:36, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 opnum : 0008 [2005/10/28 18:41:36, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751b [2005/10/28 18:41:36, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:36, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=6233 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29979 (0x751B) smb_bcc=61 [2005/10/28 18:41:36, 10] lib/util.c:dump_data(2063) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 00 16 ........ ........ [020] 00 00 00 00 00 08 00 00 00 00 00 03 00 00 00 00 ........ ........ [030] 00 00 00 40 C5 62 43 5A 18 00 00 02 00 ...@.bCZ ..... [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(132) write_socket(4,132) [2005/10/28 18:41:36, 6] libsmb/clientgen.c:write_socket(135) write_socket(4,132) wrote 132 [2005/10/28 18:41:46, 10] lib/util_sock.c:read_socket_with_timeout(468) read_socket_with_timeout: timeout read. select timed out. [2005/10/28 18:41:46, 10] lib/util_sock.c:receive_smb_raw(666) receive_smb_raw: length < 0! [2005/10/28 18:41:46, 10] libsmb/clientgen.c:client_receive_smb(63) client_receive_smb failed [2005/10/28 18:41:46, 5] lib/util.c:show_msg(454) [2005/10/28 18:41:46, 5] lib/util.c:show_msg(464) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2005/10/28 18:41:46, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine MERLIN pipe \samr fnum 0x751breturned critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2005/10/28 18:41:46, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_query_dom_info [2005/10/28 18:41:46, 0] rpc_parse/parse_prs.c:prs_mem_get(558) prs_mem_get: reading data of size 4 would overrun buffer by 4 bytes. [2005/10/28 18:41:46, 1] utils/net_rpc.c:run_rpc_command(169) rpc command function failed! (NT_STATUS_UNSUCCESSFUL) [2005/10/28 18:41:46, 0] libsmb/clientgen.c:cli_rpc_pipe_close(365) cli_rpc_pipe_close: cli_close failed on pipe \samr to machine MERLIN. Error was Call timed out: server did not respond after 10000 milliseconds [2005/10/28 18:41:46, 10] libsmb/clientgen.c:cli_rpc_pipe_close(373) cli_rpc_pipe_close: closed pipe \samr to machine MERLIN [2005/10/28 18:41:46, 2] utils/net.c:main(876) return code = 1 merlin:/var/log/samba # xit