Frame 1 (156 bytes on wire, 156 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.795951000 Time delta from previous packet: 0.000000000 seconds Time since reference or first frame: 0.000000000 seconds Frame Number: 1 Packet Length: 156 bytes Capture Length: 156 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b), Dst: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Destination: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.168 (192.168.2.168), Dst: 192.168.2.209 (192.168.2.209) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 142 Identification: 0xda84 (55940) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xd91b [correct] Good: True Bad : False Source: 192.168.2.168 (192.168.2.168) Destination: 192.168.2.209 (192.168.2.209) Transmission Control Protocol, Src Port: 32831 (32831), Dst Port: microsoft-ds (445), Seq: 0, Ack: 0, Len: 90 Source port: 32831 (32831) Destination port: microsoft-ds (445) Sequence number: 0 (relative sequence number) Next sequence number: 90 (relative sequence number) Acknowledgement number: 0 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16022 Checksum: 0x874a [incorrect, should be 0xaa64] Options: (12 bytes) NOP NOP Time stamp: tsval 154027383, tsecr 1185139101 NetBIOS Session Service Message Type: Session message Length: 86 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30262 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 20 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 20 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 21 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File Unix Basic (512) Reserved: 00000000 File Name: \dataP Frame 2 (231 bytes on wire, 231 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796125000 Time delta from previous packet: 0.000174000 seconds Time since reference or first frame: 0.000174000 seconds Frame Number: 2 Packet Length: 231 bytes Capture Length: 231 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2), Dst: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Destination: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.209 (192.168.2.209), Dst: 192.168.2.168 (192.168.2.168) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 217 Identification: 0xad7b (44411) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x05da [correct] Good: True Bad : False Source: 192.168.2.209 (192.168.2.209) Destination: 192.168.2.168 (192.168.2.168) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 32831 (32831), Seq: 0, Ack: 90, Len: 165 Source port: microsoft-ds (445) Destination port: 32831 (32831) Sequence number: 0 (relative sequence number) Next sequence number: 165 (relative sequence number) Acknowledgement number: 90 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1716 Checksum: 0x07fd [correct] Options: (12 bytes) NOP NOP Time stamp: tsval 1185157067, tsecr 154027383 NetBIOS Session Service Message Type: Session message Length: 161 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 1 Time from request: 0.000174000 seconds SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc041 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .1.. .... = Long Names Used: Path names in request are long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30262 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 101 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 101 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 106 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data File size: 0 Number of bytes: 4096 Last status change: May 2, 2006 11:51:07.000000000 Last access: Jun 1, 2006 11:46:52.000000000 Last modification: May 2, 2006 11:51:07.000000000 UID: 703 GID: 1000 File type: Directory (1) Major device: 0x0000000000000000 Minor device: 0x0000000000000000 Unique ID: 0x00000000019bc011 File permissions: 0x00000000000001fd Num links: 5 Unknown Data: 00 Frame 3 (66 bytes on wire, 66 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796172000 Time delta from previous packet: 0.000047000 seconds Time since reference or first frame: 0.000221000 seconds Frame Number: 3 Packet Length: 66 bytes Capture Length: 66 bytes Protocols in frame: eth:ip:tcp Ethernet II, Src: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b), Dst: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Destination: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.168 (192.168.2.168), Dst: 192.168.2.209 (192.168.2.209) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0xda86 (55942) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xd973 [correct] Good: True Bad : False Source: 192.168.2.168 (192.168.2.168) Destination: 192.168.2.209 (192.168.2.209) Transmission Control Protocol, Src Port: 32831 (32831), Dst Port: microsoft-ds (445), Seq: 90, Ack: 165, Len: 0 Source port: 32831 (32831) Destination port: microsoft-ds (445) Sequence number: 90 (relative sequence number) Acknowledgement number: 165 (relative ack number) Header length: 32 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16022 Checksum: 0xac65 [correct] Options: (12 bytes) NOP NOP Time stamp: tsval 154027384, tsecr 1185157067 Frame 4 (166 bytes on wire, 166 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796279000 Time delta from previous packet: 0.000107000 seconds Time since reference or first frame: 0.000328000 seconds Frame Number: 4 Packet Length: 166 bytes Capture Length: 166 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b), Dst: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Destination: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.168 (192.168.2.168), Dst: 192.168.2.209 (192.168.2.209) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0xda88 (55944) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xd90d [correct] Good: True Bad : False Source: 192.168.2.168 (192.168.2.168) Destination: 192.168.2.209 (192.168.2.209) Transmission Control Protocol, Src Port: 32831 (32831), Dst Port: microsoft-ds (445), Seq: 90, Ack: 165, Len: 100 Source port: 32831 (32831) Destination port: microsoft-ds (445) Sequence number: 90 (relative sequence number) Next sequence number: 190 (relative sequence number) Acknowledgement number: 165 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16022 Checksum: 0x8754 [incorrect, should be 0x5002] Options: (12 bytes) NOP NOP Time stamp: tsval 154027384, tsecr 1185157067 NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30263 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File Unix Basic (512) Reserved: 00000000 File Name: \dataP\temp Frame 5 (231 bytes on wire, 231 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796471000 Time delta from previous packet: 0.000192000 seconds Time since reference or first frame: 0.000520000 seconds Frame Number: 5 Packet Length: 231 bytes Capture Length: 231 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2), Dst: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Destination: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.209 (192.168.2.209), Dst: 192.168.2.168 (192.168.2.168) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 217 Identification: 0xad7d (44413) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x05d8 [correct] Good: True Bad : False Source: 192.168.2.209 (192.168.2.209) Destination: 192.168.2.168 (192.168.2.168) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 32831 (32831), Seq: 165, Ack: 190, Len: 165 Source port: microsoft-ds (445) Destination port: 32831 (32831) Sequence number: 165 (relative sequence number) Next sequence number: 330 (relative sequence number) Acknowledgement number: 190 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1716 Checksum: 0x86ce [correct] Options: (12 bytes) NOP NOP Time stamp: tsval 1185157067, tsecr 154027384 NetBIOS Session Service Message Type: Session message Length: 161 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 4 Time from request: 0.000192000 seconds SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc041 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .1.. .... = Long Names Used: Path names in request are long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30263 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 101 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 101 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 106 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data File size: 0 Number of bytes: 12288 Last status change: May 30, 2006 20:22:17.000000000 Last access: Jun 1, 2006 11:46:58.000000000 Last modification: May 30, 2006 20:22:17.000000000 UID: 703 GID: 1000 File type: Directory (1) Major device: 0x0000000000000000 Minor device: 0x0000000000000000 Unique ID: 0x000000000061c00a File permissions: 0x00000000000001fd Num links: 2 Unknown Data: 00 Frame 6 (204 bytes on wire, 204 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796527000 Time delta from previous packet: 0.000056000 seconds Time since reference or first frame: 0.000576000 seconds Frame Number: 6 Packet Length: 204 bytes Capture Length: 204 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b), Dst: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Destination: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.168 (192.168.2.168), Dst: 192.168.2.209 (192.168.2.209) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 190 Identification: 0xda8a (55946) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xd8e5 [correct] Good: True Bad : False Source: 192.168.2.168 (192.168.2.168) Destination: 192.168.2.209 (192.168.2.209) Transmission Control Protocol, Src Port: 32831 (32831), Dst Port: microsoft-ds (445), Seq: 190, Ack: 330, Len: 138 Source port: 32831 (32831) Destination port: microsoft-ds (445) Sequence number: 190 (relative sequence number) Next sequence number: 328 (relative sequence number) Acknowledgement number: 330 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16022 Checksum: 0x877a [incorrect, should be 0x5a34] Options: (12 bytes) NOP NOP Time stamp: tsval 154027384, tsecr 1185157067 NetBIOS Session Service Message Type: Session message Length: 134 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30264 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 68 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 68 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 69 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File Unix Basic (512) Reserved: 00000000 File Name: \dataP\temp\70mmrockets_CO.tga Frame 7 (231 bytes on wire, 231 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.796730000 Time delta from previous packet: 0.000203000 seconds Time since reference or first frame: 0.000779000 seconds Frame Number: 7 Packet Length: 231 bytes Capture Length: 231 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2), Dst: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Destination: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.209 (192.168.2.209), Dst: 192.168.2.168 (192.168.2.168) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 217 Identification: 0xad7f (44415) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x05d6 [correct] Good: True Bad : False Source: 192.168.2.209 (192.168.2.209) Destination: 192.168.2.168 (192.168.2.168) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 32831 (32831), Seq: 330, Ack: 328, Len: 165 Source port: microsoft-ds (445) Destination port: 32831 (32831) Sequence number: 330 (relative sequence number) Next sequence number: 495 (relative sequence number) Acknowledgement number: 328 (relative ack number) Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1716 Checksum: 0xa4a3 [correct] Options: (12 bytes) NOP NOP Time stamp: tsval 1185157067, tsecr 154027384 NetBIOS Session Service Message Type: Session message Length: 161 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 6 Time from request: 0.000203000 seconds SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc041 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .1.. .... = Long Names Used: Path names in request are long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 1 Process ID: 32455 User ID: 100 Multiplex ID: 30264 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 101 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 101 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 106 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data File size: 786476 Number of bytes: 794624 Last status change: Jan 25, 2006 15:17:31.000000000 Last access: May 31, 2006 15:09:27.000000000 Last modification: Jan 25, 2006 15:17:31.000000000 UID: 0 GID: 1000 File type: File (0) Major device: 0x0000000000000000 Minor device: 0x0000000000000000 Unique ID: 0x000000000061c0f8 File permissions: 0x00000000000001b6 Num links: 1 Unknown Data: 00 Frame 8 (66 bytes on wire, 66 bytes captured) Arrival Time: Jun 1, 2006 11:51:00.836013000 Time delta from previous packet: 0.039283000 seconds Time since reference or first frame: 0.040062000 seconds Frame Number: 8 Packet Length: 66 bytes Capture Length: 66 bytes Protocols in frame: eth:ip:tcp Ethernet II, Src: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b), Dst: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Destination: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) Address: AbitComp_a4:4f:c2 (00:50:8d:a4:4f:c2) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Source: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) Address: PlanetTe_05:e7:5b (00:30:4f:05:e7:5b) .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame .... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address Type: IP (0x0800) Internet Protocol, Src: 192.168.2.168 (192.168.2.168), Dst: 192.168.2.209 (192.168.2.209) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0xda8c (55948) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xd96d [correct] Good: True Bad : False Source: 192.168.2.168 (192.168.2.168) Destination: 192.168.2.209 (192.168.2.209) Transmission Control Protocol, Src Port: 32831 (32831), Dst Port: microsoft-ds (445), Seq: 328, Ack: 495, Len: 0 Source port: 32831 (32831) Destination port: microsoft-ds (445) Sequence number: 328 (relative sequence number) Acknowledgement number: 495 (relative ack number) Header length: 32 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16022 Checksum: 0xaa05 [correct] Options: (12 bytes) NOP NOP Time stamp: tsval 154027424, tsecr 1185157067