安全 : Cisco PIX 500 系列安全设备

配置 PIX 以允许对 NT 域上共享文件夹的远程访问

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

本文解释如何配置Cisco安全PIX防火墙来允许访问对通过PIX防火墙的NT域共享文件夹进行访问。您可以通过使用Windows联网访问驻留在PIX内部接口里的主机。您也可以登录到具有相同配置的域。本文档中的配置信息仅涵盖 Windows NT 域,不包括 Windows 2000 或 Active Directory。

注意: 管理员应评估允许 Windows Networking 流量对于任何公司安全策略的安全影响。

开始使用前

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

先决条件

本文档假设您已熟悉 Microsoft 和 Windows Networking 原理。您可以参阅以下有用参考资料以了解更多信息:

当用户在NT域尝试访问一个共享文件夹时,此部分描述如何配置PIX允许以下数据流。

  • 在尝试访问共享文件夹之前:

    1. 尝试访问第一个注册器的PC,使用NETBIOS名称服务,并使用源和目的地UDP端口137。

    2. 它使用包括源和目的地UDP端口138,搜索域控制器,供使用Netlogon数据流的域使用。

  • 访问和关闭文件夹时:

    1. 它使用源1024-65536/TCP和目的地139/TCP建立网络基本输入/输出系统(NetBIOS)会话,供访问共享文件夹使用。

    2. 在 NetBIOS 会话完成后将其终止。

使用的组件

虽然您能使用所有硬件和PIX软件,本文是使用以下...发展和测试的:

  • Cisco PIX 防火墙软件版本 6.1(1)

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。

配置您的 PIX 软件

当用户在NT域尝试访问一个共享文件夹时,此部分描述如何配置PIX允许以下数据流。

网络图

本文档使用下图所示的网络设置。

/image/gif/paws/18801/pixnetbios-a.gif

此示例包括二台内部主机:

  • 10.48.66.106 - RAGE,在本例中既是主域控制器(PDC)也是WINDOWS命名服务(WINS)服务器。

  • 10.48.66.73 - NPITRN,是包含要共享的资源或文件夹的另一台主机。

主机 AYPC 位于外部接口上,其 IP 地址为 192.168.10.5。在此设置中,该计算机是内部域的一部分。但是,要访问共享文件夹,不一定要与此情况相同。这与机器必须属于域或必须存在信任关系的域登录有所不同。

例如对于通过防火墙访问资源或文件夹,您能使用通用命名规则(UNC),比如输入\\resource_name;或者可以双击“网络邻居”图标。

此示例使用两个接口PIX,但是对于任何编号的接口,概念保持相同。

配置 WINS 和 PIX 防火墙

按照以下步骤配置 WINS 和 PIX 防火墙。

  1. 配置 WINS 并且验证不带 PIX 的可访问性。(可选)

    如果尚未执行此操作,请配置 WINS 以进行 NetBIOS 名称解析。

    在此特定设置中,PDC 和 WINS 位于同一计算机上。在您的网络中可能不是这样。此设置中的域名为 TACWEB,计算机名称为 RAGE。此实验室环境示例显示了访问 RAGE 和/或 NPITRN 上共享文件夹的尝试。存在对应于 WINS 服务器中的 PDC 和内部主机 NPITRN 的条目。

    Windows NT 资源包的管理 MS WINS 服务一章中提供了有关如何配置 WINS 的更多详细信息。leavingcisco.com 如果您的WINS服务器是多宿主的,您必须为所有IP地址配置静态映射,并配置PIX中的相应静态和访问列表。确保配置了用于进行 WINS 名称解析的外部客户端。

  2. 为 PIX 防火墙配置相应的 static 和 conduit/访问列表(无 NAT)。

    如果配置涉及网络地址转换 (NAT),请参阅下面的步骤 3。下面显示了所讨论的仅与 PIX 配置相关的部分。有关基本 PIX 配置详细信息,请参阅“相关信息”部分。Windows联网使用UDP端口137,UDPs端口138和TCP 139,供访问文件夹所需的不同NETBIOS服务使用。

    注意: 本文档使用 5.0.1 版中引入的 PIX access-list 语法;也可以使用 conduit,但不能将其与访问列表一起使用。

    要允许数据流从较低安全性接口流向高安全性接口,请在PIX上定义访问控制列表。

    pixfirewall(config)# access-list msnet permit tcp any h 10.48.66.106 eq 139 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.106 eq 138 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.106 eq 137 
    pixfirewall(config)# access-list msnet permit tcp any h 10.48.66.73 eq 139 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.73 eq 138 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.73 eq 137 
    
    
    pixfirewall(config)# show access-list 
    access-list msnet permit tcp any host 10.48.66.73 eq 139 (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.73 eq netbios-dgm (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.73 eq netbios-ns (hitcnt=0) 
    access-list msnet permit tcp any host 10.48.66.106 eq 139 (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.106 eq netbios-dgm (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.106 eq netbios-ns (hitcnt=0)

    如您所见,PIX 将使用已知服务名称替换端口号。您需要打开供Windows NETBIOS服务使用的PIX(如上所述),供您希望远程访问的每台主机使用。例外是当您定义网络静态时,它包含您内部网络的所有主机并允许全部子网都能被访问。

    注意: 所有您希望远程访问的资源需要一个静态ip的分配,并且不使用动态主机配置协议(DHCP)。配置相应的 static 并进行验证。

    pixfirewall(config)# show stat 
    static (inside,outside) 10.48.66.106 10.48.66.106 netmask 255.255.255.255 0 0 
    static (inside,outside) 10.48.66.73 10.48.66.73 netmask 255.255.255.255 0 0
  3. 为 PIX 防火墙配置 NAT。((如果需要)

    注意: 此部分仅适用于涉及 NAT 的 PIX 配置。如果您不使用NAT,请确保您完成了上述步骤1和步骤2,然后继续验证通过PIX防火墙的可访问性。

    涉及 NAT 时,请考虑以下两种因素:

    • 配置 WINS 服务器,以便将转换过的和内部的IP地址返回给WINS客户端。要这样做,就选择互联网组作为WINS管理器的Add Static Mappings对话框中的Type选项。用户定义的互联网组选项允许您为单个名称指定最多25个地址。

      当WINS客户端与WINS服务器进行NETBIOS名称解析时,WINS会返回它们的地址,并且客户端能够与资源建立NETBIOS会话。

    • PIX 配置需要反映相应的访问列表和 static 。例如,使用相同的设置但涉及 NAT 时,配置为:

      static (inside,outside) 192.168.10.50 10.48.66.106 netmask 255.255.255.255 0 0 
      static (inside,outside) 192.168.10.60 10.48.66.73 netmask 255.255.255.255 0 0 
      access-list msnet permit tcp any host 192.168.10.50 eq 139 
      access-list msnet permit udp any host 192.168.10.50 eq netbios-dgm 
      access-list msnet permit udp any host 192.168.10.50 eq netbios-ns 
      access-list msnet permit tcp any host 192.168.10.60 eq 139 
      access-list msnet permit udp any host 192.168.10.60 eq netbios-dgm 
      access-list msnet permit udp any host 192.168.10.60 eq netbios-ns 
      access-list msnet permit icmp any any 
      access-group msnet in interface outside

验证

验证通过 PIX 防火墙的可访问性

按照下列步骤验证通过 PIX 防火墙的可访问性:

注意: 在继续进行验证之前,请确保您能够ping通内部资源(例如,在本例中为RAGE和NPITRN主机),以避免与任何基本IP连接问题相关的问题。如果您的安全策略不允许ping数据流,您可以配置访问控制列表或管道(conduit)允许ping操作,并在以后删除它。

  1. 开启对 PIX 防火墙的调试以查看数据包流。

    pixfirewall(config)# logging on 
    pixfirewall(config)# logging console debug
    
  2. 使用 show logging 命令验证设置:

    pixfirewall(config)# show logging
    <snip>
       Console logging: level debugging, 25 messages logged 
    <snip>
    
    pixfirewall(config)# show xlate 
    0 in use, 45 most used 
    
  3. 尝试重新启动 PC 并使用 UNC 访问资源。在远程计算机上,选择 Start > Find Computer,并键入您想要访问资源的名称。在本示例中,NPITRN 即为该资源。

  4. 重新启动外部 PC(本示例中为 AYPC)。当 AYPC 启动时,将可看到对 PIX 进行的以下调试。这为预期内容,是上面所述的数据包流概述的一部分。

    pixfirewall(config)# 
    609001: Built local-host inside:10.48.66.106 
    305002: Translation built for gaddr 10.48.66.106 to laddr 10.48.66.106 
    302005: Built UDP connection for faddr 192.168.10.5/137 gaddr 10.48.66.106/137 
    laddr 10.48.66.106/137 
    302005: Built UDP connection for faddr 192.168.10.5/138 gaddr 10.48.66.106/138 
    laddr 10.48.66.106/138 
    302001: Built inbound TCP connection 420 for faddr 192.168.10.5/1027 
    gaddr 10.48.66.106/139 laddr 10.48.66.106/139 
    302001: Built inbound TCP connection 421 for faddr 192.168.10.5/1032 
    gaddr 10.48.66.106/139 laddr 10.48.66.106/139 
    pixfirewall(config)# 302006: Teardown UDP connection for faddr 192.168.10.5/138 
    gaddr 10.48.66.106/138 laddr 10.48.66.106/138 
    pixfirewall(config)#show xlate 
    1 in use, 45 most used 
    Global 10.48.66.106 Local 10.48.66.106 static 
    pixfirewall(config)# show conn 
    3 in use, 12 most used 
    TCP out 192.168.10.5:1027 in 10.48.66.106:139 idle 0:01:41 Bytes 23514 
    flags UIOB 
    TCP out 192.168.10.5:1032 in 10.48.66.106:139 idle 0:02:29 Bytes 1302 
    flags UIOB 
    UDP out 192.168.10.5:137 in 10.48.66.106:137 idle 0:00:56 flags

故障排除步骤

信息和嗅探器跟踪实例故障排除示例

提供了以下信息用于帮助您排除配置故障和了解配置。

Microsoft 网络使用服务器消息块 (SMB) 协议进行 Windows 文件共享和打印服务。有关 SMB 的介绍,请访问什么是 SMB?leavingcisco.com .。

如果您尝试使用\\resource_name访问文件夹时,接收到网络路径不是查找的错误信息对话框:

  • WINS服务器也许不回应客户端请求,以解析NETBIOS名字。当这种情况发生时,客户端将再次尝试;如果此处没有响应,它将在本地网段上进行广播。由于 PIX 会阻止广播(无法更改此情况),名称解析将失败。这最终会导致显示上面的错误消息。

    要解决此问题,检查WINS服务器为什么不回应,并修理WINS服务器。设法捕获嗅探器跟踪,查看WINS是否正在回应,信息包是否正回到客户端。请修复该问题,以便数据包可以到达客户端。

如果您的WINS服务器是多宿主的,请在WINS 管理器中验证静态映射,并确认所有相关IP地址都存在静态和访问列表。

下面提供了工作连接的十五帧示例嗅探器跟踪。排除相似问题时,请使用该跟踪作为基准跟踪。

  • 帧 1-6 显示了客户端与 WINS 服务器之间发生的名称注册过程。

  • 帧7-8显示客户端和WINS服务器之间的NetLogon进程(客户端寻找DC)。

  • 帧 9-11 显示了 TCP 会话建立过程。

  • 帧 12-13 显示了 NetBIOS 会话建立过程。

  • 帧14-15显示SMB协商的开始,以及用户访问完资源时,如何继续并终止该过程。

    注意: 由于空间限制,此嗅探器跟踪已编辑为适合屏幕大小。

- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source           
 \",\"Bytes\",\"Protocol  \",\"Summary\" 
"    M ","     1","0.000.000    ","RAGE              ","AYPC              ","   
92 ","WINS"," C ID=32860 OP=QUERY NAME=TACWEB<1C>" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 1 arrived at  12:58:27.6668; frame size is 92 (005C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 78 bytes 
      IP: Identification  = 5889 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 0C57 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 58 
      UDP: Checksum         = 0F61 (correct) 
      UDP: [50 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32860 
      WINS: Flags = 01 
      WINS: 0... .... = Command 
      WINS: .000 0...   = Query 
      WINS: .... ..0. = Not truncated 
      WINS: .... ...1 = Recursion desired 
      WINS: Flags = 0X 
      WINS: ...0 .... = Non Verified data NOT acceptable 
      WINS: Question count = 1, Answer count = 0 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Question section: 
      WINS:     Name = TACWEB<1C>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS: 
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source         
   \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     2","0.000.582    ","AYPC              ","RAGE              "," 
 110 ","WINS"," R ID=32860 STAT=OK " 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 2 arrived at  12:58:27.6674; frame size is 110 (006E hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 96 bytes 
      IP: Identification  = 49634 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 6163 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 76 
      UDP: Checksum         = A5AB (correct) 
      UDP: [68 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32860 
      WINS: Flags = 85 
      WINS: 1... .... = Response 
      WINS: .... .1.. = Authoritative answer 
      WINS: .000 0...   = Query 
      WINS: .... ..0. = Not truncated 
      WINS: Flags = 8X 
      WINS: ..0. .... = Data NOT verified 
      WINS: 1... .... = Recursion available 
      WINS: Response code = OK (0) 
      WINS: ...0 .... = Unicast packet 
      WINS: Question count = 0, Answer count = 1 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Answer section: 
      WINS:     Name = TACWEB<1C>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 0 (seconds) 
      WINS:     Length = 12 
      WINS: Node flags = 80 
      WINS:  1... .... = Group NetBIOS name 
      WINS:  .00. ....   = B-type node 
      WINS: Node address = [10.48.66.106], RAGE 
      WINS: Node flags = 80 
      WINS:  1... .... = Group NetBIOS name 
      WINS:  .00. ....   = B-type node 
      WINS: Node address = [144.254.7.107] 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 3 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source            
\",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     3","0.002.317    ","RAGE              ","AYPC              ","  308 
","NETLOGON"," SAM LOGON Request from client" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 3 arrived at  12:58:27.6697; frame size is 308 (0134 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 294 bytes 
      IP: Identification  = 6401 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 097F (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 138 (NetBIOS-dgm) 
      UDP: Destination port = 138 (NetBIOS-dgm) 
      UDP: Length           = 274 
      UDP: Checksum         = 627C (correct) 
      UDP: [266 byte(s) of data] 
      UDP: 
NETB: ----- NetBIOS Datagram protocol ----- 
      NETB: 
      NETB: Type = 17 (Direct_group datagram) 
      NETB: Flags = 1A 
      NETB: .... ..1. = First packet 
      NETB: .... ...0 = No more to follow 
      NETB: Datagram ID = 805A 
      NETB: Source node = [192.168.10.5], AYPC 
      NETB: Port = 138 
      NETB: Total datagram length (including names) = 252 
      NETB: Packet offset = 0 
      NETB:      Source NetBIOS name = AYPC<00>  
      NETB: Destination NetBIOS name = TACWEB<1C>  
      NETB: Total datagram length (excluding names) = 184 
      NETB: 
SMB: ----- SMB (CIFS) Transaction Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 25 (Transaction) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Transaction Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 00005C000200000000000200FFFFFFFF000000005C005C005C0
00300010000000200 
      SMB: Byte Count         = 115 
      SMB: Byte parameters    = 5C4D41494C534C4F545C4E45545C4E544C4F474F4E000012000
000410059005000430000004100590050004300240000005C4D41494C534C4F545C4E45545C47455444
43303432008000000018000000000000010400000000000515000000221A8324C44B14687144060B010
00000... 
      SMB: Total parameter bytes being sent = 0 
      SMB: Total data bytes being sent      = 92 
      SMB: Max number of parameter bytes to return  = 2 
      SMB: Max number of data bytes to return       = 0 
      SMB: Max number of Setup words to return      = 0 
      SMB: Reserved(MBZ)                            = 00 
      SMB: Additional information                   = 0002 
      SMB:  ........ ......1. = One way transaction 
      SMB:  ........ .......0 = Preserve TID 
      SMB: Timeout to completion                    = Indefinite wait 
      SMB: Reserved(MBZ)                            = 0000 
      SMB: Number of parameter bytes in this buffer = 0 
      SMB: Offset from header to parameter bytes    = 92 
      SMB: Number of data bytes in this buffer = 92 
      SMB: Offset from header to data bytes    = 92 
      SMB: Setup word count = 3 
      SMB: Reserved(MBZ)    = 00 
      SMB: Setup words      = 010000000200 
      SMB: Byte Count                      = 115 
      SMB: Transaction name = \MAILSLOT\NET\NTLOGON 
      SMB: Data bytes       = 120000004100590050004300000041005900500043002400000
05C4D41494C534C4F545C4E45545C4745544443303432008000000018000000000000010400000000
000515000000221A8324C44B14687144060B01000000FFFFFFFF 
      SMB: 
SMBMSP: ----- SMB MAILSLOTS Protocol ----- 
      SMBMSP: 
      SMBMSP: Op code = 1 (Write mail slot) 
      SMBMSP: Priority of transaction = 0 
      SMBMSP: Class of service = 2 (Unreliable & broadcast) 
      SMBMSP: Total size of mail data = 115 
      SMBMSP: MAILSLOT = "\MAILSLOT\NET\NTLOGON" 
      SMBMSP: 
NETLOGON: ----- SMB NETLOGON Protocol ----- 
      NETLOGON: 
      NETLOGON: NETLOGON Command      =  12  (SAM LOGON Request from client) 
      NETLOGON: Request Count         = 0 (0x0000) 
      NETLOGON: Unicode Computer Name = AYPC 
      NETLOGON: Unicode User Name     = AYPC$ 
      NETLOGON: MailSlot Name         = "\MAILSLOT\NET\GETDC042" 
      NETLOGON: Allowable Account control bits  = 00000080 
      NETLOGON:  ........ ........  .....0.. ........ = User account not 
auto-locked 
      NETLOGON:  ........ ........  ......0. ........ = User Password will 
expire 
      NETLOGON:  ........ ........  .......0 ........ = Not a Server Trust 
user account 
      NETLOGON:  ........ ........  ........ 1....... = Workstation Trust 
user account 
      NETLOGON:  ........ ........  ........ .0...... = Not an Inter-domain 
Trust user account 
      NETLOGON:  ........ ........  ........ ..0..... = Not a MNS Logon user 
account 
      NETLOGON:  ........ ........  ........ ...0.... = Not a normal user 
account 
      NETLOGON:  ........ ........  ........ ....0... = Not a temp duplicate 
user account 
      NETLOGON:  ........ ........  ........ .....0.. = User password required 
      NETLOGON:  ........ ........  ........ ......0. = User Home directory not 
required 
      NETLOGON:  ........ ........  ........ .......0 = User account enabled 
      NETLOGON: Domain SID Size       = 24 (0x00000018) 
      NETLOGON: SID                   = 000000010400000000000515000000221A8324
C44B146871 
      NETLOGON:
- - - - - - - - - - - - - - - - - - - - Frame 4 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source       
     \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     4","0.000.900    ","AYPC              ","RAGE              "," 
 266 ","NETLOGON"," SAM Response to SAM LOGON Request" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 4 arrived at  12:58:27.6706; frame size is 266 (010A hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 252 bytes 
      IP: Identification  = 49890 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 5FC7 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 138 (NetBIOS-dgm) 
      UDP: Destination port = 138 (NetBIOS-dgm) 
      UDP: Length           = 232 
      UDP: Checksum         = D678 (correct) 
      UDP: [224 byte(s) of data] 
      UDP: 
NETB: ----- NetBIOS Datagram protocol ----- 
      NETB: 
      NETB: Type = 16 (Direct_unique datagram) 
      NETB: Flags = 1A 
      NETB: .... ..1. = First packet 
      NETB: .... ...0 = No more to follow 
      NETB: Datagram ID = 8FEE 
      NETB: Source node = [10.48.66.106], RAGE 
      NETB: Port = 138 
      NETB: Total datagram length (including names) = 210 
      NETB: Packet offset = 0 
      NETB:      Source NetBIOS name = RAGE<00>  
      NETB: Destination NetBIOS name = AYPC<00>  
      NETB: Total datagram length (excluding names) = 142 
      NETB: 
SMB: ----- SMB (CIFS) Transaction Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 25 (Transaction) 
      SMB: Reserved           = 0 
      SMB: Flags = 00 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...0 .... = Pathnames are not in canonicalized format 
      SMB: .... 0... = Pathnames are case sensitive 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 0000 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..0. = Client does not support extended attributes 
      SMB:  .... ....  .... ...0 = Client does not support Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = 0000 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Transaction Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 000032000000000000000000E80300000000000000003200
5C000300010001000200 
      SMB: Byte Count         = 73 
      SMB: Byte parameters    = 5C4D41494C534C4F545C4E45545C47455444433034320013
005C005C005200410047004500000041005900500043002400000054004100430057004500420000
0001000000FFFFFFFF 
      SMB: Total parameter bytes being sent = 0 
      SMB: Total data bytes being sent      = 50 
      SMB: Max number of parameter bytes to return  = 0 
      SMB: Max number of data bytes to return       = 0 
      SMB: Max number of Setup words to return      = 0 
      SMB: Reserved(MBZ)                            = 00 
      SMB: Additional information                   = 0000 
      SMB:  ........ ......0. = Two way transaction 
      SMB:  ........ .......0 = Preserve TID 
      SMB: Timeout to completion                    = 1000 (Milliseconds) 
00:00:01.0(HH:MM:SS.MS) 
      SMB: Reserved(MBZ)                            = 0000 
      SMB: Number of parameter bytes in this buffer = 0 
      SMB: Offset from header to parameter bytes    = 0 
      SMB: Number of data bytes in this buffer = 50 
      SMB: Offset from header to data bytes    = 92 
      SMB: Setup word count = 3 
      SMB: Reserved(MBZ)    = 00 
      SMB: Setup words      = 010001000200 
      SMB: Byte Count                      = 73 
      SMB: Transaction name = \MAILSLOT\NET\GETDC042 
      SMB: Data bytes       = 13005C005C0052004100470045000000410059005000430
024000000540041004300570045004200000001000000FFFFFFFF 
      SMB: 
SMBMSP: ----- SMB MAILSLOTS Protocol ----- 
      SMBMSP: 
      SMBMSP: Op code = 1 (Write mail slot) 
      SMBMSP: Priority of transaction = 1 
      SMBMSP: Class of service = 2 (Unreliable & broadcast) 
      SMBMSP: Total size of mail data = 73 
      SMBMSP: MAILSLOT = "\MAILSLOT\NET\GETDC042" 
      SMBMSP: 
NETLOGON: ----- SMB NETLOGON Protocol ----- 
      NETLOGON: 
      NETLOGON: NETLOGON Command      =  13  (SAM Response to SAM LOGON Request) 
      NETLOGON: Unicode Logon Server = \\RAGE 
      NETLOGON: Unicode User Name    = AYPC$ 
      NETLOGON: Unicode Domain Name  = TACWEB 
      NETLOGON: NT Version        = 1 (0x00000001) 
      NETLOGON: LMNT Token        = 0xFFFF 
      NETLOGON: LM20 Token        = 0xFFFF (Lan Manager 2.0 or higher) 
      NETLOGON: 

- - - - - - - - - - - - - - - - - - - - Frame 5 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source         
   \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     5","1.755.851    ","RAGE              ","AYPC              "," 
 110 ","WINS"," C ID=32862 OP=REGISTER NAME=ADMINISTRATOR<03>" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 5 arrived at  12:58:29.4265; frame size is 110 (006E hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 96 bytes 
      IP: Identification  = 6913 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 0845 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 76 
      UDP: Checksum         = 3663 (correct) 
      UDP: [68 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32862 
      WINS: Flags = 29 
      WINS: 0... .... = Command 
      WINS: .010 1...   = Registration 
      WINS: .... ..0. = Not truncated 
      WINS: .... ...1 = Recursion desired 
      WINS: Flags = 0X 
      WINS: ...0 .... = Non Verified data NOT acceptable 
      WINS: Question count = 1, Answer count = 0 
      WINS: Authority count = 0, Additional record count = 1 
      WINS: 
      WINS: Question section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS: 
      WINS: Additional record section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 300000 (seconds) 
      WINS:     Length = 6 
      WINS: Node flags = 60 
      WINS:  0... .... = Unique NetBIOS name 
      WINS:  .11. ....   = H-type node 
      WINS: Node address = [192.168.10.5], AYPC 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 6 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source      
      \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     6","0.001.987    ","AYPC              ","RAGE              ","
  104 ","WINS"," R ID=32862 STAT=OK " 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 6 arrived at  12:58:29.4285; frame size is 104 (0068 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 90 bytes 
      IP: Identification  = 50146 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 5F69 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 70 
      UDP: Checksum         = 1CFA (correct) 
      UDP: [62 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32862 
      WINS: Flags = AD 
      WINS: 1... .... = Response 
      WINS: .... .1.. = Authoritative answer 
      WINS: .010 1...   = Registration 
      WINS: .... ..0. = Not truncated 
      WINS: Flags = 8X 
      WINS: ..0. .... = Data NOT verified 
      WINS: 1... .... = Recursion available 
      WINS: Response code = OK (0) 
      WINS: ...0 .... = Unicast packet 
      WINS: Question count = 0, Answer count = 1 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Answer section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 518400 (seconds) 
      WINS:     Length = 6 
      WINS: Node flags = 60 
      WINS:  0... .... = Unique NetBIOS name 
      WINS:  .11. ....   = H-type node 
      WINS: Node address = [192.168.10.5], AYPC 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 7 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source     
       \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     7","32.953.258   ","RAGE              ","AYPC              ","
   60 ","TCP"," D=139 S=1037 SYN SEQ=39758 LEN=0 WIN=8192" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 7 arrived at  12:59:02.3817; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 7425 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C683 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Initial sequence number = 39758 
      TCP: Next expected Seq number= 39759 
      TCP: Data offset             = 24 bytes 
      TCP: Flags                   = 02 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...0 .... = (No acknowledgment) 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..1. = SYN 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8192 
      TCP: Checksum                = 756A (correct) 
      TCP: 
      TCP: Options follow 
      TCP: Maximum segment size = 1380 
      TCP: 

 - - - - - - - - - - - - - - - - - - - - Frame 8 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     8","0.000.138    ","AYPC              ","RAGE              ","  
 60 ","TCP"," D=1037 S=139 SYN ACK=39759 SEQ=590101 LEN=0 WIN=8280" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 8 arrived at  12:59:02.3819; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 50402 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1EA2 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Initial sequence number = 590101 
      TCP: Next expected Seq number= 590102 
      TCP: Acknowledgment number   = 39759 
      TCP: Data offset             = 24 bytes 
      TCP: Flags                   = 12 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..1. = SYN 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = BF71 (correct) 
      TCP: 
      TCP: Options follow 
      TCP: Maximum segment size = 1460 
      TCP: 

- - - - - - - - - - - - - - - - - - - - Frame 9 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     9","0.001.778    ","RAGE              ","AYPC              "," 
  60 ","TCP"," D=139 S=1037     ACK=590102 WIN=8280" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 9 arrived at  12:59:02.3836; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 40 bytes 
      IP: Identification  = 7681 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C587 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 39759 
      TCP: Next expected Seq number= 39759 
      TCP: Acknowledgment number   = 590102 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 10 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = D72E (correct) 
      TCP: No TCP options 
      TCP: 

- - - - - - - - - - - - - - - - - - - - Frame 10 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    10","0.000.222    ","RAGE              ","AYPC              "," 
 126 ","NETB"," D=RAGE<20> S=AYPC<00> Session request" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 10 arrived at  12:59:02.3839; frame size is 126 (007E hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 112 bytes 
      IP: Identification  = 7937 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C43F (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number        = 39759 
      TCP: Next expected Seq number= 39831 
      TCP: Acknowledgment number   = 590102 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = D120 (correct) 
      TCP: No TCP options 
      TCP: [72 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 81 (Session request) 
      NETB: Flags = 00 
      NETB: Total session packet length = 68 
      NETB:  Called NetBIOS name = RAGE<20> <server service>
NETB: Calling NetBIOS name = AYPC<00>
      NETB: 

- - - - - - - - - - - - - - - - - - - - Frame 11 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    11","0.000.125    ","AYPC              ","RAGE              ","  
 60 ","NETB"," Session confirm" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 11 arrived at  12:59:02.3840; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 50658 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1DA2 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590102 
      TCP: Next expected Seq number= 590106 
      TCP: Acknowledgment number   = 39831 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8208 
      TCP: Checksum                = 5522 (correct) 
      TCP: No TCP options 
      TCP: [4 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 82 (Positive response) 
      NETB: Flags = 00 
      NETB: Total session packet length = 0 
      NETB: 

- - - - - - - - - - - - - - - - - - - - Frame 12 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    12","0.001.427    ","RAGE              ","AYPC              ","  
228 ","CIFS/SMB"," C Negotiate Protocol Max Dialect Index=7" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 12 arrived at  12:59:02.3854; frame size is 228 (00E4 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 214 bytes 
      IP: Identification  = 8193 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C2D9 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 39831 
      TCP: Next expected Seq number= 40005 
      TCP: Acknowledgment number   = 590106 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8276 
      TCP: Checksum                = DE16 (correct) 
      TCP: No TCP options 
      TCP: [174 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 170 
      NETB: 
SMB: ----- SMB (CIFS) Negotiate Protocol Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 72 (Negotiate Protocol) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Negotiate Protocol Header ----- 
      SMB: 
      SMB: Word count         = 0 
      SMB: Byte Count         = 135 
      SMB: Byte parameters    = 025043204E4554574F524B2050524F4752414D20312E300
00258454E495820434F524500024D4943524F534F4654204E4554574F524B5320312E303300024C
414E4D414E312E30000257696E646F777320666F7220576F726B67726F75707320332E316100024
C4D312E3258303032... 
      SMB: Offered Dialects: 
      SMB:     0 = PC NETWORK PROGRAM 1.0 
      SMB:     1 = XENIX CORE 
      SMB:     2 = MICROSOFT NETWORKS 1.03 
      SMB:     3 = LANMAN1.0 
      SMB:     4 = Windows for Workgroups 3.1a 
      SMB:     5 = LM1.2X002 
      SMB:     6 = LANMAN2.1 
      SMB:     7 = NT LM 0.12 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 13 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    13","0.000.286    ","AYPC              ","RAGE              ","  
149 ","CIFS/SMB"," R Negotiate Protocol (to frame 12) Status= OK   Chosen Dialect
 Index=7" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 13 arrived at  12:59:02.3857; frame size is 149 (0095 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 135 bytes 
      IP: Identification  = 50914 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1C47 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590106 
      TCP: Next expected Seq number= 590201 
      TCP: Acknowledgment number   = 40005 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8034 
      TCP: Checksum                = 1A8D (correct) 
      TCP: No TCP options 
      TCP: [95 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 91 
      NETB: 
SMB: ----- SMB (CIFS) Negotiate Protocol Response header ----- 
      SMB: 
      SMB: Response to frame 12 
      SMB: SMB Constant 
      SMB: Command            = 72 (Negotiate Protocol) 
      SMB: Error Class        = 0 (Success) 
      SMB: Reserved(MBZ)      = 0 
      SMB: Status             = 0 (OK) 
      SMB: Flags = 98 
      SMB: 1... .... = Server Response 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock 
      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Negotiate Protocol Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 07000332000100041100000000010000000000FD43000070
200231859EC101C4FF08 
      SMB: Byte Count         = 22 
      SMB: Byte parameters    = F8F7053802B9C4435400410043005700450042000000 
      SMB: Selected Dialect index  = 7 
      SMB: Security mode = X3 
      SMB:     .... 0... = Security Signatures not required 
      SMB:     .... .0.. = Does not support Message Authentication protocol 
      SMB:     .... ..1. = Support Challenge response authentication 
      SMB:     .... ...1 = User level security 
      SMB: Max pending mpx requests= 50 
      SMB: Max virtual circuits    = 1 
      SMB: Max Buffer size         = 4356 
      SMB: Max Raw size            = 65536 
      SMB: Session key             = 00000000 
      SMB: Capabilities (LSW) = 43FD 
      SMB:  .1.. ....  .... .... = Supports Large Read&X requests 
      SMB:  ...0 ....  .... .... = Does not support Server DFS 
      SMB:  .... ..1.  .... .... = Supports NT Find 
      SMB:  .... ...1  .... .... = Supports Lock&Read, Write&Unlock 
      SMB:  .... ....  1... .... = Level II oplocks supported 
      SMB:  .... ....  .1.. .... = NT 32-bit status codes recognized 
      SMB:  .... ....  ..1. .... = Remote APIs via RPC supported 
      SMB:  .... ....  ...1 .... = NT 0.12 SMBs supported 
      SMB:  .... ....  .... 1... = Large files and 64 bit file offsets supported 
      SMB:  .... ....  .... .1.. = Unicode strings recognized 
      SMB:  .... ....  .... ..0. = Read/Write Block Multiplexed not supported 
      SMB:  .... ....  .... ...1 = Read/Write Block Raw supported 
      SMB: Capabilities (MSW) = 0000 
      SMB:  0... ....  .... .... = Does not support extended security validation 
      SMB:  .0.. ....  .... .... = Does not support compressed data transfer 
      SMB:  ..0. ....  .... .... = Does not support Bulk Read and Write 
      SMB: Universal Coordinated Time = 16-Jan-02 11:59:03 
      SMB: Minutes from UCT        = 65476 
      SMB: Encryption Key Length   = 8 
      SMB: Byte Count              = 22 
      SMB: Encryption Key          = F8F7053802B9C443 
      SMB: Server's Primary Domain = TACWEB 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 14 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    14","0.001.963    ","RAGE              ","AYPC              ","  
230 ","CIFS/SMB"," C Tree Connect AndX  Path=\\RAGE\IPC$, Service=IPC" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 14 arrived at  12:59:02.3877; frame size is 230 (00E6 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 216 bytes 
      IP: Identification  = 8449 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C1D7 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 40005 
      TCP: Next expected Seq number= 40181 
      TCP: Acknowledgment number   = 590201 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8181 
      TCP: Checksum                = B44C (correct) 
      TCP: No TCP options 
      TCP: [176 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 172 
      NETB: 
SMB: ----- SMB (CIFS) Setup Account AndX Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 73 (Setup Account AndX) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 8003 
      SMB:  1... ....  .... .... = STRING type is UNICODE 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 0000A9B9522B700714DC0000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Setup Account AndX Header ----- 
      SMB: 
      SMB: Word count         = 13 
      SMB: Parameter words    = 75008400041132000100000000000100000000000000D
4000000 
      SMB: Byte Count         = 71 
      SMB: Byte parameters    = 0000000000570069006E0064006F007700730020004E0
054002000310033003800310000000000570069006E0064006F007700730020004E0054002000
34002E00300000000000 
      SMB: AndX command       = 75 (Tree Connect AndX) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 0084 
      SMB: Max buffer size         = 4356 
      SMB: Max mux pending requests= 50 
      SMB: Number of VC's (0=0nly) = 1 
      SMB: Session Key             = 00000000 
      SMB: Case insensitive Password length = 1 
      SMB: Case sensitive Password length   = 0 
      SMB: Reserved(MBZ)           = 00000000 
      SMB: Capabilities (LSW) = 00D4 
      SMB:  .0.. ....  .... .... = Does not support Large Read&X requests 
      SMB:  ...0 ....  .... .... = Does not support Server DFS 
      SMB:  .... ..0.  .... .... = Does not support NT Find 
      SMB:  .... ...0  .... .... = Does not support Lock&Read, Write&Unlock
      SMB:  .... ....  1... .... = Level II oplocks supported 
      SMB:  .... ....  .1.. .... = NT 32-bit status codes recognized 
      SMB:  .... ....  ..0. .... = Remote APIs via RPC not supported 
      SMB:  .... ....  ...1 .... = NT 0.12 SMBs supported 
      SMB:  .... ....  .... 0... = Large files not supported 
      SMB:  .... ....  .... .1.. = Unicode strings recognized 
      SMB:  .... ....  .... ..0. = Read/Write Block Multiplexed not supported 
      SMB:  .... ....  .... ...0 = Read/Write Block Raw not supported 
      SMB: Capabilities (MSW) = 0000 
      SMB:  0... ....  .... .... = Does not support extended security validation 
      SMB:  .0.. ....  .... .... = Does not support compressed data transfer 
      SMB:  ..0. ....  .... .... = Does not support Bulk Read and Write 
      SMB: Byte Count              = 71 
      SMB: Case insensitive password = 00 
      SMB: Account name            = 
      SMB: Client's Primary Domain = 
      SMB: Client's native OS      = Windows NT 1381 
      SMB: CIFS 1.1 spec violation = 0 
      SMB: Client's LANMAN         = Windows NT 4.0 
      SMB: 
      SMB: ----- Tree Connect AndX Header ----- 
      SMB: 
      SMB: Word count         = 4 
      SMB: Parameter words    = FF00000000000100 
      SMB: Byte Count         = 29 
      SMB: Byte parameters    = 005C005C0052004100470045005C0049005000430024000
00049504300 
      SMB: AndX command       = FF (End of chain) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 0000 
      SMB: Additional information = 0000 
      SMB:   .... ....  .... ...0 = Don't disconnect Tid 
      SMB: Password length         = 1 
      SMB: Byte Count              = 29 
      SMB: Password                = 00 
      SMB: Path                    = \\RAGE\IPC$ 
      SMB: Service                 = IPC 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 15 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source       
     \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    15","0.000.406    ","AYPC              ","RAGE              "," 
 198 ","CIFS/SMB"," R Tree Connect AndX  Service=IPC ,Native File System=" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 15 arrived at  12:59:02.3881; frame size is 198 (00C6 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 184 bytes 
      IP: Identification  = 51170 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1B16 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590201 
      TCP: Next expected Seq number= 590345 
      TCP: Acknowledgment number   = 40181 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 7858 
      TCP: Checksum                = F7E6 (correct) 
      TCP: No TCP options 
      TCP: [144 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 140 
      NETB: 
SMB: ----- SMB (CIFS) Setup Account AndX Response header ----- 
      SMB: 
      SMB: Response to frame 14 
      SMB: SMB Constant 
      SMB: Command            = 73 (Setup Account AndX) 
      SMB: Error Class        = 0 (Success) 
      SMB: Reserved(MBZ)      = 0 
      SMB: Status             = 0 (OK) 
      SMB: Flags = 98 
      SMB: 1... .... = Server Response 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 8003 
      SMB:  1... ....  .... .... = STRING type is UNICODE 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 0000A9B9522B700714DC0000 
      SMB: Tree ID            = 0801 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0801 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Setup Account AndX Header ----- 
      SMB: 
      SMB: Word count         = 3 
      SMB: Parameter words    = 75007C000000 
      SMB: Byte Count         = 83 
      SMB: Byte parameters    = 00570069006E0064006F007700730020004E005400200
034002E00300000004E00540020004C0041004E0020004D0061006E0061006700650072002000
34002E00300000005400410043005700450042000000 
      SMB: AndX command       = 75 (Tree Connect AndX) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 007C 
      SMB: Request Mode = 0000 
      SMB:  .... ....  .... ...0 = Not logged in as 'Guest' 
      SMB: Byte Count              = 83 
      SMB: Server's Native OS      = Windows NT 4.0 
      SMB: Server's Native LAN Man = NT LAN Manager 4.0 
      SMB: Server's Primary Domain = TACWEB 
      SMB: 
      SMB: ----- Tree Connect AndX Header ----- 
      SMB: 
      SMB: Word count         = 3 
      SMB: Parameter words    = FF008C000100 
      SMB: Byte Count         = 7 
      SMB: Byte parameters    = 49504300000000 
      SMB: AndX command       = FF (End of chain) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 008C 
      SMB: Optional support = 0001 
      SMB:  .... ....  .... ..0. = Share not in DFS 
      SMB:  .... ....  .... ...1 = Support Search bits 
      SMB: Byte Count              = 7 
      SMB: Service                 = IPC 
      SMB: Native File system      = 
      SMB:

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 18801