コラボレーション : Cisco PIX 500 シリーズ セキュリティ アプライアンス

PIX の設定による、NT 共有フォルダへのリモート アクセスの許可

2016 年 10 月 27 日 - 機械翻訳について
その他のバージョン: PDFpdf | ライター翻訳版 (2003 年 3 月 13 日) | 英語版 (2015 年 8 月 22 日) | フィードバック


目次


概要

この文書では、Cisco Secure PIX Firewall を設定して、NT ドメインの共有フォルダに対して PIX Firewall 経由のアクセスを許可する方法を説明します。 Windows ネットワークを使用して、PIX 内部インターフェイス上にあるホストにアクセスできます。 同じ設定のドメインにログインすることも可能です。 この文書にある設定情報は、Windows NT ドメインだけを対象とし、Windows 2000 または Active Directory は含んでいません。

企業のセキュリティ方針に関して、管理者は、Windows ネットワーク トラフィックを許可することによるセキュリティ上の影響を見極める必要があります。

はじめに

表記法

ドキュメント表記の詳細は、『シスコ テクニカル ティップスの表記法』を参照してください。

前提条件

この文書は、Microsoft および Windows ネットワークの原理に関する知識を前提にしています。 詳細については、必要に応じて次の資料を参照してください。

このセクションでは、PIX を設定して、NT ドメイン上にある共有フォルダにユーザがアクセスしようとするときに、次のトラフィック フローを許可する方法を説明します。

  • 共有フォルダへのアクセスを試みる前:

    1. アクセスを試みる PC は、まず、送信元および送信先に UDP ポート 137 を使用して、NetBIOS ネーム サービスにより PC 自体を登録します。

    2. 送信元および送信先に UDP ポート 138 を使用して、Netlogon トラフィックにより、このドメインのドメイン コントローラを検索します。

  • フォルダにアクセスし、フォルダを閉じる間:

    1. 送信元 1024-65536/TCP および送信先 139/TCP を使用して、共有フォルダにアクセスするための Network Basic Input/Output System(NetBIOS)セッションを確立します。

    2. アクセスが完了したら、NetBIOS セッションを終了します。

使用するコンポーネント

他のハードウェアと PIX ソフトウェアの使用も可能ですが、この文書は、次の内容で開発およびテストされたものに基づいています。

  • Cisco PIX Firewall ソフトウェア リリース 6.1(1)

このドキュメントの情報は、特定のラボ環境にあるデバイスに基づいて作成されたものです。 このドキュメントで使用するすべてのデバイスは、クリアな(デフォルト)設定で作業を開始しています。 対象のネットワークが実稼働中である場合には、どのような作業についても、その潜在的な影響について確実に理解しておく必要があります。

PIX ソフトウェアの設定

このセクションでは、PIX を設定して、NT ドメイン上にある共有フォルダにユーザがアクセスしようとするときに、次のトラフィック フローを許可する方法を説明します。

ネットワーク図

このドキュメントでは次の図に示すネットワーク構成を使用しています。

/image/gif/paws/18801/pixnetbios-a.gif

この例には、2 台の内部ホストがあります。

  • 10.48.66.106 -この例の Primary Domain Controller (PDC)および Windows Naming Service (WINS)サーバ両方である RAGE。

  • 10.48.66.73 -共有するべきリソースまたはフォルダとのもう一つのホストである NPITRN。

ホスト AYPC は外部インターフェイス上にあり、IP アドレス 192.168.10.5 が付けられています。 この設定では、このマシンは、内部にあるドメインの一部です。 このことは、共有フォルダにアクセスするための要件ではありません。 これは、マシンがドメインに属していること、または信頼関係があることが要件になる、ドメイン ログインとは異なります。

ファイアウォールによるリソースへのアクセスかフォルダに関しては、どちらかの使用\ \ resource_name 入力する Universal Naming Convention (UNC)たとえばできます; Network Neighborhood アイコンをダブルクリックします。

この例では、2 インターフェイスの PIX を使用していますが、どんなインターフェイス数でも同じ考え方を適用できます。

WINS および PIX Firewall の設定

次のステップに従って、WINS および PIX Firewall を設定します。

  1. WINS を設定し、PIX なしでアクセス可能性を確認して下さい。 ((オプション

    WINS を NetBIOS 名前解決用に設定します(まだ行っていない場合)。

    この設定では、PDC と WINS が同じマシン上にあります。 これは、ネットワークによっては、異なる場合があります。 この設定でのドメイン名は TACWEB で、コンピュータ名は RAGE です。 このラボ環境の例では、RAGE または NPITRN、あるいはその両方にある共有フォルダにアクセスする試みを示しています。 PDC および WINS サーバ上の内部ホスト NPITRN にエントリがあります。

    方法のより多くの詳細は WINS を設定する Windows NT リソースキットの MS WINS サーバleavingcisco.com 章をで利用できます管理することWINS サーバがマルチホームである場合、IP アドレスすべてのための静的マッピングを設定し、PIX の適切な統計およびアクセス リストを設定する必要があります。 外部クライアントに WINS 名前解決を設定済みであることを確認してください。

  2. 適切な統計およびコンジット/アクセス リストで PIXファイアウォールを設定して下さい(NAT なしで)。

    設定がネットワーク アドレス変換(NAT)を含む場合、下記のステップ 3 を参照して下さい。 ここでは、PIX 設定のうち、関連する部分だけを示します。 基本的な PIX 設定の詳細については、関連情報のセクションを参照してください。 Windows ネットワークでは、フォルダのアクセスに必要な各種の NetBIOS サービスのために、UDP ポート 137、UDP ポート 138 および TCP 139 を使用します。

    この資料はバージョン 5.0.1 でもたらされた PIX access-list 構文を使用します; コンジットもアクセス リストと共に、ない使用されるかもしれません。

    より低いセキュリティインターフェイスから高い安全性 インターフェイスにトラフィックを許可するために、PIX のアクセス リストを定義して下さい。

    pixfirewall(config)# access-list msnet permit tcp any h 10.48.66.106 eq 139 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.106 eq 138 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.106 eq 137 
    pixfirewall(config)# access-list msnet permit tcp any h 10.48.66.73 eq 139 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.73 eq 138 
    pixfirewall(config)# access-list msnet permit udp any h 10.48.66.73 eq 137 
    
    
    pixfirewall(config)# show access-list 
    access-list msnet permit tcp any host 10.48.66.73 eq 139 (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.73 eq netbios-dgm (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.73 eq netbios-ns (hitcnt=0) 
    access-list msnet permit tcp any host 10.48.66.106 eq 139 (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.106 eq netbios-dgm (hitcnt=0) 
    access-list msnet permit udp any host 10.48.66.106 eq netbios-ns (hitcnt=0)

    PIX がポート番号を一般的なサービス名に置き換えていることが分かります。 上に示すように、リモートからアクセスする内部の各ホストについて、Windows NetBIOS サービスのために PIX を開く必要があります。 例外は、ネットワーク staticを定義する場合です。これを定義すると、内部ネットワーク上のすべてのホストが含まれ、サブネット全体へのアクセスが許可されます。

    静的な IP 割り当てを持つ必要にリモートアクセスしてによってほしく、ダイナミック ホスト コンフィギュレーション プロトコルを使用しないことができるすべてのリソース。 static を適切に設定し、確認してください。

    pixfirewall(config)# show stat 
    static (inside,outside) 10.48.66.106 10.48.66.106 netmask 255.255.255.255 0 0 
    static (inside,outside) 10.48.66.73 10.48.66.73 netmask 255.255.255.255 0 0
  3. NAT で PIXファイアウォールを設定して下さい。 (もし必要なら)

    このセクションは含まれる NAT の PIX コンフィギュレーションにだけ適用します。 NAT を使用していない場合、上のステップ 1 および ステップ 2 を完了したことを確認してから、「PIX Firewall 経由のアクセス確認」に進んでください。

    NAT を使用している場合は、次の 2 つの事項を考慮してください。

    • 変換後アドレスおよび内部 IP アドレスの両方を WINS クライアントに返すことができるように、WINS サーバを設定します。 これを行うには、WINS マネージャの Add Static Mappings ダイアログ ボックス内の Type オプションとして、Internet Group を選択します。 ユーザ定義の Internet Group オプションを使用すると、1 つの名前に 25 までのアドレスを指定できます。

      WINS クライアントが WINS サーバとの NetBIOS 名前解決を行うとき、WINS は両方のアドレスを返し、クライアントは該当するリソースとの NetBIOS セッションを確立できます。

    • PIX 設定は適切なアクセス リストおよび静的アドレスを反映する必要があります。 たとえば、同じ設定に NAT を使用している場合の設定は、次のとおりです。

      static (inside,outside) 192.168.10.50 10.48.66.106 netmask 255.255.255.255 0 0 
      static (inside,outside) 192.168.10.60 10.48.66.73 netmask 255.255.255.255 0 0 
      access-list msnet permit tcp any host 192.168.10.50 eq 139 
      access-list msnet permit udp any host 192.168.10.50 eq netbios-dgm 
      access-list msnet permit udp any host 192.168.10.50 eq netbios-ns 
      access-list msnet permit tcp any host 192.168.10.60 eq 139 
      access-list msnet permit udp any host 192.168.10.60 eq netbios-dgm 
      access-list msnet permit udp any host 192.168.10.60 eq netbios-ns 
      access-list msnet permit icmp any any 
      access-group msnet in interface outside

確認

PIX ファイアウォール経由でのアクセスの検証

次のステップに従って、PIX Firewall 経由でアクセスできることを確認します。

確認のステップに進む前に、基本的な IP 接続が原因で発生する問題を回避するために、内部リソース(この例では、RAGE ホストおよび NPITRN ホスト)に対して ping 可能であることを確認してください。 アクセス リストを設定できますまたはセキュリティポリシーが割り当て pingトラフィック場合割り当て PING およびそれ以降へのコンジットはそれを取除きます。

  1. PIX Firewall のデバッグをオンにし、パケット フローを調べます。

    pixfirewall(config)# logging on 
    pixfirewall(config)# logging console debug
    
  2. show logging コマンドを使用して、設定を確認します。

    pixfirewall(config)# show logging
    <snip>
       Console logging: level debugging, 25 messages logged 
    <snip>
    
    pixfirewall(config)# show xlate 
    0 in use, 45 most used 
    
  3. PC をリブートし、UNC を使用してリソースへのアクセスを試みます。 リモートコンピュータで、> 検索コンピュータ 『Start』 を選択 し、アクセスしたいと思うリソースの名前を入力して下さい。 この例では、このリソースは NPITRN です。

  4. 外部の PC(この例では AYPC)をリブートします。 AYPC がブートする間、PIX 上に次のデバッグが表示されます。 これは予期されていることで、上で説明したパケット フローの概要の一部です。

    pixfirewall(config)# 
    609001: Built local-host inside:10.48.66.106 
    305002: Translation built for gaddr 10.48.66.106 to laddr 10.48.66.106 
    302005: Built UDP connection for faddr 192.168.10.5/137 gaddr 10.48.66.106/137 
    laddr 10.48.66.106/137 
    302005: Built UDP connection for faddr 192.168.10.5/138 gaddr 10.48.66.106/138 
    laddr 10.48.66.106/138 
    302001: Built inbound TCP connection 420 for faddr 192.168.10.5/1027 
    gaddr 10.48.66.106/139 laddr 10.48.66.106/139 
    302001: Built inbound TCP connection 421 for faddr 192.168.10.5/1032 
    gaddr 10.48.66.106/139 laddr 10.48.66.106/139 
    pixfirewall(config)# 302006: Teardown UDP connection for faddr 192.168.10.5/138 
    gaddr 10.48.66.106/138 laddr 10.48.66.106/138 
    pixfirewall(config)#show xlate 
    1 in use, 45 most used 
    Global 10.48.66.106 Local 10.48.66.106 static 
    pixfirewall(config)# show conn 
    3 in use, 12 most used 
    TCP out 192.168.10.5:1027 in 10.48.66.106:139 idle 0:01:41 Bytes 23514 
    flags UIOB 
    TCP out 192.168.10.5:1032 in 10.48.66.106:139 idle 0:02:29 Bytes 1302 
    flags UIOB 
    UDP out 192.168.10.5:137 in 10.48.66.106:137 idle 0:00:56 flags

トラブルシューティング手順

トラブルシューティングの情報およびスニファ トレースの例

次の情報は、設定のトラブルシューティングと理解に役立ちます。

Microsoft ネットワークは、Windows のファイル共有と印刷サービスのために Server Message Block(SMB)プロトコルを使用します。 SMB への紹介に関しては、SMB はちょうどであるか何参照して下さいか。leavingcisco.com を探します。

受け取ればネットワーク 経路は\ \ resource_name を使用してフォルダにアクセスするように試みるとき見つけられなかったエラーメッセージ ダイアログではなかったです:

  • WINS サーバが、NetBIOS 名を解決しようとするクライアントの要求に応答していない可能性があります。 これが生じると、クライアントは再試行しますが、応答がない場合、ローカル セグメントに対してブロードキャストを実行します。 PIX はブロードキャストをブロックするため(これは変更できません)、名前解決が失敗します。 この結果、上のエラー メッセージが表示されます。

    この問題を解決するには、WINS サーバが応答しない原因を調べ、WINS サーバを修正します。 スニファ トレースを捕捉して、WINS が応答しているか、パケットがクライアント側へ返されているかを調べてください。 パケットがクライアントに到達するように、問題を修復します。

WINS サーバがマルチホームである場合、WINS マネージャの静的マッピングを確認し、スタティックおよびアクセス リストが含まれるすべての IP アドレスのためにあることを確認して下さい。

次に、実動接続の 15 フレームに関するスニファ トレースの例を示します。 同様の問題でトラブルシューティングを行うときの、ベースライン トレースとして使用してください。

  • フレーム 1 ~ 6 は、クライアントと WINS サーバの間で行われる名前登録のプロセスを示しています。

  • フレーム 7 ~ 8 は、クライアントと WINS サーバの間の NetLogon プロセス(クライアントが DC を探す)を示しています。

  • フレーム 9 ~ 11 は TCP セッションの確立を示しています。

  • フレーム 12 ~ 13 は NetBIOS セッションの確立を示しています。

  • フレーム 14 ~ 15 は、SMB ネゴシエーションの開始と、ユーザがリソースのアクセスを完了したときにプロセスがどのように継続および終了するかを示しています。

    スペースに制限があるため、このスニファ トレースは、画面に収まるように編集されています。

- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source           
 \",\"Bytes\",\"Protocol  \",\"Summary\" 
"    M ","     1","0.000.000    ","RAGE              ","AYPC              ","   
92 ","WINS"," C ID=32860 OP=QUERY NAME=TACWEB<1C>" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 1 arrived at  12:58:27.6668; frame size is 92 (005C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 78 bytes 
      IP: Identification  = 5889 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 0C57 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 58 
      UDP: Checksum         = 0F61 (correct) 
      UDP: [50 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32860 
      WINS: Flags = 01 
      WINS: 0... .... = Command 
      WINS: .000 0...   = Query 
      WINS: .... ..0. = Not truncated 
      WINS: .... ...1 = Recursion desired 
      WINS: Flags = 0X 
      WINS: ...0 .... = Non Verified data NOT acceptable 
      WINS: Question count = 1, Answer count = 0 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Question section: 
      WINS:     Name = TACWEB<1C>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS: 
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source         
   \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     2","0.000.582    ","AYPC              ","RAGE              "," 
 110 ","WINS"," R ID=32860 STAT=OK " 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 2 arrived at  12:58:27.6674; frame size is 110 (006E hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 96 bytes 
      IP: Identification  = 49634 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 6163 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 76 
      UDP: Checksum         = A5AB (correct) 
      UDP: [68 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32860 
      WINS: Flags = 85 
      WINS: 1... .... = Response 
      WINS: .... .1.. = Authoritative answer 
      WINS: .000 0...   = Query 
      WINS: .... ..0. = Not truncated 
      WINS: Flags = 8X 
      WINS: ..0. .... = Data NOT verified 
      WINS: 1... .... = Recursion available 
      WINS: Response code = OK (0) 
      WINS: ...0 .... = Unicast packet 
      WINS: Question count = 0, Answer count = 1 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Answer section: 
      WINS:     Name = TACWEB<1C>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 0 (seconds) 
      WINS:     Length = 12 
      WINS: Node flags = 80 
      WINS:  1... .... = Group NetBIOS name 
      WINS:  .00. ....   = B-type node 
      WINS: Node address = [10.48.66.106], RAGE 
      WINS: Node flags = 80 
      WINS:  1... .... = Group NetBIOS name 
      WINS:  .00. ....   = B-type node 
      WINS: Node address = [144.254.7.107] 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 3 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source            
\",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     3","0.002.317    ","RAGE              ","AYPC              ","  308 
","NETLOGON"," SAM LOGON Request from client" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 3 arrived at  12:58:27.6697; frame size is 308 (0134 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 294 bytes 
      IP: Identification  = 6401 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 097F (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 138 (NetBIOS-dgm) 
      UDP: Destination port = 138 (NetBIOS-dgm) 
      UDP: Length           = 274 
      UDP: Checksum         = 627C (correct) 
      UDP: [266 byte(s) of data] 
      UDP: 
NETB: ----- NetBIOS Datagram protocol ----- 
      NETB: 
      NETB: Type = 17 (Direct_group datagram) 
      NETB: Flags = 1A 
      NETB: .... ..1. = First packet 
      NETB: .... ...0 = No more to follow 
      NETB: Datagram ID = 805A 
      NETB: Source node = [192.168.10.5], AYPC 
      NETB: Port = 138 
      NETB: Total datagram length (including names) = 252 
      NETB: Packet offset = 0 
      NETB:      Source NetBIOS name = AYPC<00>  
      NETB: Destination NetBIOS name = TACWEB<1C>  
      NETB: Total datagram length (excluding names) = 184 
      NETB: 
SMB: ----- SMB (CIFS) Transaction Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 25 (Transaction) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Transaction Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 00005C000200000000000200FFFFFFFF000000005C005C005C0
00300010000000200 
      SMB: Byte Count         = 115 
      SMB: Byte parameters    = 5C4D41494C534C4F545C4E45545C4E544C4F474F4E000012000
000410059005000430000004100590050004300240000005C4D41494C534C4F545C4E45545C47455444
43303432008000000018000000000000010400000000000515000000221A8324C44B14687144060B010
00000... 
      SMB: Total parameter bytes being sent = 0 
      SMB: Total data bytes being sent      = 92 
      SMB: Max number of parameter bytes to return  = 2 
      SMB: Max number of data bytes to return       = 0 
      SMB: Max number of Setup words to return      = 0 
      SMB: Reserved(MBZ)                            = 00 
      SMB: Additional information                   = 0002 
      SMB:  ........ ......1. = One way transaction 
      SMB:  ........ .......0 = Preserve TID 
      SMB: Timeout to completion                    = Indefinite wait 
      SMB: Reserved(MBZ)                            = 0000 
      SMB: Number of parameter bytes in this buffer = 0 
      SMB: Offset from header to parameter bytes    = 92 
      SMB: Number of data bytes in this buffer = 92 
      SMB: Offset from header to data bytes    = 92 
      SMB: Setup word count = 3 
      SMB: Reserved(MBZ)    = 00 
      SMB: Setup words      = 010000000200 
      SMB: Byte Count                      = 115 
      SMB: Transaction name = \MAILSLOT\NET\NTLOGON 
      SMB: Data bytes       = 120000004100590050004300000041005900500043002400000
05C4D41494C534C4F545C4E45545C4745544443303432008000000018000000000000010400000000
000515000000221A8324C44B14687144060B01000000FFFFFFFF 
      SMB: 
SMBMSP: ----- SMB MAILSLOTS Protocol ----- 
      SMBMSP: 
      SMBMSP: Op code = 1 (Write mail slot) 
      SMBMSP: Priority of transaction = 0 
      SMBMSP: Class of service = 2 (Unreliable & broadcast) 
      SMBMSP: Total size of mail data = 115 
      SMBMSP: MAILSLOT = "\MAILSLOT\NET\NTLOGON" 
      SMBMSP: 
NETLOGON: ----- SMB NETLOGON Protocol ----- 
      NETLOGON: 
      NETLOGON: NETLOGON Command      =  12  (SAM LOGON Request from client) 
      NETLOGON: Request Count         = 0 (0x0000) 
      NETLOGON: Unicode Computer Name = AYPC 
      NETLOGON: Unicode User Name     = AYPC$ 
      NETLOGON: MailSlot Name         = "\MAILSLOT\NET\GETDC042" 
      NETLOGON: Allowable Account control bits  = 00000080 
      NETLOGON:  ........ ........  .....0.. ........ = User account not 
auto-locked 
      NETLOGON:  ........ ........  ......0. ........ = User Password will 
expire 
      NETLOGON:  ........ ........  .......0 ........ = Not a Server Trust 
user account 
      NETLOGON:  ........ ........  ........ 1....... = Workstation Trust 
user account 
      NETLOGON:  ........ ........  ........ .0...... = Not an Inter-domain 
Trust user account 
      NETLOGON:  ........ ........  ........ ..0..... = Not a MNS Logon user 
account 
      NETLOGON:  ........ ........  ........ ...0.... = Not a normal user 
account 
      NETLOGON:  ........ ........  ........ ....0... = Not a temp duplicate 
user account 
      NETLOGON:  ........ ........  ........ .....0.. = User password required 
      NETLOGON:  ........ ........  ........ ......0. = User Home directory not 
required 
      NETLOGON:  ........ ........  ........ .......0 = User account enabled 
      NETLOGON: Domain SID Size       = 24 (0x00000018) 
      NETLOGON: SID                   = 000000010400000000000515000000221A8324
C44B146871 
      NETLOGON:
- - - - - - - - - - - - - - - - - - - - Frame 4 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source       
     \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     4","0.000.900    ","AYPC              ","RAGE              "," 
 266 ","NETLOGON"," SAM Response to SAM LOGON Request" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 4 arrived at  12:58:27.6706; frame size is 266 (010A hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 252 bytes 
      IP: Identification  = 49890 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 5FC7 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 138 (NetBIOS-dgm) 
      UDP: Destination port = 138 (NetBIOS-dgm) 
      UDP: Length           = 232 
      UDP: Checksum         = D678 (correct) 
      UDP: [224 byte(s) of data] 
      UDP: 
NETB: ----- NetBIOS Datagram protocol ----- 
      NETB: 
      NETB: Type = 16 (Direct_unique datagram) 
      NETB: Flags = 1A 
      NETB: .... ..1. = First packet 
      NETB: .... ...0 = No more to follow 
      NETB: Datagram ID = 8FEE 
      NETB: Source node = [10.48.66.106], RAGE 
      NETB: Port = 138 
      NETB: Total datagram length (including names) = 210 
      NETB: Packet offset = 0 
      NETB:      Source NetBIOS name = RAGE<00>  
      NETB: Destination NetBIOS name = AYPC<00>  
      NETB: Total datagram length (excluding names) = 142 
      NETB: 
SMB: ----- SMB (CIFS) Transaction Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 25 (Transaction) 
      SMB: Reserved           = 0 
      SMB: Flags = 00 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...0 .... = Pathnames are not in canonicalized format 
      SMB: .... 0... = Pathnames are case sensitive 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 0000 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..0. = Client does not support extended attributes 
      SMB:  .... ....  .... ...0 = Client does not support Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = 0000 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Transaction Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 000032000000000000000000E80300000000000000003200
5C000300010001000200 
      SMB: Byte Count         = 73 
      SMB: Byte parameters    = 5C4D41494C534C4F545C4E45545C47455444433034320013
005C005C005200410047004500000041005900500043002400000054004100430057004500420000
0001000000FFFFFFFF 
      SMB: Total parameter bytes being sent = 0 
      SMB: Total data bytes being sent      = 50 
      SMB: Max number of parameter bytes to return  = 0 
      SMB: Max number of data bytes to return       = 0 
      SMB: Max number of Setup words to return      = 0 
      SMB: Reserved(MBZ)                            = 00 
      SMB: Additional information                   = 0000 
      SMB:  ........ ......0. = Two way transaction 
      SMB:  ........ .......0 = Preserve TID 
      SMB: Timeout to completion                    = 1000 (Milliseconds) 
00:00:01.0(HH:MM:SS.MS) 
      SMB: Reserved(MBZ)                            = 0000 
      SMB: Number of parameter bytes in this buffer = 0 
      SMB: Offset from header to parameter bytes    = 0 
      SMB: Number of data bytes in this buffer = 50 
      SMB: Offset from header to data bytes    = 92 
      SMB: Setup word count = 3 
      SMB: Reserved(MBZ)    = 00 
      SMB: Setup words      = 010001000200 
      SMB: Byte Count                      = 73 
      SMB: Transaction name = \MAILSLOT\NET\GETDC042 
      SMB: Data bytes       = 13005C005C0052004100470045000000410059005000430
024000000540041004300570045004200000001000000FFFFFFFF 
      SMB: 
SMBMSP: ----- SMB MAILSLOTS Protocol ----- 
      SMBMSP: 
      SMBMSP: Op code = 1 (Write mail slot) 
      SMBMSP: Priority of transaction = 1 
      SMBMSP: Class of service = 2 (Unreliable & broadcast) 
      SMBMSP: Total size of mail data = 73 
      SMBMSP: MAILSLOT = "\MAILSLOT\NET\GETDC042" 
      SMBMSP: 
NETLOGON: ----- SMB NETLOGON Protocol ----- 
      NETLOGON: 
      NETLOGON: NETLOGON Command      =  13  (SAM Response to SAM LOGON Request) 
      NETLOGON: Unicode Logon Server = \\RAGE 
      NETLOGON: Unicode User Name    = AYPC$ 
      NETLOGON: Unicode Domain Name  = TACWEB 
      NETLOGON: NT Version        = 1 (0x00000001) 
      NETLOGON: LMNT Token        = 0xFFFF 
      NETLOGON: LM20 Token        = 0xFFFF (Lan Manager 2.0 or higher) 
      NETLOGON: 

- - - - - - - - - - - - - - - - - - - - Frame 5 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source         
   \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     5","1.755.851    ","RAGE              ","AYPC              "," 
 110 ","WINS"," C ID=32862 OP=REGISTER NAME=ADMINISTRATOR<03>" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 5 arrived at  12:58:29.4265; frame size is 110 (006E hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 96 bytes 
      IP: Identification  = 6913 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 0845 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 76 
      UDP: Checksum         = 3663 (correct) 
      UDP: [68 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32862 
      WINS: Flags = 29 
      WINS: 0... .... = Command 
      WINS: .010 1...   = Registration 
      WINS: .... ..0. = Not truncated 
      WINS: .... ...1 = Recursion desired 
      WINS: Flags = 0X 
      WINS: ...0 .... = Non Verified data NOT acceptable 
      WINS: Question count = 1, Answer count = 0 
      WINS: Authority count = 0, Additional record count = 1 
      WINS: 
      WINS: Question section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS: 
      WINS: Additional record section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 300000 (seconds) 
      WINS:     Length = 6 
      WINS: Node flags = 60 
      WINS:  0... .... = Unique NetBIOS name 
      WINS:  .11. ....   = H-type node 
      WINS: Node address = [192.168.10.5], AYPC 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 6 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source      
      \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     6","0.001.987    ","AYPC              ","RAGE              ","
  104 ","WINS"," R ID=32862 STAT=OK " 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 6 arrived at  12:58:29.4285; frame size is 104 (0068 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 90 bytes 
      IP: Identification  = 50146 
      IP: Flags           = 0X 
      IP:       .0.. .... = may fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 17 (UDP) 
      IP: Header checksum = 5F69 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
UDP: ----- UDP Header ----- 
      UDP: 
      UDP: Source port      = 137 (NetBIOS-ns) 
      UDP: Destination port = 137 (NetBIOS-ns) 
      UDP: Length           = 70 
      UDP: Checksum         = 1CFA (correct) 
      UDP: [62 byte(s) of data] 
      UDP: 
WINS: ----- WINS Name Service header ----- 
      WINS: 
      WINS: ID = 32862 
      WINS: Flags = AD 
      WINS: 1... .... = Response 
      WINS: .... .1.. = Authoritative answer 
      WINS: .010 1...   = Registration 
      WINS: .... ..0. = Not truncated 
      WINS: Flags = 8X 
      WINS: ..0. .... = Data NOT verified 
      WINS: 1... .... = Recursion available 
      WINS: Response code = OK (0) 
      WINS: ...0 .... = Unicast packet 
      WINS: Question count = 0, Answer count = 1 
      WINS: Authority count = 0, Additional record count = 0 
      WINS: 
      WINS: Answer section: 
      WINS:     Name = ADMINISTRATOR<03>  
      WINS:     Type = NetBIOS name service (WINS) (NetBIOS name,32) 
      WINS:     Class = Internet (IN,1) 
      WINS:     Time-to-live = 518400 (seconds) 
      WINS:     Length = 6 
      WINS: Node flags = 60 
      WINS:  0... .... = Unique NetBIOS name 
      WINS:  .11. ....   = H-type node 
      WINS: Node address = [192.168.10.5], AYPC 
      WINS: 

- - - - - - - - - - - - - - - - - - - - Frame 7 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source     
       \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     7","32.953.258   ","RAGE              ","AYPC              ","
   60 ","TCP"," D=139 S=1037 SYN SEQ=39758 LEN=0 WIN=8192" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 7 arrived at  12:59:02.3817; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 7425 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C683 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Initial sequence number = 39758 
      TCP: Next expected Seq number= 39759 
      TCP: Data offset             = 24 bytes 
      TCP: Flags                   = 02 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...0 .... = (No acknowledgment) 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..1. = SYN 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8192 
      TCP: Checksum                = 756A (correct) 
      TCP: 
      TCP: Options follow 
      TCP: Maximum segment size = 1380 
      TCP: 

 - - - - - - - - - - - - - - - - - - - - Frame 8 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     8","0.000.138    ","AYPC              ","RAGE              ","  
 60 ","TCP"," D=1037 S=139 SYN ACK=39759 SEQ=590101 LEN=0 WIN=8280" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 8 arrived at  12:59:02.3819; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 50402 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1EA2 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Initial sequence number = 590101 
      TCP: Next expected Seq number= 590102 
      TCP: Acknowledgment number   = 39759 
      TCP: Data offset             = 24 bytes 
      TCP: Flags                   = 12 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..1. = SYN 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = BF71 (correct) 
      TCP: 
      TCP: Options follow 
      TCP: Maximum segment size = 1460 
      TCP: 

- - - - - - - - - - - - - - - - - - - - Frame 9 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","     9","0.001.778    ","RAGE              ","AYPC              "," 
  60 ","TCP"," D=139 S=1037     ACK=590102 WIN=8280" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 9 arrived at  12:59:02.3836; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 40 bytes 
      IP: Identification  = 7681 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C587 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 39759 
      TCP: Next expected Seq number= 39759 
      TCP: Acknowledgment number   = 590102 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 10 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 0... = (No push) 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = D72E (correct) 
      TCP: No TCP options 
      TCP: 

- - - - - - - - - - - - - - - - - - - - Frame 10 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    10","0.000.222    ","RAGE              ","AYPC              "," 
 126 ","NETB"," D=RAGE<20> S=AYPC<00> Session request" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 10 arrived at  12:59:02.3839; frame size is 126 (007E hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 112 bytes 
      IP: Identification  = 7937 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C43F (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number        = 39759 
      TCP: Next expected Seq number= 39831 
      TCP: Acknowledgment number   = 590102 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8280 
      TCP: Checksum                = D120 (correct) 
      TCP: No TCP options 
      TCP: [72 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 81 (Session request) 
      NETB: Flags = 00 
      NETB: Total session packet length = 68 
      NETB:  Called NetBIOS name = RAGE<20> <server service>
NETB: Calling NetBIOS name = AYPC<00>
      NETB: 

- - - - - - - - - - - - - - - - - - - - Frame 11 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    11","0.000.125    ","AYPC              ","RAGE              ","  
 60 ","NETB"," Session confirm" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 11 arrived at  12:59:02.3840; frame size is 60 (003C hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 44 bytes 
      IP: Identification  = 50658 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1DA2 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590102 
      TCP: Next expected Seq number= 590106 
      TCP: Acknowledgment number   = 39831 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8208 
      TCP: Checksum                = 5522 (correct) 
      TCP: No TCP options 
      TCP: [4 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 82 (Positive response) 
      NETB: Flags = 00 
      NETB: Total session packet length = 0 
      NETB: 

- - - - - - - - - - - - - - - - - - - - Frame 12 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    12","0.001.427    ","RAGE              ","AYPC              ","  
228 ","CIFS/SMB"," C Negotiate Protocol Max Dialect Index=7" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 12 arrived at  12:59:02.3854; frame size is 228 (00E4 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 214 bytes 
      IP: Identification  = 8193 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C2D9 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 39831 
      TCP: Next expected Seq number= 40005 
      TCP: Acknowledgment number   = 590106 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8276 
      TCP: Checksum                = DE16 (correct) 
      TCP: No TCP options 
      TCP: [174 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 170 
      NETB: 
SMB: ----- SMB (CIFS) Negotiate Protocol Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 72 (Negotiate Protocol) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Negotiate Protocol Header ----- 
      SMB: 
      SMB: Word count         = 0 
      SMB: Byte Count         = 135 
      SMB: Byte parameters    = 025043204E4554574F524B2050524F4752414D20312E300
00258454E495820434F524500024D4943524F534F4654204E4554574F524B5320312E303300024C
414E4D414E312E30000257696E646F777320666F7220576F726B67726F75707320332E316100024
C4D312E3258303032... 
      SMB: Offered Dialects: 
      SMB:     0 = PC NETWORK PROGRAM 1.0 
      SMB:     1 = XENIX CORE 
      SMB:     2 = MICROSOFT NETWORKS 1.03 
      SMB:     3 = LANMAN1.0 
      SMB:     4 = Windows for Workgroups 3.1a 
      SMB:     5 = LM1.2X002 
      SMB:     6 = LANMAN2.1 
      SMB:     7 = NT LM 0.12 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 13 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    13","0.000.286    ","AYPC              ","RAGE              ","  
149 ","CIFS/SMB"," R Negotiate Protocol (to frame 12) Status= OK   Chosen Dialect
 Index=7" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 13 arrived at  12:59:02.3857; frame size is 149 (0095 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 135 bytes 
      IP: Identification  = 50914 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1C47 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590106 
      TCP: Next expected Seq number= 590201 
      TCP: Acknowledgment number   = 40005 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8034 
      TCP: Checksum                = 1A8D (correct) 
      TCP: No TCP options 
      TCP: [95 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 91 
      NETB: 
SMB: ----- SMB (CIFS) Negotiate Protocol Response header ----- 
      SMB: 
      SMB: Response to frame 12 
      SMB: SMB Constant 
      SMB: Command            = 72 (Negotiate Protocol) 
      SMB: Error Class        = 0 (Success) 
      SMB: Reserved(MBZ)      = 0 
      SMB: Status             = 0 (OK) 
      SMB: Flags = 98 
      SMB: 1... .... = Server Response 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock 
      SMB: Flags2 = 0003 
      SMB:  0... ....  .... .... = STRING type is ASCIIZ 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 000000000000000000000000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Negotiate Protocol Header ----- 
      SMB: 
      SMB: Word count         = 17 
      SMB: Parameter words    = 07000332000100041100000000010000000000FD43000070
200231859EC101C4FF08 
      SMB: Byte Count         = 22 
      SMB: Byte parameters    = F8F7053802B9C4435400410043005700450042000000 
      SMB: Selected Dialect index  = 7 
      SMB: Security mode = X3 
      SMB:     .... 0... = Security Signatures not required 
      SMB:     .... .0.. = Does not support Message Authentication protocol 
      SMB:     .... ..1. = Support Challenge response authentication 
      SMB:     .... ...1 = User level security 
      SMB: Max pending mpx requests= 50 
      SMB: Max virtual circuits    = 1 
      SMB: Max Buffer size         = 4356 
      SMB: Max Raw size            = 65536 
      SMB: Session key             = 00000000 
      SMB: Capabilities (LSW) = 43FD 
      SMB:  .1.. ....  .... .... = Supports Large Read&X requests 
      SMB:  ...0 ....  .... .... = Does not support Server DFS 
      SMB:  .... ..1.  .... .... = Supports NT Find 
      SMB:  .... ...1  .... .... = Supports Lock&Read, Write&Unlock 
      SMB:  .... ....  1... .... = Level II oplocks supported 
      SMB:  .... ....  .1.. .... = NT 32-bit status codes recognized 
      SMB:  .... ....  ..1. .... = Remote APIs via RPC supported 
      SMB:  .... ....  ...1 .... = NT 0.12 SMBs supported 
      SMB:  .... ....  .... 1... = Large files and 64 bit file offsets supported 
      SMB:  .... ....  .... .1.. = Unicode strings recognized 
      SMB:  .... ....  .... ..0. = Read/Write Block Multiplexed not supported 
      SMB:  .... ....  .... ...1 = Read/Write Block Raw supported 
      SMB: Capabilities (MSW) = 0000 
      SMB:  0... ....  .... .... = Does not support extended security validation 
      SMB:  .0.. ....  .... .... = Does not support compressed data transfer 
      SMB:  ..0. ....  .... .... = Does not support Bulk Read and Write 
      SMB: Universal Coordinated Time = 16-Jan-02 11:59:03 
      SMB: Minutes from UCT        = 65476 
      SMB: Encryption Key Length   = 8 
      SMB: Byte Count              = 22 
      SMB: Encryption Key          = F8F7053802B9C443 
      SMB: Server's Primary Domain = TACWEB 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 14 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source        
    \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    14","0.001.963    ","RAGE              ","AYPC              ","  
230 ","CIFS/SMB"," C Tree Connect AndX  Path=\\RAGE\IPC$, Service=IPC" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 14 arrived at  12:59:02.3877; frame size is 230 (00E6 hex) bytes. 
      DLC:  Destination = Station 001083027B34 
      DLC:  Source      = Station 005054FEEA31 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 216 bytes 
      IP: Identification  = 8449 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = C1D7 (correct) 
      IP: Source address      = [192.168.10.5], AYPC 
      IP: Destination address = [10.48.66.106], RAGE 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 1037 
      TCP: Destination port        = 139 (NetBIOS-ssn) 
      TCP: Sequence number         = 40005 
      TCP: Next expected Seq number= 40181 
      TCP: Acknowledgment number   = 590201 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 8181 
      TCP: Checksum                = B44C (correct) 
      TCP: No TCP options 
      TCP: [176 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 172 
      NETB: 
SMB: ----- SMB (CIFS) Setup Account AndX Command header ----- 
      SMB: 
      SMB: SMB Constant 
      SMB: Command            = 73 (Setup Account AndX) 
      SMB: Reserved           = 0 
      SMB: Flags = 18 
      SMB: 0... .... = Client Command 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 8003 
      SMB:  1... ....  .... .... = STRING type is UNICODE 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 0000A9B9522B700714DC0000 
      SMB: Tree ID            = 0000 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0000 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Setup Account AndX Header ----- 
      SMB: 
      SMB: Word count         = 13 
      SMB: Parameter words    = 75008400041132000100000000000100000000000000D
4000000 
      SMB: Byte Count         = 71 
      SMB: Byte parameters    = 0000000000570069006E0064006F007700730020004E0
054002000310033003800310000000000570069006E0064006F007700730020004E0054002000
34002E00300000000000 
      SMB: AndX command       = 75 (Tree Connect AndX) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 0084 
      SMB: Max buffer size         = 4356 
      SMB: Max mux pending requests= 50 
      SMB: Number of VC's (0=0nly) = 1 
      SMB: Session Key             = 00000000 
      SMB: Case insensitive Password length = 1 
      SMB: Case sensitive Password length   = 0 
      SMB: Reserved(MBZ)           = 00000000 
      SMB: Capabilities (LSW) = 00D4 
      SMB:  .0.. ....  .... .... = Does not support Large Read&X requests 
      SMB:  ...0 ....  .... .... = Does not support Server DFS 
      SMB:  .... ..0.  .... .... = Does not support NT Find 
      SMB:  .... ...0  .... .... = Does not support Lock&Read, Write&Unlock
      SMB:  .... ....  1... .... = Level II oplocks supported 
      SMB:  .... ....  .1.. .... = NT 32-bit status codes recognized 
      SMB:  .... ....  ..0. .... = Remote APIs via RPC not supported 
      SMB:  .... ....  ...1 .... = NT 0.12 SMBs supported 
      SMB:  .... ....  .... 0... = Large files not supported 
      SMB:  .... ....  .... .1.. = Unicode strings recognized 
      SMB:  .... ....  .... ..0. = Read/Write Block Multiplexed not supported 
      SMB:  .... ....  .... ...0 = Read/Write Block Raw not supported 
      SMB: Capabilities (MSW) = 0000 
      SMB:  0... ....  .... .... = Does not support extended security validation 
      SMB:  .0.. ....  .... .... = Does not support compressed data transfer 
      SMB:  ..0. ....  .... .... = Does not support Bulk Read and Write 
      SMB: Byte Count              = 71 
      SMB: Case insensitive password = 00 
      SMB: Account name            = 
      SMB: Client's Primary Domain = 
      SMB: Client's native OS      = Windows NT 1381 
      SMB: CIFS 1.1 spec violation = 0 
      SMB: Client's LANMAN         = Windows NT 4.0 
      SMB: 
      SMB: ----- Tree Connect AndX Header ----- 
      SMB: 
      SMB: Word count         = 4 
      SMB: Parameter words    = FF00000000000100 
      SMB: Byte Count         = 29 
      SMB: Byte parameters    = 005C005C0052004100470045005C0049005000430024000
00049504300 
      SMB: AndX command       = FF (End of chain) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 0000 
      SMB: Additional information = 0000 
      SMB:   .... ....  .... ...0 = Don't disconnect Tid 
      SMB: Password length         = 1 
      SMB: Byte Count              = 29 
      SMB: Password                = 00 
      SMB: Path                    = \\RAGE\IPC$ 
      SMB: Service                 = IPC 
      SMB: 

- - - - - - - - - - - - - - - - - - - - Frame 15 - - - - - - - - - - - - - - - - - - - - 
\"Flags \",\"Frame \",\"Delta Time   \",\"Destination       \",\"Source       
     \",\"Bytes\",\"Protocol  \",\"Summary\" 
"      ","    15","0.000.406    ","AYPC              ","RAGE              "," 
 198 ","CIFS/SMB"," R Tree Connect AndX  Service=IPC ,Native File System=" 
DLC:  ----- DLC Header ----- 
      DLC: 
      DLC:  Frame 15 arrived at  12:59:02.3881; frame size is 198 (00C6 hex) bytes. 
      DLC:  Destination = Station 005054FEEA31 
      DLC:  Source      = Station 001083027B34 
      DLC:  Ethertype   = 0800 (IP) 
      DLC: 
IP: ----- IP Header ----- 
      IP: 
      IP: Version = 4, header length = 20 bytes 
      IP: Type of service = 00 
      IP:       000. ....   = routine 
      IP:       ...0 .... = normal delay 
      IP:       .... 0... = normal throughput 
      IP:       .... .0.. = normal reliability 
      IP:       .... ..0. = ECT bit - transport protocol will ignore the CE bit 
      IP:       .... ...0 = CE bit - no congestion 
      IP: Total length    = 184 bytes 
      IP: Identification  = 51170 
      IP: Flags           = 4X 
      IP:       .1.. .... = don't fragment 
      IP:       ..0. .... = last fragment 
      IP: Fragment offset = 0 bytes 
      IP: Time to live    = 128 seconds/hops 
      IP: Protocol        = 6 (TCP) 
      IP: Header checksum = 1B16 (correct) 
      IP: Source address      = [10.48.66.106], RAGE 
      IP: Destination address = [192.168.10.5], AYPC 
      IP: No options 
      IP: 
TCP: ----- TCP header ----- 
      TCP: 
      TCP: Source port             = 139 (NetBIOS-ssn) 
      TCP: Destination port        = 1037 
      TCP: Sequence number         = 590201 
      TCP: Next expected Seq number= 590345 
      TCP: Acknowledgment number   = 40181 
      TCP: Data offset             = 20 bytes 
      TCP: Flags                   = 18 
      TCP:               ..0. .... = (No urgent pointer) 
      TCP:               ...1 .... = Acknowledgment 
      TCP:               .... 1... = Push 
      TCP:               .... .0.. = (No reset) 
      TCP:               .... ..0. = (No SYN) 
      TCP:               .... ...0 = (No FIN) 
      TCP: Window                  = 7858 
      TCP: Checksum                = F7E6 (correct) 
      TCP: No TCP options 
      TCP: [144 Bytes of data] 
      TCP: 
NETB: ----- NetBIOS Session protocol ----- 
      NETB: 
      NETB: Type = 00 (Session data) 
      NETB: Flags = 00 
      NETB: Total session packet length = 140 
      NETB: 
SMB: ----- SMB (CIFS) Setup Account AndX Response header ----- 
      SMB: 
      SMB: Response to frame 14 
      SMB: SMB Constant 
      SMB: Command            = 73 (Setup Account AndX) 
      SMB: Error Class        = 0 (Success) 
      SMB: Reserved(MBZ)      = 0 
      SMB: Status             = 0 (OK) 
      SMB: Flags = 98 
      SMB: 1... .... = Server Response 
      SMB: ..0. .... = No Opportunistic file Locking 
      SMB: ...1 .... = Pathnames are already in canonicalized format 
      SMB: .... 1... = Pathnames should be treated as caseless 
      SMB: .... ..0. = Send.No.Ack can not be used as a response 
      SMB: .... ...0 = Doesn't support Lock&Read, Write&Unlock
      SMB: Flags2 = 8003 
      SMB:  1... ....  .... .... = STRING type is UNICODE 
      SMB:  .0.. ....  .... .... = DOS style Error code 
      SMB:  ..0. ....  .... .... = No Paging IO 
      SMB:  ...0 ....  .... .... = No DFS support 
      SMB:  .... 0...  .... .... = Client not aware of extended security 
      SMB:  .... ....  .... .0.. = Don't use message authentication 
      SMB:  .... ....  .... ..1. = Client supports extended attributes 
      SMB:  .... ....  .... ...1 = Client supports Long file names 
      SMB: Reserved2(MBZ)     = 0000A9B9522B700714DC0000 
      SMB: Tree ID            = 0801 
      SMB: Process ID         = CAFE 
      SMB: Unauth User ID     = 0801 
      SMB: Multiplex ID       = 0000 
      SMB: 
      SMB: ----- Setup Account AndX Header ----- 
      SMB: 
      SMB: Word count         = 3 
      SMB: Parameter words    = 75007C000000 
      SMB: Byte Count         = 83 
      SMB: Byte parameters    = 00570069006E0064006F007700730020004E005400200
034002E00300000004E00540020004C0041004E0020004D0061006E0061006700650072002000
34002E00300000005400410043005700450042000000 
      SMB: AndX command       = 75 (Tree Connect AndX) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 007C 
      SMB: Request Mode = 0000 
      SMB:  .... ....  .... ...0 = Not logged in as 'Guest' 
      SMB: Byte Count              = 83 
      SMB: Server's Native OS      = Windows NT 4.0 
      SMB: Server's Native LAN Man = NT LAN Manager 4.0 
      SMB: Server's Primary Domain = TACWEB 
      SMB: 
      SMB: ----- Tree Connect AndX Header ----- 
      SMB: 
      SMB: Word count         = 3 
      SMB: Parameter words    = FF008C000100 
      SMB: Byte Count         = 7 
      SMB: Byte parameters    = 49504300000000 
      SMB: AndX command       = FF (End of chain) 
      SMB: AndX reserved(MBZ) = 00 
      SMB: AndX offset        = 008C 
      SMB: Optional support = 0001 
      SMB:  .... ....  .... ..0. = Share not in DFS 
      SMB:  .... ....  .... ...1 = Support Search bits 
      SMB: Byte Count              = 7 
      SMB: Service                 = IPC 
      SMB: Native File system      = 
      SMB:

関連情報


Document ID: 18801