No. Time Source Destination Protocol Info 1 0.000000 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp Frame 1 (154 bytes on wire, 154 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.498621000 [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 154 bytes Capture Length: 154 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 140 Identification: 0x73b9 (29625) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x062f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 89 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xbfff [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591837, TSecr 62822017 [SEQ/ACK analysis] [Number of bytes in flight: 88] NetBIOS Session Service Message Type: Session message Length: 84 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 2] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 18 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 18 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 19 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp No. Time Source Destination Protocol Info 2 0.056732 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 2 (266 bytes on wire, 266 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555353000 [Time delta from previous captured frame: 0.056732000 seconds] [Time delta from previous displayed frame: 0.056732000 seconds] [Time since reference or first frame: 0.056732000 seconds] Frame Number: 2 Frame Length: 266 bytes Capture Length: 266 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 252 Identification: 0x5610 (22032) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe667 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 89 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65129 Checksum: 0x1de1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822120, TSecr 6591837 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.056732000 seconds] [Number of bytes in flight: 200] NetBIOS Session Service Message Type: Session message Length: 196 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 1] [Time from request: 0.056732000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 136 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 136 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 141 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 15:02:05.606809700 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 File Attributes: 0x00000010 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 0 End Of File: 0 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is a DIRECTORY (1) EA List Length: 0 File Name Len: 64 File Name: \SLP\Temp No. Time Source Destination Protocol Info 3 0.056787 172.30.33.11 172.19.71.71 TCP 55075 > microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120 Frame 3 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555408000 [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.000055000 seconds] [Time since reference or first frame: 0.056787000 seconds] Frame Number: 3 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73ba (29626) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0686 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xf2e9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000055000 seconds] No. Time Source Destination Protocol Info 4 0.057279 172.30.33.11 172.19.71.71 SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* Frame 4 (164 bytes on wire, 164 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555900000 [Time delta from previous captured frame: 0.000492000 seconds] [Time delta from previous displayed frame: 0.000547000 seconds] [Time since reference or first frame: 0.057279000 seconds] Frame Number: 4 Frame Length: 164 bytes Capture Length: 164 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 150 Identification: 0x73bb (29627) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0623 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) [Next sequence number: 187 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x59d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [Number of bytes in flight: 98] NetBIOS Session Service Message Type: Session message Length: 94 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 5] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 28 Total Data Count: 0 Max Parameter Count: 10 Max Data Count: 16384 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 28 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: FIND_FIRST2 (0x0001) Byte Count (BCC): 29 Padding: 00 FIND_FIRST2 Parameters Search Attributes: 0x0017 .... .... .... ...1 = Read Only: Include READ ONLY files in search results .... .... .... ..1. = Hidden: Include HIDDEN files in search results .... .... .... .1.. = System: Include SYSTEM files in search results .... .... .... 0... = Volume ID: Do NOT include volume IDs in search results .... .... ...1 .... = Directory: Include DIRECTORIES in search results .... .... ..0. .... = Archive: Do NOT include archive files in search results Search Count: 150 Flags: 0x0006 .... .... ...0 .... = Backup Intent: No backup intent .... .... .... 0... = Continue: New search, do NOT continue from previous position .... .... .... .1.. = Resume: Return RESUME keys .... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached .... .... .... ...0 = Close: Do NOT close search after this request Level of Interest: Find File Directory Info (257) Storage Type: 0 Search Pattern: \Temp\* No. Time Source Destination Protocol Info 5 0.114724 172.19.71.71 172.30.33.11 SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 Frame 5 (522 bytes on wire, 522 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613345000 [Time delta from previous captured frame: 0.057445000 seconds] [Time delta from previous displayed frame: 0.057445000 seconds] [Time since reference or first frame: 0.114724000 seconds] Frame Number: 5 Frame Length: 522 bytes Capture Length: 522 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 508 Identification: 0x5619 (22041) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe55e [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 201 (relative sequence number) [Next sequence number: 657 (relative sequence number)] Acknowledgement number: 187 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65031 Checksum: 0xd4d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591851 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.057445000 seconds] [Number of bytes in flight: 456] NetBIOS Session Service Message Type: Session message Length: 452 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 4] [Time from request: 0.057445000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Response (0x32) Subcommand: FIND_FIRST2 (0x0001) [Level of Interest: Find File Directory Info (257)] [Search Pattern: \Temp\*] Word Count (WCT): 10 Total Parameter Count: 10 Total Data Count: 384 Reserved: 0000 Parameter Count: 10 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 384 Data Offset: 68 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 397 Padding: 00 FIND_FIRST2 Parameters Level of Interest: Find File Directory Info (257) Search ID: 0x0002 Search Count: 5 End Of Search: 1 EA Error offset: 0 Last Name Offset: 304 Padding: 0000 FIND_FIRST2 Data Find File Directory Info File: . Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 2 File Name: . Find File Directory Info File: .. Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 4 File Name: .. Find File Directory Info File: file1 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:35.953352600 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file1 Find File Directory Info File: file2 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file2 Find File Directory Info File: file3 Next Entry Offset: 0 File Index: 0 Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file3 Unknown Data: 000000000000 No. Time Source Destination Protocol Info 6 0.114870 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 Frame 6 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613491000 [Time delta from previous captured frame: 0.000146000 seconds] [Time delta from previous displayed frame: 0.000146000 seconds] [Time since reference or first frame: 0.114870000 seconds] Frame Number: 6 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bc (29628) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0620 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 187 (relative sequence number) [Next sequence number: 287 (relative sequence number)] Acknowledgement number: 657 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8cf3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591865, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5] [The RTT to ACK the segment was: 0.000146000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 7] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file1 No. Time Source Destination Protocol Info 7 0.174305 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 7 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.672926000 [Time delta from previous captured frame: 0.059435000 seconds] [Time delta from previous displayed frame: 0.059435000 seconds] [Time since reference or first frame: 0.174305000 seconds] Frame Number: 7 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x5620 (22048) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe64b [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 657 (relative sequence number) [Next sequence number: 869 (relative sequence number)] Acknowledgement number: 287 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64931 Checksum: 0x396b [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591865 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.059435000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 6] [Time from request: 0.059435000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file1] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:40.561695100 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file1 No. Time Source Destination Protocol Info 8 0.174423 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 Frame 8 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.673044000 [Time delta from previous captured frame: 0.000118000 seconds] [Time delta from previous displayed frame: 0.000118000 seconds] [Time since reference or first frame: 0.174423000 seconds] Frame Number: 8 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bd (29629) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 287 (relative sequence number) [Next sequence number: 387 (relative sequence number)] Acknowledgement number: 869 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x89ac [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591880, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 7] [The RTT to ACK the segment was: 0.000118000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 9] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file2 No. Time Source Destination Protocol Info 9 0.230720 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 9 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729341000 [Time delta from previous captured frame: 0.056297000 seconds] [Time delta from previous displayed frame: 0.056297000 seconds] [Time since reference or first frame: 0.230720000 seconds] Frame Number: 9 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x567b (22139) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe5f0 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 869 (relative sequence number) [Next sequence number: 1081 (relative sequence number)] Acknowledgement number: 387 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64831 Checksum: 0x94dd [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591880 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.056297000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 8] [Time from request: 0.056297000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file2] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file2 No. Time Source Destination Protocol Info 10 0.230837 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 Frame 10 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729458000 [Time delta from previous captured frame: 0.000117000 seconds] [Time delta from previous displayed frame: 0.000117000 seconds] [Time since reference or first frame: 0.230837000 seconds] Frame Number: 10 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73be (29630) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061e [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 387 (relative sequence number) [Next sequence number: 487 (relative sequence number)] Acknowledgement number: 1081 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8665 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591894, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.000117000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 11] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file3 No. Time Source Destination Protocol Info 11 0.286786 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 11 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.785407000 [Time delta from previous captured frame: 0.055949000 seconds] [Time delta from previous displayed frame: 0.055949000 seconds] [Time since reference or first frame: 0.286786000 seconds] Frame Number: 11 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x572f (22319) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe53c [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1081 (relative sequence number) [Next sequence number: 1293 (relative sequence number)] Acknowledgement number: 487 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64731 Checksum: 0xb726 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591894 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.055949000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 10] [Time from request: 0.055949000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file3] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file3 No. Time Source Destination Protocol Info 12 0.327224 172.30.33.11 172.19.71.71 TCP 55075 > microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122 Frame 12 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.825845000 [Time delta from previous captured frame: 0.040438000 seconds] [Time delta from previous displayed frame: 0.040438000 seconds] [Time since reference or first frame: 0.327224000 seconds] Frame Number: 12 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73bf (29631) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0681 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 487 (relative sequence number) Acknowledgement number: 1293 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xecd2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591918, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.040438000 seconds]