[linux-cifs-client] Slow CIFS navigation due to excessive use of QUERY_PATH_INFO

Seb Astien se6astien2 at googlemail.com
Mon Mar 1 07:37:52 MST 2010


Going from kernel (x86) 2.6.27-8 (I am not sure which version of
mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I
noticed an important decrease of performance while navigating CIFS
shares on a Windows 2003 server. Navigating means here either using
midnight commander, ls -l (with ls unaliased first...), rsync, etc..

I added noserverino,nolinux to the mount command, but it does not make
much difference.

The kind of performance degradation I am talking about is in the order
of times ten or so. An rsync which takes less that 2 minutes on old
hardware, now takes over 15 minutes on newer hardware!

Doing a bit of investigation with tcpdump, we can see a lot
QUERY_PATH_INFO requests happening which are not necessary as all the
information is already returned by FIND_FIRST2 requests. A trivial
example will illustrate it. Lets have a directory with 3 files inside.

ls -l with my old machine, it gives:
Protocol Info
SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp
SMB      Trans2 Response, QUERY_PATH_INFO
SMB      Trans2 Request, FIND_FIRST2, Pattern: \Temp\*
SMB      Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3


With the new one, it gives:
Protocol Info
SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp
SMB      Trans2 Response, QUERY_PATH_INFO
SMB      Trans2 Request, FIND_FIRST2, Pattern: \Temp\*
SMB      Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3
SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1
SMB      Trans2 Response, QUERY_PATH_INFO
SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2
SMB      Trans2 Response, QUERY_PATH_INFO
SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3
SMB      Trans2 Response, QUERY_PATH_INFO

So for every file in the directory, as returned by the FIRST_FIND2
response, it does a QUERY_PATH_INFO, which does not bring any new
information, all the attributes were already returned by FIRST_FIND2.
I attached to the email the tcpdump so you can really double check by
yourself that the QUERY_PATH info does not bring anything new.

That is the cause of the slowness I notice.

Thanks for your help,

Seb.
-------------- next part --------------
No.     Time        Source                Destination           Protocol Info
	  1 0.000000    172.30.33.11          172.19.71.71          SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp

Frame 1 (154 bytes on wire, 154 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.498621000
	[Time delta from previous captured frame: 0.000000000 seconds]
	[Time delta from previous displayed frame: 0.000000000 seconds]
	[Time since reference or first frame: 0.000000000 seconds]
	Frame Number: 1
	Frame Length: 154 bytes
	Capture Length: 154 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 140
	Identification: 0x73b9 (29625)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x062f [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 1    (relative sequence number)
	[Next sequence number: 89    (relative sequence number)]
	Acknowledgement number: 1    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0xbfff [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591837, TSecr 62822017
	[SEQ/ACK analysis]
		[Number of bytes in flight: 88]
NetBIOS Session Service
	Message Type: Session message
	Length: 84
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response in: 2]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x00
			0... .... = Request/Response: Message is a request to the server
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 631
	Trans2 Request (0x32)
		Word Count (WCT): 15
		Total Parameter Count: 18
		Total Data Count: 0
		Max Parameter Count: 2
		Max Data Count: 4000
		Max Setup Count: 0
		Reserved: 00
		Flags: 0x0000
			.... .... .... ..0. = One Way Transaction: Two way transaction
			.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
		Timeout: Return immediately (0)
		Reserved: 0000
		Parameter Count: 18
		Parameter Offset: 66
		Data Count: 0
		Data Offset: 0
		Setup Count: 1
		Reserved: 00
		Subcommand: QUERY_PATH_INFO (0x0005)
		Byte Count (BCC): 19
		Padding: 00
		QUERY_PATH_INFO Parameters
			Level of Interest: Query File All Info (263)
			Reserved: 00000000
			File Name: \Temp

No.     Time        Source                Destination           Protocol Info
	  2 0.056732    172.19.71.71          172.30.33.11          SMB      Trans2 Response, QUERY_PATH_INFO

Frame 2 (266 bytes on wire, 266 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.555353000
	[Time delta from previous captured frame: 0.056732000 seconds]
	[Time delta from previous displayed frame: 0.056732000 seconds]
	[Time since reference or first frame: 0.056732000 seconds]
	Frame Number: 2
	Frame Length: 266 bytes
	Capture Length: 266 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 252
	Identification: 0x5610 (22032)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 125
	Protocol: TCP (0x06)
	Header checksum: 0xe667 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.19.71.71 (172.19.71.71)
	Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200
	Source port: microsoft-ds (445)
	Destination port: 55075 (55075)
	[Stream index: 0]
	Sequence number: 1    (relative sequence number)
	[Next sequence number: 201    (relative sequence number)]
	Acknowledgement number: 89    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 65129
	Checksum: 0x1de1 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 62822120, TSecr 6591837
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 1]
		[The RTT to ACK the segment was: 0.056732000 seconds]
		[Number of bytes in flight: 200]
NetBIOS Session Service
	Message Type: Session message
	Length: 196
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response to: 1]
		[Time from request: 0.056732000 seconds]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x80
			1... .... = Request/Response: Message is a response to the client/redirector
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 631
	Trans2 Response (0x32)
		Subcommand: QUERY_PATH_INFO (0x0005)
		[Level of Interest: Query File All Info (263)]
		[File Name: \Temp]
		Word Count (WCT): 10
		Total Parameter Count: 2
		Total Data Count: 136
		Reserved: 0000
		Parameter Count: 2
		Parameter Offset: 56
		Parameter Displacement: 0
		Data Count: 136
		Data Offset: 60
		Data Displacement: 0
		Setup Count: 0
		Reserved: 00
		Byte Count (BCC): 141
		Padding: 00
		QUERY_PATH_INFO Parameters
			EA Error offset: 0
		Padding: 0000
		QUERY_PATH_INFO Data
			Created: Apr 24, 2009 16:56:11.024191600
			Last Access: Mar  1, 2010 15:02:05.606809700
			Last Write: Mar  1, 2010 14:13:56.870541100
			Change: Mar  1, 2010 14:13:56.870541100
			File Attributes: 0x00000010
				.0.. .... .... .... = Encrypted: This is NOT an encrypted file
				..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
				...0 .... .... .... = Offline: This file is NOT offline
				.... 0... .... .... = Compressed: This is NOT a compressed file
				.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
				.... ..0. .... .... = Sparse: This is NOT a sparse file
				.... ...0 .... .... = Temporary: This is NOT a temporary file
				.... .... 0... .... = Normal: This file has some attribute set
				.... .... .0.. .... = Device: This is NOT a device
				.... .... ..0. .... = Archive: This file has NOT been modified since last archive
				.... .... ...1 .... = Directory: This is a DIRECTORY
				.... .... .... 0... = Volume ID: This is NOT a volume ID
				.... .... .... .0.. = System: This is NOT a system file
				.... .... .... ..0. = Hidden: This is NOT a hidden file
				.... .... .... ...0 = Read Only: This file is NOT read only
			Allocation Size: 0
			End Of File: 0
			Link Count: 1
			Delete Pending: Normal, no pending delete (0)
			Is Directory: This is a DIRECTORY (1)
			EA List Length: 0
			File Name Len: 64
			File Name: \SLP\Temp

No.     Time        Source                Destination           Protocol Info
	  3 0.056787    172.30.33.11          172.19.71.71          TCP      55075 > microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120

Frame 3 (66 bytes on wire, 66 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.555408000
	[Time delta from previous captured frame: 0.000055000 seconds]
	[Time delta from previous displayed frame: 0.000055000 seconds]
	[Time since reference or first frame: 0.056787000 seconds]
	Frame Number: 3
	Frame Length: 66 bytes
	Capture Length: 66 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp]
	[Coloring Rule Name: TCP]
	[Coloring Rule String: tcp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 52
	Identification: 0x73ba (29626)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x0686 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 89    (relative sequence number)
	Acknowledgement number: 201    (relative ack number)
	Header length: 32 bytes
	Flags: 0x10 (ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 0... = Push: Not set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0xf2e9 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591851, TSecr 62822120
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 2]
		[The RTT to ACK the segment was: 0.000055000 seconds]

No.     Time        Source                Destination           Protocol Info
	  4 0.057279    172.30.33.11          172.19.71.71          SMB      Trans2 Request, FIND_FIRST2, Pattern: \Temp\*

Frame 4 (164 bytes on wire, 164 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.555900000
	[Time delta from previous captured frame: 0.000492000 seconds]
	[Time delta from previous displayed frame: 0.000547000 seconds]
	[Time since reference or first frame: 0.057279000 seconds]
	Frame Number: 4
	Frame Length: 164 bytes
	Capture Length: 164 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 150
	Identification: 0x73bb (29627)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x0623 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 89    (relative sequence number)
	[Next sequence number: 187    (relative sequence number)]
	Acknowledgement number: 201    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0x59d3 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591851, TSecr 62822120
	[SEQ/ACK analysis]
		[Number of bytes in flight: 98]
NetBIOS Session Service
	Message Type: Session message
	Length: 94
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response in: 5]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x00
			0... .... = Request/Response: Message is a request to the server
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 632
	Trans2 Request (0x32)
		Word Count (WCT): 15
		Total Parameter Count: 28
		Total Data Count: 0
		Max Parameter Count: 10
		Max Data Count: 16384
		Max Setup Count: 0
		Reserved: 00
		Flags: 0x0000
			.... .... .... ..0. = One Way Transaction: Two way transaction
			.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
		Timeout: Return immediately (0)
		Reserved: 0000
		Parameter Count: 28
		Parameter Offset: 66
		Data Count: 0
		Data Offset: 0
		Setup Count: 1
		Reserved: 00
		Subcommand: FIND_FIRST2 (0x0001)
		Byte Count (BCC): 29
		Padding: 00
		FIND_FIRST2 Parameters
			Search Attributes: 0x0017
				.... .... .... ...1 = Read Only: Include READ ONLY files in search results
				.... .... .... ..1. = Hidden: Include HIDDEN files in search results
				.... .... .... .1.. = System: Include SYSTEM files in search results
				.... .... .... 0... = Volume ID: Do NOT include volume IDs in search results
				.... .... ...1 .... = Directory: Include DIRECTORIES in search results
				.... .... ..0. .... = Archive: Do NOT include archive files in search results
			Search Count: 150
			Flags: 0x0006
				.... .... ...0 .... = Backup Intent: No backup intent
				.... .... .... 0... = Continue: New search, do NOT continue from previous position
				.... .... .... .1.. = Resume: Return RESUME keys
				.... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached
				.... .... .... ...0 = Close: Do NOT close search after this request
			Level of Interest: Find File Directory Info (257)
			Storage Type: 0
			Search Pattern: \Temp\*

No.     Time        Source                Destination           Protocol Info
	  5 0.114724    172.19.71.71          172.30.33.11          SMB      Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3

Frame 5 (522 bytes on wire, 522 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.613345000
	[Time delta from previous captured frame: 0.057445000 seconds]
	[Time delta from previous displayed frame: 0.057445000 seconds]
	[Time since reference or first frame: 0.114724000 seconds]
	Frame Number: 5
	Frame Length: 522 bytes
	Capture Length: 522 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 508
	Identification: 0x5619 (22041)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 125
	Protocol: TCP (0x06)
	Header checksum: 0xe55e [correct]
		[Good: True]
		[Bad : False]
	Source: 172.19.71.71 (172.19.71.71)
	Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456
	Source port: microsoft-ds (445)
	Destination port: 55075 (55075)
	[Stream index: 0]
	Sequence number: 201    (relative sequence number)
	[Next sequence number: 657    (relative sequence number)]
	Acknowledgement number: 187    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 65031
	Checksum: 0xd4d3 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 62822121, TSecr 6591851
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 4]
		[The RTT to ACK the segment was: 0.057445000 seconds]
		[Number of bytes in flight: 456]
NetBIOS Session Service
	Message Type: Session message
	Length: 452
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response to: 4]
		[Time from request: 0.057445000 seconds]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x80
			1... .... = Request/Response: Message is a response to the client/redirector
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 632
	Trans2 Response (0x32)
		Subcommand: FIND_FIRST2 (0x0001)
		[Level of Interest: Find File Directory Info (257)]
		[Search Pattern: \Temp\*]
		Word Count (WCT): 10
		Total Parameter Count: 10
		Total Data Count: 384
		Reserved: 0000
		Parameter Count: 10
		Parameter Offset: 56
		Parameter Displacement: 0
		Data Count: 384
		Data Offset: 68
		Data Displacement: 0
		Setup Count: 0
		Reserved: 00
		Byte Count (BCC): 397
		Padding: 00
		FIND_FIRST2 Parameters
			Level of Interest: Find File Directory Info (257)
			Search ID: 0x0002
			Search Count: 5
			End Of Search: 1
			EA Error offset: 0
			Last Name Offset: 304
		Padding: 0000
		FIND_FIRST2 Data
			Find File Directory Info File: .
				Next Entry Offset: 72
				File Index: 0
				Created: Apr 24, 2009 16:56:11.024191600
				Last Access: Mar  1, 2010 14:13:56.979891600
				Last Write: Mar  1, 2010 14:13:56.870541100
				Change: Mar  1, 2010 14:13:56.870541100
				End Of File: 0
				Allocation Size: 0
				File Attributes: 0x00000010
					.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
					.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
					.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
					.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
					.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
					.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
					.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
					.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
					.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
					.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
					.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
					.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
					.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
					.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
					.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
				File Name Len: 2
				File Name: .
			Find File Directory Info File: ..
				Next Entry Offset: 72
				File Index: 0
				Created: Apr 24, 2009 16:56:11.024191600
				Last Access: Mar  1, 2010 14:13:56.979891600
				Last Write: Mar  1, 2010 14:13:56.870541100
				Change: Mar  1, 2010 14:13:56.870541100
				End Of File: 0
				Allocation Size: 0
				File Attributes: 0x00000010
					.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
					.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
					.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
					.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
					.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
					.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
					.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
					.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
					.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
					.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
					.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
					.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
					.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
					.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
					.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
				File Name Len: 4
				File Name: ..
			Find File Directory Info File: file1
				Next Entry Offset: 80
				File Index: 0
				Created: Mar  1, 2010 14:13:01.851618100
				Last Access: Mar  1, 2010 14:13:35.953352600
				Last Write: Mar  1, 2010 14:13:35.953352600
				Change: Mar  1, 2010 14:13:35.953352600
				End Of File: 14
				Allocation Size: 16
				File Attributes: 0x00000020
					.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
					.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
					.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
					.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
					.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
					.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
					.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
					.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
					.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
					.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
					.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
					.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
					.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
					.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
					.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
				File Name Len: 10
				File Name: file1
			Find File Directory Info File: file2
				Next Entry Offset: 80
				File Index: 0
				Created: Mar  1, 2010 14:13:50.653184100
				Last Access: Mar  1, 2010 14:13:50.762534600
				Last Write: Mar  1, 2010 14:13:50.762534600
				Change: Mar  1, 2010 14:13:50.762534600
				End Of File: 14
				Allocation Size: 16
				File Attributes: 0x00000020
					.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
					.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
					.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
					.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
					.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
					.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
					.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
					.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
					.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
					.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
					.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
					.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
					.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
					.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
					.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
				File Name Len: 10
				File Name: file2
			Find File Directory Info File: file3
				Next Entry Offset: 0
				File Index: 0
				Created: Mar  1, 2010 14:13:56.870541100
				Last Access: Mar  1, 2010 14:13:56.979891600
				Last Write: Mar  1, 2010 14:13:56.979891600
				Change: Mar  1, 2010 14:13:56.979891600
				End Of File: 14
				Allocation Size: 16
				File Attributes: 0x00000020
					.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
					.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
					.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
					.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
					.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
					.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
					.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
					.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
					.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
					.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
					.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
					.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
					.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
					.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
					.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
				File Name Len: 10
				File Name: file3
			Unknown Data: 000000000000

No.     Time        Source                Destination           Protocol Info
	  6 0.114870    172.30.33.11          172.19.71.71          SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1

Frame 6 (166 bytes on wire, 166 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.613491000
	[Time delta from previous captured frame: 0.000146000 seconds]
	[Time delta from previous displayed frame: 0.000146000 seconds]
	[Time since reference or first frame: 0.114870000 seconds]
	Frame Number: 6
	Frame Length: 166 bytes
	Capture Length: 166 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 152
	Identification: 0x73bc (29628)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x0620 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 187    (relative sequence number)
	[Next sequence number: 287    (relative sequence number)]
	Acknowledgement number: 657    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0x8cf3 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591865, TSecr 62822121
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 5]
		[The RTT to ACK the segment was: 0.000146000 seconds]
		[Number of bytes in flight: 100]
NetBIOS Session Service
	Message Type: Session message
	Length: 96
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response in: 7]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x00
			0... .... = Request/Response: Message is a request to the server
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 633
	Trans2 Request (0x32)
		Word Count (WCT): 15
		Total Parameter Count: 30
		Total Data Count: 0
		Max Parameter Count: 2
		Max Data Count: 4000
		Max Setup Count: 0
		Reserved: 00
		Flags: 0x0000
			.... .... .... ..0. = One Way Transaction: Two way transaction
			.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
		Timeout: Return immediately (0)
		Reserved: 0000
		Parameter Count: 30
		Parameter Offset: 66
		Data Count: 0
		Data Offset: 0
		Setup Count: 1
		Reserved: 00
		Subcommand: QUERY_PATH_INFO (0x0005)
		Byte Count (BCC): 31
		Padding: 00
		QUERY_PATH_INFO Parameters
			Level of Interest: Query File All Info (263)
			Reserved: 00000000
			File Name: \Temp\file1

No.     Time        Source                Destination           Protocol Info
	  7 0.174305    172.19.71.71          172.30.33.11          SMB      Trans2 Response, QUERY_PATH_INFO

Frame 7 (278 bytes on wire, 278 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.672926000
	[Time delta from previous captured frame: 0.059435000 seconds]
	[Time delta from previous displayed frame: 0.059435000 seconds]
	[Time since reference or first frame: 0.174305000 seconds]
	Frame Number: 7
	Frame Length: 278 bytes
	Capture Length: 278 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 264
	Identification: 0x5620 (22048)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 125
	Protocol: TCP (0x06)
	Header checksum: 0xe64b [correct]
		[Good: True]
		[Bad : False]
	Source: 172.19.71.71 (172.19.71.71)
	Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212
	Source port: microsoft-ds (445)
	Destination port: 55075 (55075)
	[Stream index: 0]
	Sequence number: 657    (relative sequence number)
	[Next sequence number: 869    (relative sequence number)]
	Acknowledgement number: 287    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 64931
	Checksum: 0x396b [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 62822121, TSecr 6591865
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 6]
		[The RTT to ACK the segment was: 0.059435000 seconds]
		[Number of bytes in flight: 212]
NetBIOS Session Service
	Message Type: Session message
	Length: 208
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response to: 6]
		[Time from request: 0.059435000 seconds]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x80
			1... .... = Request/Response: Message is a response to the client/redirector
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 633
	Trans2 Response (0x32)
		Subcommand: QUERY_PATH_INFO (0x0005)
		[Level of Interest: Query File All Info (263)]
		[File Name: \Temp\file1]
		Word Count (WCT): 10
		Total Parameter Count: 2
		Total Data Count: 148
		Reserved: 0000
		Parameter Count: 2
		Parameter Offset: 56
		Parameter Displacement: 0
		Data Count: 148
		Data Offset: 60
		Data Displacement: 0
		Setup Count: 0
		Reserved: 00
		Byte Count (BCC): 153
		Padding: 00
		QUERY_PATH_INFO Parameters
			EA Error offset: 0
		Padding: 0000
		QUERY_PATH_INFO Data
			Created: Mar  1, 2010 14:13:01.851618100
			Last Access: Mar  1, 2010 14:13:40.561695100
			Last Write: Mar  1, 2010 14:13:35.953352600
			Change: Mar  1, 2010 14:13:35.953352600
			File Attributes: 0x00000020
				.0.. .... .... .... = Encrypted: This is NOT an encrypted file
				..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
				...0 .... .... .... = Offline: This file is NOT offline
				.... 0... .... .... = Compressed: This is NOT a compressed file
				.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
				.... ..0. .... .... = Sparse: This is NOT a sparse file
				.... ...0 .... .... = Temporary: This is NOT a temporary file
				.... .... 0... .... = Normal: This file has some attribute set
				.... .... .0.. .... = Device: This is NOT a device
				.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
				.... .... ...0 .... = Directory: This is NOT a directory
				.... .... .... 0... = Volume ID: This is NOT a volume ID
				.... .... .... .0.. = System: This is NOT a system file
				.... .... .... ..0. = Hidden: This is NOT a hidden file
				.... .... .... ...0 = Read Only: This file is NOT read only
			Allocation Size: 16
			End Of File: 14
			Link Count: 1
			Delete Pending: Normal, no pending delete (0)
			Is Directory: This is NOT a directory (0)
			EA List Length: 0
			File Name Len: 76
			File Name: \SLP\Temp\file1

No.     Time        Source                Destination           Protocol Info
	  8 0.174423    172.30.33.11          172.19.71.71          SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2

Frame 8 (166 bytes on wire, 166 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.673044000
	[Time delta from previous captured frame: 0.000118000 seconds]
	[Time delta from previous displayed frame: 0.000118000 seconds]
	[Time since reference or first frame: 0.174423000 seconds]
	Frame Number: 8
	Frame Length: 166 bytes
	Capture Length: 166 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 152
	Identification: 0x73bd (29629)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x061f [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 287    (relative sequence number)
	[Next sequence number: 387    (relative sequence number)]
	Acknowledgement number: 869    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0x89ac [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591880, TSecr 62822121
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 7]
		[The RTT to ACK the segment was: 0.000118000 seconds]
		[Number of bytes in flight: 100]
NetBIOS Session Service
	Message Type: Session message
	Length: 96
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response in: 9]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x00
			0... .... = Request/Response: Message is a request to the server
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 634
	Trans2 Request (0x32)
		Word Count (WCT): 15
		Total Parameter Count: 30
		Total Data Count: 0
		Max Parameter Count: 2
		Max Data Count: 4000
		Max Setup Count: 0
		Reserved: 00
		Flags: 0x0000
			.... .... .... ..0. = One Way Transaction: Two way transaction
			.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
		Timeout: Return immediately (0)
		Reserved: 0000
		Parameter Count: 30
		Parameter Offset: 66
		Data Count: 0
		Data Offset: 0
		Setup Count: 1
		Reserved: 00
		Subcommand: QUERY_PATH_INFO (0x0005)
		Byte Count (BCC): 31
		Padding: 00
		QUERY_PATH_INFO Parameters
			Level of Interest: Query File All Info (263)
			Reserved: 00000000
			File Name: \Temp\file2

No.     Time        Source                Destination           Protocol Info
	  9 0.230720    172.19.71.71          172.30.33.11          SMB      Trans2 Response, QUERY_PATH_INFO

Frame 9 (278 bytes on wire, 278 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.729341000
	[Time delta from previous captured frame: 0.056297000 seconds]
	[Time delta from previous displayed frame: 0.056297000 seconds]
	[Time since reference or first frame: 0.230720000 seconds]
	Frame Number: 9
	Frame Length: 278 bytes
	Capture Length: 278 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 264
	Identification: 0x567b (22139)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 125
	Protocol: TCP (0x06)
	Header checksum: 0xe5f0 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.19.71.71 (172.19.71.71)
	Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212
	Source port: microsoft-ds (445)
	Destination port: 55075 (55075)
	[Stream index: 0]
	Sequence number: 869    (relative sequence number)
	[Next sequence number: 1081    (relative sequence number)]
	Acknowledgement number: 387    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 64831
	Checksum: 0x94dd [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 62822122, TSecr 6591880
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 8]
		[The RTT to ACK the segment was: 0.056297000 seconds]
		[Number of bytes in flight: 212]
NetBIOS Session Service
	Message Type: Session message
	Length: 208
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response to: 8]
		[Time from request: 0.056297000 seconds]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x80
			1... .... = Request/Response: Message is a response to the client/redirector
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 634
	Trans2 Response (0x32)
		Subcommand: QUERY_PATH_INFO (0x0005)
		[Level of Interest: Query File All Info (263)]
		[File Name: \Temp\file2]
		Word Count (WCT): 10
		Total Parameter Count: 2
		Total Data Count: 148
		Reserved: 0000
		Parameter Count: 2
		Parameter Offset: 56
		Parameter Displacement: 0
		Data Count: 148
		Data Offset: 60
		Data Displacement: 0
		Setup Count: 0
		Reserved: 00
		Byte Count (BCC): 153
		Padding: 00
		QUERY_PATH_INFO Parameters
			EA Error offset: 0
		Padding: 0000
		QUERY_PATH_INFO Data
			Created: Mar  1, 2010 14:13:50.653184100
			Last Access: Mar  1, 2010 14:13:50.762534600
			Last Write: Mar  1, 2010 14:13:50.762534600
			Change: Mar  1, 2010 14:13:50.762534600
			File Attributes: 0x00000020
				.0.. .... .... .... = Encrypted: This is NOT an encrypted file
				..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
				...0 .... .... .... = Offline: This file is NOT offline
				.... 0... .... .... = Compressed: This is NOT a compressed file
				.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
				.... ..0. .... .... = Sparse: This is NOT a sparse file
				.... ...0 .... .... = Temporary: This is NOT a temporary file
				.... .... 0... .... = Normal: This file has some attribute set
				.... .... .0.. .... = Device: This is NOT a device
				.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
				.... .... ...0 .... = Directory: This is NOT a directory
				.... .... .... 0... = Volume ID: This is NOT a volume ID
				.... .... .... .0.. = System: This is NOT a system file
				.... .... .... ..0. = Hidden: This is NOT a hidden file
				.... .... .... ...0 = Read Only: This file is NOT read only
			Allocation Size: 16
			End Of File: 14
			Link Count: 1
			Delete Pending: Normal, no pending delete (0)
			Is Directory: This is NOT a directory (0)
			EA List Length: 0
			File Name Len: 76
			File Name: \SLP\Temp\file2

No.     Time        Source                Destination           Protocol Info
	 10 0.230837    172.30.33.11          172.19.71.71          SMB      Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3

Frame 10 (166 bytes on wire, 166 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.729458000
	[Time delta from previous captured frame: 0.000117000 seconds]
	[Time delta from previous displayed frame: 0.000117000 seconds]
	[Time since reference or first frame: 0.230837000 seconds]
	Frame Number: 10
	Frame Length: 166 bytes
	Capture Length: 166 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 152
	Identification: 0x73be (29630)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x061e [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 387    (relative sequence number)
	[Next sequence number: 487    (relative sequence number)]
	Acknowledgement number: 1081    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0x8665 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591894, TSecr 62822122
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 9]
		[The RTT to ACK the segment was: 0.000117000 seconds]
		[Number of bytes in flight: 100]
NetBIOS Session Service
	Message Type: Session message
	Length: 96
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response in: 11]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x00
			0... .... = Request/Response: Message is a request to the server
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 635
	Trans2 Request (0x32)
		Word Count (WCT): 15
		Total Parameter Count: 30
		Total Data Count: 0
		Max Parameter Count: 2
		Max Data Count: 4000
		Max Setup Count: 0
		Reserved: 00
		Flags: 0x0000
			.... .... .... ..0. = One Way Transaction: Two way transaction
			.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
		Timeout: Return immediately (0)
		Reserved: 0000
		Parameter Count: 30
		Parameter Offset: 66
		Data Count: 0
		Data Offset: 0
		Setup Count: 1
		Reserved: 00
		Subcommand: QUERY_PATH_INFO (0x0005)
		Byte Count (BCC): 31
		Padding: 00
		QUERY_PATH_INFO Parameters
			Level of Interest: Query File All Info (263)
			Reserved: 00000000
			File Name: \Temp\file3

No.     Time        Source                Destination           Protocol Info
	 11 0.286786    172.19.71.71          172.30.33.11          SMB      Trans2 Response, QUERY_PATH_INFO

Frame 11 (278 bytes on wire, 278 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.785407000
	[Time delta from previous captured frame: 0.055949000 seconds]
	[Time delta from previous displayed frame: 0.055949000 seconds]
	[Time since reference or first frame: 0.286786000 seconds]
	Frame Number: 11
	Frame Length: 278 bytes
	Capture Length: 278 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp:nbss:smb]
	[Coloring Rule Name: SMB]
	[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 264
	Identification: 0x572f (22319)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 125
	Protocol: TCP (0x06)
	Header checksum: 0xe53c [correct]
		[Good: True]
		[Bad : False]
	Source: 172.19.71.71 (172.19.71.71)
	Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212
	Source port: microsoft-ds (445)
	Destination port: 55075 (55075)
	[Stream index: 0]
	Sequence number: 1081    (relative sequence number)
	[Next sequence number: 1293    (relative sequence number)]
	Acknowledgement number: 487    (relative ack number)
	Header length: 32 bytes
	Flags: 0x18 (PSH, ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 1... = Push: Set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 64731
	Checksum: 0xb726 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 62822122, TSecr 6591894
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 10]
		[The RTT to ACK the segment was: 0.055949000 seconds]
		[Number of bytes in flight: 212]
NetBIOS Session Service
	Message Type: Session message
	Length: 208
SMB (Server Message Block Protocol)
	SMB Header
		Server Component: SMB
		[Response to: 10]
		[Time from request: 0.055949000 seconds]
		SMB Command: Trans2 (0x32)
		NT Status: STATUS_SUCCESS (0x00000000)
		Flags: 0x80
			1... .... = Request/Response: Message is a response to the client/redirector
			.0.. .... = Notify: Notify client only on open
			..0. .... = Oplocks: OpLock not requested/granted
			...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
			.... 0... = Case Sensitivity: Path names are case sensitive
			.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
			.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
		Flags2: 0xc001
			1... .... .... .... = Unicode Strings: Strings are Unicode
			.1.. .... .... .... = Error Code Type: Error codes are NT error codes
			..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
			...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
			.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
			.... .... .0.. .... = Long Names Used: Path names in request are not long file names
			.... .... .... .0.. = Security Signatures: Security signatures are not supported
			.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
			.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
		Process ID High: 0
		Signature: 0000000000000000
		Reserved: 0000
		Tree ID: 4106
		Process ID: 5657
		User ID: 10241
		Multiplex ID: 635
	Trans2 Response (0x32)
		Subcommand: QUERY_PATH_INFO (0x0005)
		[Level of Interest: Query File All Info (263)]
		[File Name: \Temp\file3]
		Word Count (WCT): 10
		Total Parameter Count: 2
		Total Data Count: 148
		Reserved: 0000
		Parameter Count: 2
		Parameter Offset: 56
		Parameter Displacement: 0
		Data Count: 148
		Data Offset: 60
		Data Displacement: 0
		Setup Count: 0
		Reserved: 00
		Byte Count (BCC): 153
		Padding: 00
		QUERY_PATH_INFO Parameters
			EA Error offset: 0
		Padding: 0000
		QUERY_PATH_INFO Data
			Created: Mar  1, 2010 14:13:56.870541100
			Last Access: Mar  1, 2010 14:13:56.979891600
			Last Write: Mar  1, 2010 14:13:56.979891600
			Change: Mar  1, 2010 14:13:56.979891600
			File Attributes: 0x00000020
				.0.. .... .... .... = Encrypted: This is NOT an encrypted file
				..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
				...0 .... .... .... = Offline: This file is NOT offline
				.... 0... .... .... = Compressed: This is NOT a compressed file
				.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
				.... ..0. .... .... = Sparse: This is NOT a sparse file
				.... ...0 .... .... = Temporary: This is NOT a temporary file
				.... .... 0... .... = Normal: This file has some attribute set
				.... .... .0.. .... = Device: This is NOT a device
				.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
				.... .... ...0 .... = Directory: This is NOT a directory
				.... .... .... 0... = Volume ID: This is NOT a volume ID
				.... .... .... .0.. = System: This is NOT a system file
				.... .... .... ..0. = Hidden: This is NOT a hidden file
				.... .... .... ...0 = Read Only: This file is NOT read only
			Allocation Size: 16
			End Of File: 14
			Link Count: 1
			Delete Pending: Normal, no pending delete (0)
			Is Directory: This is NOT a directory (0)
			EA List Length: 0
			File Name Len: 76
			File Name: \SLP\Temp\file3

No.     Time        Source                Destination           Protocol Info
	 12 0.327224    172.30.33.11          172.19.71.71          TCP      55075 > microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122

Frame 12 (66 bytes on wire, 66 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:49.825845000
	[Time delta from previous captured frame: 0.040438000 seconds]
	[Time delta from previous displayed frame: 0.040438000 seconds]
	[Time since reference or first frame: 0.327224000 seconds]
	Frame Number: 12
	Frame Length: 66 bytes
	Capture Length: 66 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:tcp]
	[Coloring Rule Name: TCP]
	[Coloring Rule String: tcp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 52
	Identification: 0x73bf (29631)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: TCP (0x06)
	Header checksum: 0x0681 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0
	Source port: 55075 (55075)
	Destination port: microsoft-ds (445)
	[Stream index: 0]
	Sequence number: 487    (relative sequence number)
	Acknowledgement number: 1293    (relative ack number)
	Header length: 32 bytes
	Flags: 0x10 (ACK)
		0... .... = Congestion Window Reduced (CWR): Not set
		.0.. .... = ECN-Echo: Not set
		..0. .... = Urgent: Not set
		...1 .... = Acknowledgement: Set
		.... 0... = Push: Not set
		.... .0.. = Reset: Not set
		.... ..0. = Syn: Not set
		.... ...0 = Fin: Not set
	Window size: 1002
	Checksum: 0xecd2 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
	Options: (12 bytes)
		NOP
		NOP
		Timestamps: TSval 6591918, TSecr 62822122
	[SEQ/ACK analysis]
		[This is an ACK to the segment in frame: 11]
		[The RTT to ACK the segment was: 0.040438000 seconds]

No.     Time        Source                Destination           Protocol Info
	 13 2.000365    172.30.33.11          134.214.100.60        NTP      NTP client

Frame 13 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:51.498986000
	[Time delta from previous captured frame: 1.673141000 seconds]
	[Time delta from previous displayed frame: 1.713579000 seconds]
	[Time since reference or first frame: 2.000365000 seconds]
	Frame Number: 13
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 134.214.100.60 (134.214.100.60)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x0000 (0)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: UDP (0x11)
	Header checksum: 0x8265 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 134.214.100.60 (134.214.100.60)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0x3b41 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0xe3
		11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
		..10 0... = Version number: NTP Version 4 (4)
		.... .011 = Mode: client (3)
	Peer Clock Stratum: unspecified or unavailable (0)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.000001 sec
	Root Delay:    0.0000 sec
	Root Dispersion:    0.0010 sec
	Reference Clock ID: (Initialization)
	Reference Clock Update Time: NULL
	Originate Time Stamp: Mar  1, 2010 14:04:45.5265 UTC
	Receive Time Stamp: Mar  1, 2010 14:04:45.5427 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:51.4990 UTC

No.     Time        Source                Destination           Protocol Info
	 14 2.044284    134.214.100.60        172.30.33.11          NTP      NTP server

Frame 14 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:51.542905000
	[Time delta from previous captured frame: 0.043919000 seconds]
	[Time delta from previous displayed frame: 1.757498000 seconds]
	[Time since reference or first frame: 2.044284000 seconds]
	Frame Number: 14
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 134.214.100.60 (134.214.100.60), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x0000 (0)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 50
	Protocol: UDP (0x11)
	Header checksum: 0x9065 [correct]
		[Good: True]
		[Bad : False]
	Source: 134.214.100.60 (134.214.100.60)
	Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0x1230 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0x24
		00.. .... = Leap Indicator: no warning (0)
		..10 0... = Version number: NTP Version 4 (4)
		.... .100 = Mode: server (4)
	Peer Clock Stratum: secondary reference (2)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.003906 sec
	Root Delay:    0.0119 sec
	Root Dispersion:    0.0379 sec
	Reference Clock ID: 192.93.2.20
	Reference Clock Update Time: Mar  1, 2010 13:51:14.7155 UTC
	Originate Time Stamp: Mar  1, 2010 14:05:51.4990 UTC
	Receive Time Stamp: Mar  1, 2010 14:05:51.5247 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:51.5245 UTC

No.     Time        Source                Destination           Protocol Info
	 15 3.000345    172.30.33.11          129.132.2.21          NTP      NTP client

Frame 15 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:52.498966000
	[Time delta from previous captured frame: 0.956061000 seconds]
	[Time delta from previous displayed frame: 2.713559000 seconds]
	[Time since reference or first frame: 3.000345000 seconds]
	Frame Number: 15
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 129.132.2.21 (129.132.2.21)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x0000 (0)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: UDP (0x11)
	Header checksum: 0xe9de [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 129.132.2.21 (129.132.2.21)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0x2515 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0xe3
		11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
		..10 0... = Version number: NTP Version 4 (4)
		.... .011 = Mode: client (3)
	Peer Clock Stratum: unspecified or unavailable (0)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.000001 sec
	Root Delay:    0.0000 sec
	Root Dispersion:    0.0010 sec
	Reference Clock ID: (Initialization)
	Reference Clock Update Time: NULL
	Originate Time Stamp: Mar  1, 2010 14:04:46.5253 UTC
	Receive Time Stamp: Mar  1, 2010 14:04:46.5514 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:52.4989 UTC

No.     Time        Source                Destination           Protocol Info
	 16 3.053964    129.132.2.21          172.30.33.11          NTP      NTP server

Frame 16 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:52.552585000
	[Time delta from previous captured frame: 0.053619000 seconds]
	[Time delta from previous displayed frame: 2.767178000 seconds]
	[Time since reference or first frame: 3.053964000 seconds]
	Frame Number: 16
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 129.132.2.21 (129.132.2.21), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x0000 (0)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 46
	Protocol: UDP (0x11)
	Header checksum: 0xfbde [correct]
		[Good: True]
		[Bad : False]
	Source: 129.132.2.21 (129.132.2.21)
	Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0xcac8 [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0x24
		00.. .... = Leap Indicator: no warning (0)
		..10 0... = Version number: NTP Version 4 (4)
		.... .100 = Mode: server (4)
	Peer Clock Stratum: secondary reference (2)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.000001 sec
	Root Delay:    0.0005 sec
	Root Dispersion:    0.0077 sec
	Reference Clock ID: 129.132.2.23
	Reference Clock Update Time: Mar  1, 2010 14:02:35.9271 UTC
	Originate Time Stamp: Mar  1, 2010 14:05:52.4989 UTC
	Receive Time Stamp: Mar  1, 2010 14:05:52.5266 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:52.5266 UTC

No.     Time        Source                Destination           Protocol Info
	 17 4.000358    172.30.33.11          195.220.94.163        NTP      NTP client

Frame 17 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:53.498979000
	[Time delta from previous captured frame: 0.946394000 seconds]
	[Time delta from previous displayed frame: 3.713572000 seconds]
	[Time since reference or first frame: 4.000358000 seconds]
	Frame Number: 17
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
	Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 195.220.94.163 (195.220.94.163)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x0000 (0)
	Flags: 0x04 (Don't Fragment)
		0... = Reserved bit: Not set
		.1.. = Don't fragment: Set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 64
	Protocol: UDP (0x11)
	Header checksum: 0x4af8 [correct]
		[Good: True]
		[Bad : False]
	Source: 172.30.33.11 (172.30.33.11)
	Destination: 195.220.94.163 (195.220.94.163)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0x73ac [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0xe3
		11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
		..10 0... = Version number: NTP Version 4 (4)
		.... .011 = Mode: client (3)
	Peer Clock Stratum: unspecified or unavailable (0)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.000001 sec
	Root Delay:    0.0000 sec
	Root Dispersion:    0.0010 sec
	Reference Clock ID: (Initialization)
	Reference Clock Update Time: NULL
	Originate Time Stamp: Mar  1, 2010 14:04:47.5265 UTC
	Receive Time Stamp: Mar  1, 2010 14:04:47.5519 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:53.4990 UTC

No.     Time        Source                Destination           Protocol Info
	 18 4.059707    195.220.94.163        172.30.33.11          NTP      NTP server

Frame 18 (90 bytes on wire, 90 bytes captured)
	Arrival Time: Mar  1, 2010 15:05:53.558328000
	[Time delta from previous captured frame: 0.059349000 seconds]
	[Time delta from previous displayed frame: 3.772921000 seconds]
	[Time since reference or first frame: 4.059707000 seconds]
	Frame Number: 18
	Frame Length: 90 bytes
	Capture Length: 90 bytes
	[Frame is marked: False]
	[Protocols in frame: eth:ip:udp:ntp]
	[Coloring Rule Name: UDP]
	[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
	Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
		.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
		.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	Type: IP (0x0800)
Internet Protocol, Src: 195.220.94.163 (195.220.94.163), Dst: 172.30.33.11 (172.30.33.11)
	Version: 4
	Header length: 20 bytes
	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
		0000 00.. = Differentiated Services Codepoint: Default (0x00)
		.... ..0. = ECN-Capable Transport (ECT): 0
		.... ...0 = ECN-CE: 0
	Total Length: 76
	Identification: 0x3775 (14197)
	Flags: 0x00
		0... = Reserved bit: Not set
		.0.. = Don't fragment: Not set
		..0. = More fragments: Not set
	Fragment offset: 0
	Time to live: 242
	Protocol: UDP (0x11)
	Header checksum: 0xa182 [correct]
		[Good: True]
		[Bad : False]
	Source: 195.220.94.163 (195.220.94.163)
	Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
	Source port: ntp (123)
	Destination port: ntp (123)
	Length: 56
	Checksum: 0x202f [validation disabled]
		[Good Checksum: False]
		[Bad Checksum: False]
Network Time Protocol
	Flags: 0x24
		00.. .... = Leap Indicator: no warning (0)
		..10 0... = Version number: NTP Version 4 (4)
		.... .100 = Mode: server (4)
	Peer Clock Stratum: primary reference (1)
	Peer Polling Interval: 6 (64 sec)
	Peer Clock Precision: 0.000002 sec
	Root Delay:    0.0000 sec
	Root Dispersion:    0.0000 sec
	Reference Clock ID: Global Positioning Service
	Reference Clock Update Time: Mar  1, 2010 14:05:52.0000 UTC
	Originate Time Stamp: Mar  1, 2010 14:05:53.4990 UTC
	Receive Time Stamp: Mar  1, 2010 14:05:53.5317 UTC
	Transmit Time Stamp: Mar  1, 2010 14:05:53.5325 UTC


More information about the linux-cifs-client mailing list