[linux-cifs-client] Slow CIFS navigation due to excessive use of QUERY_PATH_INFO
Seb Astien
se6astien2 at googlemail.com
Mon Mar 1 07:37:52 MST 2010
Going from kernel (x86) 2.6.27-8 (I am not sure which version of
mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I
noticed an important decrease of performance while navigating CIFS
shares on a Windows 2003 server. Navigating means here either using
midnight commander, ls -l (with ls unaliased first...), rsync, etc..
I added noserverino,nolinux to the mount command, but it does not make
much difference.
The kind of performance degradation I am talking about is in the order
of times ten or so. An rsync which takes less that 2 minutes on old
hardware, now takes over 15 minutes on newer hardware!
Doing a bit of investigation with tcpdump, we can see a lot
QUERY_PATH_INFO requests happening which are not necessary as all the
information is already returned by FIND_FIRST2 requests. A trivial
example will illustrate it. Lets have a directory with 3 files inside.
ls -l with my old machine, it gives:
Protocol Info
SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp
SMB Trans2 Response, QUERY_PATH_INFO
SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\*
SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3
With the new one, it gives:
Protocol Info
SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp
SMB Trans2 Response, QUERY_PATH_INFO
SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\*
SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3
SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1
SMB Trans2 Response, QUERY_PATH_INFO
SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2
SMB Trans2 Response, QUERY_PATH_INFO
SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3
SMB Trans2 Response, QUERY_PATH_INFO
So for every file in the directory, as returned by the FIRST_FIND2
response, it does a QUERY_PATH_INFO, which does not bring any new
information, all the attributes were already returned by FIRST_FIND2.
I attached to the email the tcpdump so you can really double check by
yourself that the QUERY_PATH info does not bring anything new.
That is the cause of the slowness I notice.
Thanks for your help,
Seb.
-------------- next part --------------
No. Time Source Destination Protocol Info
1 0.000000 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp
Frame 1 (154 bytes on wire, 154 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.498621000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 154 bytes
Capture Length: 154 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 140
Identification: 0x73b9 (29625)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x062f [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 89 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0xbfff [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591837, TSecr 62822017
[SEQ/ACK analysis]
[Number of bytes in flight: 88]
NetBIOS Session Service
Message Type: Session message
Length: 84
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response in: 2]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 631
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 18
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 4000
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 18
Parameter Offset: 66
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_PATH_INFO (0x0005)
Byte Count (BCC): 19
Padding: 00
QUERY_PATH_INFO Parameters
Level of Interest: Query File All Info (263)
Reserved: 00000000
File Name: \Temp
No. Time Source Destination Protocol Info
2 0.056732 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO
Frame 2 (266 bytes on wire, 266 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.555353000
[Time delta from previous captured frame: 0.056732000 seconds]
[Time delta from previous displayed frame: 0.056732000 seconds]
[Time since reference or first frame: 0.056732000 seconds]
Frame Number: 2
Frame Length: 266 bytes
Capture Length: 266 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 252
Identification: 0x5610 (22032)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 125
Protocol: TCP (0x06)
Header checksum: 0xe667 [correct]
[Good: True]
[Bad : False]
Source: 172.19.71.71 (172.19.71.71)
Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200
Source port: microsoft-ds (445)
Destination port: 55075 (55075)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 201 (relative sequence number)]
Acknowledgement number: 89 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65129
Checksum: 0x1de1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 62822120, TSecr 6591837
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1]
[The RTT to ACK the segment was: 0.056732000 seconds]
[Number of bytes in flight: 200]
NetBIOS Session Service
Message Type: Session message
Length: 196
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response to: 1]
[Time from request: 0.056732000 seconds]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x80
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 631
Trans2 Response (0x32)
Subcommand: QUERY_PATH_INFO (0x0005)
[Level of Interest: Query File All Info (263)]
[File Name: \Temp]
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 136
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 136
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 141
Padding: 00
QUERY_PATH_INFO Parameters
EA Error offset: 0
Padding: 0000
QUERY_PATH_INFO Data
Created: Apr 24, 2009 16:56:11.024191600
Last Access: Mar 1, 2010 15:02:05.606809700
Last Write: Mar 1, 2010 14:13:56.870541100
Change: Mar 1, 2010 14:13:56.870541100
File Attributes: 0x00000010
.0.. .... .... .... = Encrypted: This is NOT an encrypted file
..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
...0 .... .... .... = Offline: This file is NOT offline
.... 0... .... .... = Compressed: This is NOT a compressed file
.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... ..0. .... .... = Sparse: This is NOT a sparse file
.... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... 0... .... = Normal: This file has some attribute set
.... .... .0.. .... = Device: This is NOT a device
.... .... ..0. .... = Archive: This file has NOT been modified since last archive
.... .... ...1 .... = Directory: This is a DIRECTORY
.... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .0.. = System: This is NOT a system file
.... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... ...0 = Read Only: This file is NOT read only
Allocation Size: 0
End Of File: 0
Link Count: 1
Delete Pending: Normal, no pending delete (0)
Is Directory: This is a DIRECTORY (1)
EA List Length: 0
File Name Len: 64
File Name: \SLP\Temp
No. Time Source Destination Protocol Info
3 0.056787 172.30.33.11 172.19.71.71 TCP 55075 > microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120
Frame 3 (66 bytes on wire, 66 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.555408000
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.000055000 seconds]
[Time since reference or first frame: 0.056787000 seconds]
Frame Number: 3
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x73ba (29626)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0686 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 89 (relative sequence number)
Acknowledgement number: 201 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0xf2e9 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591851, TSecr 62822120
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2]
[The RTT to ACK the segment was: 0.000055000 seconds]
No. Time Source Destination Protocol Info
4 0.057279 172.30.33.11 172.19.71.71 SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\*
Frame 4 (164 bytes on wire, 164 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.555900000
[Time delta from previous captured frame: 0.000492000 seconds]
[Time delta from previous displayed frame: 0.000547000 seconds]
[Time since reference or first frame: 0.057279000 seconds]
Frame Number: 4
Frame Length: 164 bytes
Capture Length: 164 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 150
Identification: 0x73bb (29627)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0623 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 89 (relative sequence number)
[Next sequence number: 187 (relative sequence number)]
Acknowledgement number: 201 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0x59d3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591851, TSecr 62822120
[SEQ/ACK analysis]
[Number of bytes in flight: 98]
NetBIOS Session Service
Message Type: Session message
Length: 94
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response in: 5]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 632
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 28
Total Data Count: 0
Max Parameter Count: 10
Max Data Count: 16384
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 28
Parameter Offset: 66
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: FIND_FIRST2 (0x0001)
Byte Count (BCC): 29
Padding: 00
FIND_FIRST2 Parameters
Search Attributes: 0x0017
.... .... .... ...1 = Read Only: Include READ ONLY files in search results
.... .... .... ..1. = Hidden: Include HIDDEN files in search results
.... .... .... .1.. = System: Include SYSTEM files in search results
.... .... .... 0... = Volume ID: Do NOT include volume IDs in search results
.... .... ...1 .... = Directory: Include DIRECTORIES in search results
.... .... ..0. .... = Archive: Do NOT include archive files in search results
Search Count: 150
Flags: 0x0006
.... .... ...0 .... = Backup Intent: No backup intent
.... .... .... 0... = Continue: New search, do NOT continue from previous position
.... .... .... .1.. = Resume: Return RESUME keys
.... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached
.... .... .... ...0 = Close: Do NOT close search after this request
Level of Interest: Find File Directory Info (257)
Storage Type: 0
Search Pattern: \Temp\*
No. Time Source Destination Protocol Info
5 0.114724 172.19.71.71 172.30.33.11 SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3
Frame 5 (522 bytes on wire, 522 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.613345000
[Time delta from previous captured frame: 0.057445000 seconds]
[Time delta from previous displayed frame: 0.057445000 seconds]
[Time since reference or first frame: 0.114724000 seconds]
Frame Number: 5
Frame Length: 522 bytes
Capture Length: 522 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 508
Identification: 0x5619 (22041)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 125
Protocol: TCP (0x06)
Header checksum: 0xe55e [correct]
[Good: True]
[Bad : False]
Source: 172.19.71.71 (172.19.71.71)
Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456
Source port: microsoft-ds (445)
Destination port: 55075 (55075)
[Stream index: 0]
Sequence number: 201 (relative sequence number)
[Next sequence number: 657 (relative sequence number)]
Acknowledgement number: 187 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65031
Checksum: 0xd4d3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 62822121, TSecr 6591851
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.057445000 seconds]
[Number of bytes in flight: 456]
NetBIOS Session Service
Message Type: Session message
Length: 452
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response to: 4]
[Time from request: 0.057445000 seconds]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x80
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 632
Trans2 Response (0x32)
Subcommand: FIND_FIRST2 (0x0001)
[Level of Interest: Find File Directory Info (257)]
[Search Pattern: \Temp\*]
Word Count (WCT): 10
Total Parameter Count: 10
Total Data Count: 384
Reserved: 0000
Parameter Count: 10
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 384
Data Offset: 68
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 397
Padding: 00
FIND_FIRST2 Parameters
Level of Interest: Find File Directory Info (257)
Search ID: 0x0002
Search Count: 5
End Of Search: 1
EA Error offset: 0
Last Name Offset: 304
Padding: 0000
FIND_FIRST2 Data
Find File Directory Info File: .
Next Entry Offset: 72
File Index: 0
Created: Apr 24, 2009 16:56:11.024191600
Last Access: Mar 1, 2010 14:13:56.979891600
Last Write: Mar 1, 2010 14:13:56.870541100
Change: Mar 1, 2010 14:13:56.870541100
End Of File: 0
Allocation Size: 0
File Attributes: 0x00000010
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
File Name Len: 2
File Name: .
Find File Directory Info File: ..
Next Entry Offset: 72
File Index: 0
Created: Apr 24, 2009 16:56:11.024191600
Last Access: Mar 1, 2010 14:13:56.979891600
Last Write: Mar 1, 2010 14:13:56.870541100
Change: Mar 1, 2010 14:13:56.870541100
End Of File: 0
Allocation Size: 0
File Attributes: 0x00000010
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive
.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
File Name Len: 4
File Name: ..
Find File Directory Info File: file1
Next Entry Offset: 80
File Index: 0
Created: Mar 1, 2010 14:13:01.851618100
Last Access: Mar 1, 2010 14:13:35.953352600
Last Write: Mar 1, 2010 14:13:35.953352600
Change: Mar 1, 2010 14:13:35.953352600
End Of File: 14
Allocation Size: 16
File Attributes: 0x00000020
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
File Name Len: 10
File Name: file1
Find File Directory Info File: file2
Next Entry Offset: 80
File Index: 0
Created: Mar 1, 2010 14:13:50.653184100
Last Access: Mar 1, 2010 14:13:50.762534600
Last Write: Mar 1, 2010 14:13:50.762534600
Change: Mar 1, 2010 14:13:50.762534600
End Of File: 14
Allocation Size: 16
File Attributes: 0x00000020
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
File Name Len: 10
File Name: file2
Find File Directory Info File: file3
Next Entry Offset: 0
File Index: 0
Created: Mar 1, 2010 14:13:56.870541100
Last Access: Mar 1, 2010 14:13:56.979891600
Last Write: Mar 1, 2010 14:13:56.979891600
Change: Mar 1, 2010 14:13:56.979891600
End Of File: 14
Allocation Size: 16
File Attributes: 0x00000020
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
File Name Len: 10
File Name: file3
Unknown Data: 000000000000
No. Time Source Destination Protocol Info
6 0.114870 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1
Frame 6 (166 bytes on wire, 166 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.613491000
[Time delta from previous captured frame: 0.000146000 seconds]
[Time delta from previous displayed frame: 0.000146000 seconds]
[Time since reference or first frame: 0.114870000 seconds]
Frame Number: 6
Frame Length: 166 bytes
Capture Length: 166 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 152
Identification: 0x73bc (29628)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0620 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 187 (relative sequence number)
[Next sequence number: 287 (relative sequence number)]
Acknowledgement number: 657 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0x8cf3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591865, TSecr 62822121
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 5]
[The RTT to ACK the segment was: 0.000146000 seconds]
[Number of bytes in flight: 100]
NetBIOS Session Service
Message Type: Session message
Length: 96
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response in: 7]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 633
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 30
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 4000
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 30
Parameter Offset: 66
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_PATH_INFO (0x0005)
Byte Count (BCC): 31
Padding: 00
QUERY_PATH_INFO Parameters
Level of Interest: Query File All Info (263)
Reserved: 00000000
File Name: \Temp\file1
No. Time Source Destination Protocol Info
7 0.174305 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO
Frame 7 (278 bytes on wire, 278 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.672926000
[Time delta from previous captured frame: 0.059435000 seconds]
[Time delta from previous displayed frame: 0.059435000 seconds]
[Time since reference or first frame: 0.174305000 seconds]
Frame Number: 7
Frame Length: 278 bytes
Capture Length: 278 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 264
Identification: 0x5620 (22048)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 125
Protocol: TCP (0x06)
Header checksum: 0xe64b [correct]
[Good: True]
[Bad : False]
Source: 172.19.71.71 (172.19.71.71)
Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212
Source port: microsoft-ds (445)
Destination port: 55075 (55075)
[Stream index: 0]
Sequence number: 657 (relative sequence number)
[Next sequence number: 869 (relative sequence number)]
Acknowledgement number: 287 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64931
Checksum: 0x396b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 62822121, TSecr 6591865
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 6]
[The RTT to ACK the segment was: 0.059435000 seconds]
[Number of bytes in flight: 212]
NetBIOS Session Service
Message Type: Session message
Length: 208
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response to: 6]
[Time from request: 0.059435000 seconds]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x80
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 633
Trans2 Response (0x32)
Subcommand: QUERY_PATH_INFO (0x0005)
[Level of Interest: Query File All Info (263)]
[File Name: \Temp\file1]
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 148
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 148
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 153
Padding: 00
QUERY_PATH_INFO Parameters
EA Error offset: 0
Padding: 0000
QUERY_PATH_INFO Data
Created: Mar 1, 2010 14:13:01.851618100
Last Access: Mar 1, 2010 14:13:40.561695100
Last Write: Mar 1, 2010 14:13:35.953352600
Change: Mar 1, 2010 14:13:35.953352600
File Attributes: 0x00000020
.0.. .... .... .... = Encrypted: This is NOT an encrypted file
..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
...0 .... .... .... = Offline: This file is NOT offline
.... 0... .... .... = Compressed: This is NOT a compressed file
.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... ..0. .... .... = Sparse: This is NOT a sparse file
.... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... 0... .... = Normal: This file has some attribute set
.... .... .0.. .... = Device: This is NOT a device
.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... ...0 .... = Directory: This is NOT a directory
.... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .0.. = System: This is NOT a system file
.... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... ...0 = Read Only: This file is NOT read only
Allocation Size: 16
End Of File: 14
Link Count: 1
Delete Pending: Normal, no pending delete (0)
Is Directory: This is NOT a directory (0)
EA List Length: 0
File Name Len: 76
File Name: \SLP\Temp\file1
No. Time Source Destination Protocol Info
8 0.174423 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2
Frame 8 (166 bytes on wire, 166 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.673044000
[Time delta from previous captured frame: 0.000118000 seconds]
[Time delta from previous displayed frame: 0.000118000 seconds]
[Time since reference or first frame: 0.174423000 seconds]
Frame Number: 8
Frame Length: 166 bytes
Capture Length: 166 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 152
Identification: 0x73bd (29629)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x061f [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 287 (relative sequence number)
[Next sequence number: 387 (relative sequence number)]
Acknowledgement number: 869 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0x89ac [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591880, TSecr 62822121
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 7]
[The RTT to ACK the segment was: 0.000118000 seconds]
[Number of bytes in flight: 100]
NetBIOS Session Service
Message Type: Session message
Length: 96
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response in: 9]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 634
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 30
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 4000
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 30
Parameter Offset: 66
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_PATH_INFO (0x0005)
Byte Count (BCC): 31
Padding: 00
QUERY_PATH_INFO Parameters
Level of Interest: Query File All Info (263)
Reserved: 00000000
File Name: \Temp\file2
No. Time Source Destination Protocol Info
9 0.230720 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO
Frame 9 (278 bytes on wire, 278 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.729341000
[Time delta from previous captured frame: 0.056297000 seconds]
[Time delta from previous displayed frame: 0.056297000 seconds]
[Time since reference or first frame: 0.230720000 seconds]
Frame Number: 9
Frame Length: 278 bytes
Capture Length: 278 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 264
Identification: 0x567b (22139)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 125
Protocol: TCP (0x06)
Header checksum: 0xe5f0 [correct]
[Good: True]
[Bad : False]
Source: 172.19.71.71 (172.19.71.71)
Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212
Source port: microsoft-ds (445)
Destination port: 55075 (55075)
[Stream index: 0]
Sequence number: 869 (relative sequence number)
[Next sequence number: 1081 (relative sequence number)]
Acknowledgement number: 387 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64831
Checksum: 0x94dd [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 62822122, TSecr 6591880
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 8]
[The RTT to ACK the segment was: 0.056297000 seconds]
[Number of bytes in flight: 212]
NetBIOS Session Service
Message Type: Session message
Length: 208
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response to: 8]
[Time from request: 0.056297000 seconds]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x80
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 634
Trans2 Response (0x32)
Subcommand: QUERY_PATH_INFO (0x0005)
[Level of Interest: Query File All Info (263)]
[File Name: \Temp\file2]
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 148
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 148
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 153
Padding: 00
QUERY_PATH_INFO Parameters
EA Error offset: 0
Padding: 0000
QUERY_PATH_INFO Data
Created: Mar 1, 2010 14:13:50.653184100
Last Access: Mar 1, 2010 14:13:50.762534600
Last Write: Mar 1, 2010 14:13:50.762534600
Change: Mar 1, 2010 14:13:50.762534600
File Attributes: 0x00000020
.0.. .... .... .... = Encrypted: This is NOT an encrypted file
..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
...0 .... .... .... = Offline: This file is NOT offline
.... 0... .... .... = Compressed: This is NOT a compressed file
.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... ..0. .... .... = Sparse: This is NOT a sparse file
.... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... 0... .... = Normal: This file has some attribute set
.... .... .0.. .... = Device: This is NOT a device
.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... ...0 .... = Directory: This is NOT a directory
.... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .0.. = System: This is NOT a system file
.... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... ...0 = Read Only: This file is NOT read only
Allocation Size: 16
End Of File: 14
Link Count: 1
Delete Pending: Normal, no pending delete (0)
Is Directory: This is NOT a directory (0)
EA List Length: 0
File Name Len: 76
File Name: \SLP\Temp\file2
No. Time Source Destination Protocol Info
10 0.230837 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3
Frame 10 (166 bytes on wire, 166 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.729458000
[Time delta from previous captured frame: 0.000117000 seconds]
[Time delta from previous displayed frame: 0.000117000 seconds]
[Time since reference or first frame: 0.230837000 seconds]
Frame Number: 10
Frame Length: 166 bytes
Capture Length: 166 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 152
Identification: 0x73be (29630)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x061e [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 387 (relative sequence number)
[Next sequence number: 487 (relative sequence number)]
Acknowledgement number: 1081 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0x8665 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591894, TSecr 62822122
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 9]
[The RTT to ACK the segment was: 0.000117000 seconds]
[Number of bytes in flight: 100]
NetBIOS Session Service
Message Type: Session message
Length: 96
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response in: 11]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 635
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 30
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 4000
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 30
Parameter Offset: 66
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_PATH_INFO (0x0005)
Byte Count (BCC): 31
Padding: 00
QUERY_PATH_INFO Parameters
Level of Interest: Query File All Info (263)
Reserved: 00000000
File Name: \Temp\file3
No. Time Source Destination Protocol Info
11 0.286786 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO
Frame 11 (278 bytes on wire, 278 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.785407000
[Time delta from previous captured frame: 0.055949000 seconds]
[Time delta from previous displayed frame: 0.055949000 seconds]
[Time since reference or first frame: 0.286786000 seconds]
Frame Number: 11
Frame Length: 278 bytes
Capture Length: 278 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:nbss:smb]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 264
Identification: 0x572f (22319)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 125
Protocol: TCP (0x06)
Header checksum: 0xe53c [correct]
[Good: True]
[Bad : False]
Source: 172.19.71.71 (172.19.71.71)
Destination: 172.30.33.11 (172.30.33.11)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212
Source port: microsoft-ds (445)
Destination port: 55075 (55075)
[Stream index: 0]
Sequence number: 1081 (relative sequence number)
[Next sequence number: 1293 (relative sequence number)]
Acknowledgement number: 487 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64731
Checksum: 0xb726 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 62822122, TSecr 6591894
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 10]
[The RTT to ACK the segment was: 0.055949000 seconds]
[Number of bytes in flight: 212]
NetBIOS Session Service
Message Type: Session message
Length: 208
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
[Response to: 10]
[Time from request: 0.055949000 seconds]
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x80
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc001
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 4106
Process ID: 5657
User ID: 10241
Multiplex ID: 635
Trans2 Response (0x32)
Subcommand: QUERY_PATH_INFO (0x0005)
[Level of Interest: Query File All Info (263)]
[File Name: \Temp\file3]
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 148
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 148
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 153
Padding: 00
QUERY_PATH_INFO Parameters
EA Error offset: 0
Padding: 0000
QUERY_PATH_INFO Data
Created: Mar 1, 2010 14:13:56.870541100
Last Access: Mar 1, 2010 14:13:56.979891600
Last Write: Mar 1, 2010 14:13:56.979891600
Change: Mar 1, 2010 14:13:56.979891600
File Attributes: 0x00000020
.0.. .... .... .... = Encrypted: This is NOT an encrypted file
..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
...0 .... .... .... = Offline: This file is NOT offline
.... 0... .... .... = Compressed: This is NOT a compressed file
.... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
.... ..0. .... .... = Sparse: This is NOT a sparse file
.... ...0 .... .... = Temporary: This is NOT a temporary file
.... .... 0... .... = Normal: This file has some attribute set
.... .... .0.. .... = Device: This is NOT a device
.... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
.... .... ...0 .... = Directory: This is NOT a directory
.... .... .... 0... = Volume ID: This is NOT a volume ID
.... .... .... .0.. = System: This is NOT a system file
.... .... .... ..0. = Hidden: This is NOT a hidden file
.... .... .... ...0 = Read Only: This file is NOT read only
Allocation Size: 16
End Of File: 14
Link Count: 1
Delete Pending: Normal, no pending delete (0)
Is Directory: This is NOT a directory (0)
EA List Length: 0
File Name Len: 76
File Name: \SLP\Temp\file3
No. Time Source Destination Protocol Info
12 0.327224 172.30.33.11 172.19.71.71 TCP 55075 > microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122
Frame 12 (66 bytes on wire, 66 bytes captured)
Arrival Time: Mar 1, 2010 15:05:49.825845000
[Time delta from previous captured frame: 0.040438000 seconds]
[Time delta from previous displayed frame: 0.040438000 seconds]
[Time since reference or first frame: 0.327224000 seconds]
Frame Number: 12
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x73bf (29631)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0681 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 172.19.71.71 (172.19.71.71)
Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0
Source port: 55075 (55075)
Destination port: microsoft-ds (445)
[Stream index: 0]
Sequence number: 487 (relative sequence number)
Acknowledgement number: 1293 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 1002
Checksum: 0xecd2 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 6591918, TSecr 62822122
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 11]
[The RTT to ACK the segment was: 0.040438000 seconds]
No. Time Source Destination Protocol Info
13 2.000365 172.30.33.11 134.214.100.60 NTP NTP client
Frame 13 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:51.498986000
[Time delta from previous captured frame: 1.673141000 seconds]
[Time delta from previous displayed frame: 1.713579000 seconds]
[Time since reference or first frame: 2.000365000 seconds]
Frame Number: 13
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 134.214.100.60 (134.214.100.60)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x8265 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 134.214.100.60 (134.214.100.60)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0x3b41 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0xe3
11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
..10 0... = Version number: NTP Version 4 (4)
.... .011 = Mode: client (3)
Peer Clock Stratum: unspecified or unavailable (0)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.000001 sec
Root Delay: 0.0000 sec
Root Dispersion: 0.0010 sec
Reference Clock ID: (Initialization)
Reference Clock Update Time: NULL
Originate Time Stamp: Mar 1, 2010 14:04:45.5265 UTC
Receive Time Stamp: Mar 1, 2010 14:04:45.5427 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:51.4990 UTC
No. Time Source Destination Protocol Info
14 2.044284 134.214.100.60 172.30.33.11 NTP NTP server
Frame 14 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:51.542905000
[Time delta from previous captured frame: 0.043919000 seconds]
[Time delta from previous displayed frame: 1.757498000 seconds]
[Time since reference or first frame: 2.044284000 seconds]
Frame Number: 14
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 134.214.100.60 (134.214.100.60), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x9065 [correct]
[Good: True]
[Bad : False]
Source: 134.214.100.60 (134.214.100.60)
Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0x1230 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0x24
00.. .... = Leap Indicator: no warning (0)
..10 0... = Version number: NTP Version 4 (4)
.... .100 = Mode: server (4)
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.003906 sec
Root Delay: 0.0119 sec
Root Dispersion: 0.0379 sec
Reference Clock ID: 192.93.2.20
Reference Clock Update Time: Mar 1, 2010 13:51:14.7155 UTC
Originate Time Stamp: Mar 1, 2010 14:05:51.4990 UTC
Receive Time Stamp: Mar 1, 2010 14:05:51.5247 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:51.5245 UTC
No. Time Source Destination Protocol Info
15 3.000345 172.30.33.11 129.132.2.21 NTP NTP client
Frame 15 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:52.498966000
[Time delta from previous captured frame: 0.956061000 seconds]
[Time delta from previous displayed frame: 2.713559000 seconds]
[Time since reference or first frame: 3.000345000 seconds]
Frame Number: 15
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 129.132.2.21 (129.132.2.21)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xe9de [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 129.132.2.21 (129.132.2.21)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0x2515 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0xe3
11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
..10 0... = Version number: NTP Version 4 (4)
.... .011 = Mode: client (3)
Peer Clock Stratum: unspecified or unavailable (0)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.000001 sec
Root Delay: 0.0000 sec
Root Dispersion: 0.0010 sec
Reference Clock ID: (Initialization)
Reference Clock Update Time: NULL
Originate Time Stamp: Mar 1, 2010 14:04:46.5253 UTC
Receive Time Stamp: Mar 1, 2010 14:04:46.5514 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:52.4989 UTC
No. Time Source Destination Protocol Info
16 3.053964 129.132.2.21 172.30.33.11 NTP NTP server
Frame 16 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:52.552585000
[Time delta from previous captured frame: 0.053619000 seconds]
[Time delta from previous displayed frame: 2.767178000 seconds]
[Time since reference or first frame: 3.053964000 seconds]
Frame Number: 16
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 129.132.2.21 (129.132.2.21), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 46
Protocol: UDP (0x11)
Header checksum: 0xfbde [correct]
[Good: True]
[Bad : False]
Source: 129.132.2.21 (129.132.2.21)
Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0xcac8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0x24
00.. .... = Leap Indicator: no warning (0)
..10 0... = Version number: NTP Version 4 (4)
.... .100 = Mode: server (4)
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.000001 sec
Root Delay: 0.0005 sec
Root Dispersion: 0.0077 sec
Reference Clock ID: 129.132.2.23
Reference Clock Update Time: Mar 1, 2010 14:02:35.9271 UTC
Originate Time Stamp: Mar 1, 2010 14:05:52.4989 UTC
Receive Time Stamp: Mar 1, 2010 14:05:52.5266 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:52.5266 UTC
No. Time Source Destination Protocol Info
17 4.000358 172.30.33.11 195.220.94.163 NTP NTP client
Frame 17 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:53.498979000
[Time delta from previous captured frame: 0.946394000 seconds]
[Time delta from previous displayed frame: 3.713572000 seconds]
[Time since reference or first frame: 4.000358000 seconds]
Frame Number: 17
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 195.220.94.163 (195.220.94.163)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x4af8 [correct]
[Good: True]
[Bad : False]
Source: 172.30.33.11 (172.30.33.11)
Destination: 195.220.94.163 (195.220.94.163)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0x73ac [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0xe3
11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3)
..10 0... = Version number: NTP Version 4 (4)
.... .011 = Mode: client (3)
Peer Clock Stratum: unspecified or unavailable (0)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.000001 sec
Root Delay: 0.0000 sec
Root Dispersion: 0.0010 sec
Reference Clock ID: (Initialization)
Reference Clock Update Time: NULL
Originate Time Stamp: Mar 1, 2010 14:04:47.5265 UTC
Receive Time Stamp: Mar 1, 2010 14:04:47.5519 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:53.4990 UTC
No. Time Source Destination Protocol Info
18 4.059707 195.220.94.163 172.30.33.11 NTP NTP server
Frame 18 (90 bytes on wire, 90 bytes captured)
Arrival Time: Mar 1, 2010 15:05:53.558328000
[Time delta from previous captured frame: 0.059349000 seconds]
[Time delta from previous displayed frame: 3.772921000 seconds]
[Time since reference or first frame: 4.059707000 seconds]
Frame Number: 18
Frame Length: 90 bytes
Capture Length: 90 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:ntp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 195.220.94.163 (195.220.94.163), Dst: 172.30.33.11 (172.30.33.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x3775 (14197)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 242
Protocol: UDP (0x11)
Header checksum: 0xa182 [correct]
[Good: True]
[Bad : False]
Source: 195.220.94.163 (195.220.94.163)
Destination: 172.30.33.11 (172.30.33.11)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Source port: ntp (123)
Destination port: ntp (123)
Length: 56
Checksum: 0x202f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0x24
00.. .... = Leap Indicator: no warning (0)
..10 0... = Version number: NTP Version 4 (4)
.... .100 = Mode: server (4)
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 6 (64 sec)
Peer Clock Precision: 0.000002 sec
Root Delay: 0.0000 sec
Root Dispersion: 0.0000 sec
Reference Clock ID: Global Positioning Service
Reference Clock Update Time: Mar 1, 2010 14:05:52.0000 UTC
Originate Time Stamp: Mar 1, 2010 14:05:53.4990 UTC
Receive Time Stamp: Mar 1, 2010 14:05:53.5317 UTC
Transmit Time Stamp: Mar 1, 2010 14:05:53.5325 UTC
More information about the linux-cifs-client
mailing list