[Samba] smbd uses 10 to 15% CPU w/Vista client
Ross Boylan
RossBoylan at stanfordalumni.org
Sun Sep 6 17:01:38 MDT 2009
For quite awhile I've noticed that smbd uses 10-15% of my CPU (Pentium
4) when nothing visible is going on. I have a couple of laptops on my
home network, and some experiments showing that powering on the Vista
laptop (other is OSX) is sufficient to raise useage from 0 to 10-15%.
The screen is locked, although 2 user accounts are logged in. Wireshark
seems to show a lot of chatter, particularly about the printers.
Can anyone explain what is going on or, even better, how to fix it?
I'm running samba 3.2.5 on Debian Lenny, linux 2.6.26-2-686 kernel. The
P4 has hyperthreading. I have not installed any printer drivers on the
server, though they are set up on the client.
Below is my smb.conf and then an excerpt from wireshark:
[global]
workgroup = Boylan
server string = %h server
wins support = yes
include = /etc/samba/dhcp.conf
dns proxy = no
interfaces = 127.0.0.0/8 ethfast
bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
printing = cups
printcap name = cups
socket options = TCP_NODELAY
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[download]
comment = Downloads
path = /usr/local/download
read only = No
packet capture:
No. Time Source Destination Protocol Info
1 0.000000 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=1 Ack=1 Win=41664 Len=0
2 0.006582 192.168.40.2 192.168.40.46 SMB Read AndX Response, 3032 bytes
3 0.006628 192.168.40.2 192.168.40.46 NBSS Session message
4 0.011062 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=1 Ack=3096 Win=4380 Len=0
5 0.011113 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 5 opnum: 26 ctx_id: 0
6 0.011233 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=3096 Ack=177 Win=41664 Len=0
7 0.015300 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 5 ctx_id: 0
8 0.019147 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
9 0.019199 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 6 opnum: 53 ctx_id: 0
10 0.019619 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=4220 Ack=2429 Win=41629 Len=0
11 0.024679 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724e
12 0.024708 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
13 0.029030 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=2429 Ack=6376 Win=4380 Len=0
14 0.030023 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
15 0.030048 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 7 opnum: 8 ctx_id: 0
16 0.030131 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=6376 Ack=4625 Win=41630 Len=0
17 0.043197 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 6 ctx_id: 0
18 0.043230 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
19 0.057041 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=4625 Ack=8524 Win=4380 Len=0
20 0.057097 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 8 opnum: 29 ctx_id: 0
21 0.057303 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 8 ctx_id: 0
22 0.060375 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x724e
23 0.060552 192.168.40.2 192.168.40.46 SMB Close Response
24 0.065014 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
25 0.066675 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
26 0.066702 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 8 ctx_id: 0
27 0.066779 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=8671 Ack=7722 Win=41664 Len=0
28 0.078417 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
29 0.078464 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
30 0.084065 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=9046 Ack=12867 Win=4380 Len=0
31 0.088682 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
32 0.088726 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
33 0.089142 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=12867 Ack=11966 Win=41624 Len=0
34 0.090003 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 5 opnum: 8 ctx_id: 0
35 0.100291 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0
36 0.100337 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
37 0.105033 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=13290 Ack=17063 Win=4380 Len=0
38 0.106295 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
39 0.106319 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
40 0.106408 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=17063 Ack=16210 Win=41624 Len=0
41 0.107386 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 6 opnum: 8 ctx_id: 0
42 0.117862 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
43 0.117904 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
44 0.122078 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=17534 Ack=19983 Win=4380 Len=0
45 0.128247 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
46 0.128293 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
47 0.128396 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=21259 Ack=20454 Win=41624 Len=0
48 0.129379 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 7 opnum: 8 ctx_id: 0
49 0.143838 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 6 ctx_id: 0
50 0.143884 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
51 0.149059 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=21778 Ack=24179 Win=4380 Len=0
52 0.151506 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
53 0.151536 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
54 0.152384 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=25455 Ack=24698 Win=41624 Len=0
55 0.152696 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 8 opnum: 8 ctx_id: 0
56 0.165166 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
57 0.165221 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
58 0.169365 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=26022 Ack=28375 Win=4380 Len=0
59 0.173998 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
60 0.174055 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
61 0.174677 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=29651 Ack=28942 Win=41624 Len=0
62 0.175285 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 9 opnum: 8 ctx_id: 0
63 0.185694 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 8 ctx_id: 0
64 0.185742 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
65 0.190075 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=30266 Ack=32571 Win=4380 Len=0
66 0.192350 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
67 0.192388 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
68 0.192585 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=33847 Ack=33186 Win=41624 Len=0
69 0.193571 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 10 opnum: 8 ctx_id: 0
70 0.204285 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
71 0.204357 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
72 0.209385 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=34510 Ack=36767 Win=4380 Len=0
73 0.212405 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
74 0.212444 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
75 0.212624 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=38043 Ack=37430 Win=41624 Len=0
76 0.213603 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 11 opnum: 8 ctx_id: 0
77 0.254651 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=38043 Ack=38754 Win=41664 Len=0
78 0.285690 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 10 ctx_id: 0
79 0.285726 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
80 0.290146 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=38754 Ack=40963 Win=4380 Len=0
81 0.293432 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
82 0.293454 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
83 0.293571 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=42239 Ack=41674 Win=41624 Len=0
84 0.294546 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 12 opnum: 8 ctx_id: 0
85 0.294599 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=42239 Ack=42998 Win=41664 Len=0
86 0.303569 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
87 0.303612 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
88 0.309064 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=42998 Ack=46435 Win=4380 Len=0
89 0.313960 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
90 0.313985 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
91 0.314143 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=46435 Ack=45918 Win=41624 Len=0
92 0.315124 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 13 opnum: 8 ctx_id: 0
93 0.325142 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 12 ctx_id: 0
94 0.325178 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
95 0.329278 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=47242 Ack=49355 Win=4380 Len=0
96 0.331377 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
97 0.331404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
98 0.331483 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=50631 Ack=50162 Win=41624 Len=0
99 0.332460 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 14 opnum: 8 ctx_id: 0
100 0.342030 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
101 0.342084 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
102 0.347080 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=51486 Ack=53551 Win=4380 Len=0
103 0.353399 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
104 0.353449 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
105 0.354106 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=54827 Ack=54406 Win=41624 Len=0
106 0.354398 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 15 opnum: 8 ctx_id: 0
107 0.359527 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 14 ctx_id: 0
108 0.359571 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
109 0.365321 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=55730 Ack=59023 Win=4380 Len=0
110 0.366356 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
111 0.370598 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
112 0.371683 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 16 opnum: 8 ctx_id: 0
113 0.373074 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=59023 Ack=58650 Win=41664 Len=0
114 0.381831 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
115 0.381878 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
116 0.387440 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=59974 Ack=61943 Win=4380 Len=0
117 0.392910 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
118 0.392963 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
119 0.393464 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=63219 Ack=62894 Win=41624 Len=0
120 0.394249 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 17 opnum: 8 ctx_id: 0
121 0.403604 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 16 ctx_id: 0
122 0.403650 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
123 0.409099 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=64218 Ack=67415 Win=4380 Len=0
124 0.410386 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
125 0.410410 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
126 0.410580 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=67415 Ack=67138 Win=41624 Len=0
127 0.411521 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 18 opnum: 8 ctx_id: 0
128 0.420971 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
129 0.421015 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
130 0.425231 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=68462 Ack=70335 Win=4380 Len=0
131 0.431796 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
132 0.431853 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
133 0.431966 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=71611 Ack=71382 Win=41624 Len=0
134 0.432945 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 19 opnum: 8 ctx_id: 0
135 0.447681 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 18 ctx_id: 0
136 0.447730 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
137 0.456977 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=72706 Ack=74531 Win=4380 Len=0
138 0.458019 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
139 0.458059 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
140 0.458804 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=75807 Ack=75626 Win=41624 Len=0
141 0.459320 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 20 opnum: 8 ctx_id: 0
142 0.469774 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
143 0.469820 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
144 0.475069 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=76950 Ack=78727 Win=4380 Len=0
145 0.481378 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
146 0.481435 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
147 0.482704 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 21 opnum: 8 ctx_id: 0
148 0.486583 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=80003 Ack=81194 Win=41603 Len=0
149 0.495941 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 20 ctx_id: 0
150 0.495981 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
151 0.501605 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=81194 Ack=82923 Win=4380 Len=0
152 0.504193 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
153 0.504227 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
154 0.504437 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=84199 Ack=84114 Win=41624 Len=0
155 0.505417 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 22 opnum: 8 ctx_id: 0
156 0.521496 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
157 0.521542 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
158 0.526067 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=85438 Ack=88395 Win=4380 Len=0
159 0.530065 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
160 0.531453 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
161 0.531482 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 23 opnum: 8 ctx_id: 0
162 0.531565 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=88395 Ack=88358 Win=41664 Len=0
163 0.546270 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 22 ctx_id: 0
164 0.546313 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
165 0.552063 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=89682 Ack=91315 Win=4380 Len=0
166 0.556396 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
167 0.556428 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
168 0.556587 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=92591 Ack=92602 Win=41624 Len=0
169 0.557567 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 24 opnum: 8 ctx_id: 0
170 0.564894 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
171 0.564938 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
172 0.570400 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=93926 Ack=95511 Win=4380 Len=0
173 0.576651 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
174 0.576685 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
175 0.576760 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=96787 Ack=96846 Win=41624 Len=0
176 0.577735 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 25 opnum: 8 ctx_id: 0
177 0.582815 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 24 ctx_id: 0
178 0.582856 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
179 0.587053 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=98170 Ack=99707 Win=4380 Len=0
180 0.589276 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
181 0.589309 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
182 0.589495 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=100983 Ack=101090 Win=41624 Len=0
183 0.590480 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 26 opnum: 8 ctx_id: 0
184 0.594962 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
185 0.594993 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
186 0.600148 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=102414 Ack=103903 Win=4380 Len=0
187 0.605175 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
188 0.605215 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
189 0.605451 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=105179 Ack=105334 Win=41624 Len=0
190 0.606437 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 27 opnum: 8 ctx_id: 0
191 0.611630 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 26 ctx_id: 0
192 0.611661 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
193 0.616028 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=106658 Ack=108099 Win=4380 Len=0
194 0.618265 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
195 0.618287 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
196 0.618399 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=109375 Ack=109578 Win=41624 Len=0
197 0.620497 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 28 opnum: 8 ctx_id: 0
198 0.624608 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
199 0.624636 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
200 0.629056 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=110902 Ack=112295 Win=4380 Len=0
201 0.657610 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
202 0.657660 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
203 0.658936 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 29 opnum: 8 ctx_id: 0
204 0.662242 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=113571 Ack=115146 Win=41603 Len=0
205 0.667235 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 28 ctx_id: 0
206 0.667264 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
207 0.672282 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=115146 Ack=116491 Win=4380 Len=0
208 0.674472 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
209 0.674495 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
210 0.674557 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=117767 Ack=118066 Win=41624 Len=0
211 0.675528 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 30 opnum: 8 ctx_id: 0
212 0.680324 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
213 0.680354 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
214 0.685102 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=119390 Ack=121963 Win=4380 Len=0
215 0.689017 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
216 0.689034 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
217 0.689091 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=121963 Ack=122310 Win=41624 Len=0
218 0.690063 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 31 opnum: 8 ctx_id: 0
219 0.695575 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 30 ctx_id: 0
220 0.695608 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
221 0.700182 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=123634 Ack=126159 Win=4380 Len=0
222 0.701276 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
223 0.701293 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
224 0.701650 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=126159 Ack=126554 Win=41624 Len=0
225 0.702550 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 32 opnum: 8 ctx_id: 0
226 0.706873 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
227 0.706903 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
228 0.712032 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=127878 Ack=129079 Win=4380 Len=0
229 0.716726 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
230 0.716751 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
231 0.716883 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=130355 Ack=130798 Win=41624 Len=0
232 0.717855 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 33 opnum: 8 ctx_id: 0
233 0.722440 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 32 ctx_id: 0
234 0.722469 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
235 0.727076 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=132122 Ack=134551 Win=4380 Len=0
236 0.728323 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
237 0.728340 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
238 0.728450 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=134551 Ack=135042 Win=41624 Len=0
239 0.729425 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 34 opnum: 8 ctx_id: 0
240 0.734483 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
241 0.734513 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
242 0.739027 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=136366 Ack=138747 Win=4380 Len=0
243 0.743805 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
244 0.745557 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
245 0.745594 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 35 opnum: 8 ctx_id: 0
246 0.745797 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=138747 Ack=139286 Win=41664 Len=0
247 0.751271 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 34 ctx_id: 0
248 0.751315 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
249 0.756131 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=140610 Ack=141667 Win=4380 Len=0
250 0.758358 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
251 0.758396 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
252 0.758478 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=142943 Ack=143530 Win=41624 Len=0
253 0.759453 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 36 opnum: 8 ctx_id: 0
254 0.765750 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
255 0.765794 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
256 0.770175 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=144854 Ack=145863 Win=4380 Len=0
257 0.775105 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
258 0.775127 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
259 0.775918 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=147139 Ack=147774 Win=41624 Len=0
260 0.776486 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 37 opnum: 8 ctx_id: 0
261 0.781074 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 36 ctx_id: 0
262 0.781111 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
263 0.785349 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=149098 Ack=150059 Win=4380 Len=0
264 0.788255 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
265 0.788277 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
266 0.788307 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=151335 Ack=152018 Win=41664 Len=0
267 0.789281 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 38 opnum: 8 ctx_id: 0
268 0.794246 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
269 0.794281 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
270 0.799301 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=153342 Ack=154255 Win=4380 Len=0
271 0.804689 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
272 0.804711 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
273 0.804744 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=155531 Ack=156262 Win=41624 Len=0
274 0.805720 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 39 opnum: 8 ctx_id: 0
275 0.810715 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 38 ctx_id: 0
276 0.810750 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
277 0.815079 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=157586 Ack=158451 Win=4380 Len=0
278 0.817341 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
279 0.818948 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
280 0.818969 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 40 opnum: 8 ctx_id: 0
281 0.818989 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=159727 Ack=160506 Win=41664 Len=0
282 0.824069 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
283 0.824106 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
284 0.828187 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=161830 Ack=162647 Win=4380 Len=0
285 0.833870 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
286 0.833897 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
287 0.833926 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=163923 Ack=164750 Win=41664 Len=0
288 0.857537 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 41 opnum: 8 ctx_id: 0
289 0.865095 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 40 ctx_id: 0
290 0.865149 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
291 0.870281 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=166074 Ack=166843 Win=4380 Len=0
292 0.872336 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
293 0.872356 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
294 0.872414 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=168119 Ack=168994 Win=41624 Len=0
295 0.874466 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 42 opnum: 8 ctx_id: 0
296 0.879091 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
297 0.879126 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
298 0.883358 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=170318 Ack=171039 Win=4380 Len=0
299 0.889336 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
300 0.889363 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
301 0.889500 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=172315 Ack=173238 Win=41624 Len=0
302 0.890475 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 43 opnum: 8 ctx_id: 0
303 0.896076 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 42 ctx_id: 0
304 0.896109 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
305 0.900427 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=174562 Ack=175235 Win=4380 Len=0
306 0.902856 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
307 0.904285 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
308 0.904311 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 44 opnum: 8 ctx_id: 0
309 0.904449 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=176511 Ack=177482 Win=41664 Len=0
310 0.909601 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
311 0.909643 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
312 0.915109 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=178806 Ack=180707 Win=4380 Len=0
313 0.919928 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
314 0.919964 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
315 0.919995 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=180707 Ack=181726 Win=41624 Len=0
316 0.920979 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 45 opnum: 8 ctx_id: 0
317 0.925794 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 44 ctx_id: 0
318 0.925829 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
319 0.931484 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=183050 Ack=183627 Win=4380 Len=0
320 0.933345 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
321 0.933364 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
322 0.933395 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=184903 Ack=185970 Win=41664 Len=0
323 0.934375 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 46 opnum: 8 ctx_id: 0
324 0.941423 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
325 0.941462 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
326 0.946097 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=187294 Ack=189099 Win=4380 Len=0
327 0.951723 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
328 0.951752 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
329 0.951785 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=189099 Ack=190214 Win=41624 Len=0
330 0.952761 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 47 opnum: 8 ctx_id: 0
331 0.958879 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 46 ctx_id: 0
332 0.958917 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
333 0.964062 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=191538 Ack=192019 Win=4380 Len=0
334 0.966283 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
335 0.966307 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
336 0.966336 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=193295 Ack=194458 Win=41624 Len=0
337 0.968430 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 48 opnum: 8 ctx_id: 0
338 0.972936 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c
339 0.972973 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
340 0.977109 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=195782 Ack=196215 Win=4380 Len=0
341 0.981692 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 49 opnum: 29 ctx_id: 0
342 0.981812 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 49 ctx_id: 0
343 0.985307 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x724c
344 0.985406 192.168.40.2 192.168.40.46 SMB Close Response
345 1.002377 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x724f, Path: \spoolss
346 1.002522 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x724f
347 1.005342 192.168.40.46 192.168.40.2 SMB Trans2 Request, QUERY_FILE_INFO, FID: 0x724f, Query File Standard Info
348 1.005404 192.168.40.2 192.168.40.46 SMB Trans2 Response, FID: 0x724f, QUERY_FILE_INFO
349 1.008716 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0
350 1.008797 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x724f, 116 bytes
351 1.012007 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x724f, 1024 bytes at offset 0
352 1.012072 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
353 1.016831 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
354 1.018438 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
355 1.018453 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter
356 1.018470 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=198047 Ack=199308 Win=41664 Len=0
357 1.018803 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response
358 1.023767 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
359 1.023804 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
360 1.023906 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=198155 Ack=202398 Win=41624 Len=0
361 1.024887 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 4
362 1.027236 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f
363 1.030310 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x724f, 3112 bytes at offset 0
364 1.030379 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x724f, 3112 bytes
365 1.030410 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
366 1.045975 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=203785 Ack=202414 Win=4380 Len=0
367 1.057272 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x7250, Path: \spoolss
368 1.057514 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x7250
369 1.060691 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0
370 1.060858 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7250, 116 bytes
371 1.063225 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 1024 bytes at offset 0
372 1.063308 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
373 1.066368 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter
374 1.066719 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response
375 1.069332 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 2
376 1.069450 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 2[Malformed Packet]
377 1.072267 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1
378 1.072429 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 1, Insufficient buffer
379 1.077031 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
380 1.077059 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
381 1.077205 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=203051 Ack=207644 Win=41624 Len=0
382 1.078179 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #386]
383 1.078247 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7250, 4280 bytes
384 1.081950 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
385 1.085141 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
386 1.085157 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1
387 1.085208 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=203102 Ack=211992 Win=41664 Len=0
388 1.085630 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250
389 1.089641 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 3256 bytes at offset 0
390 1.089715 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x7250, 3256 bytes
391 1.089739 192.168.40.2 192.168.40.46 NBSS Session message
392 1.095306 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=212271 Ack=207505 Win=4380 Len=0
393 1.095345 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 4280 bytes at offset 0
394 1.095618 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited during capture]
395 1.095651 192.168.40.2 192.168.40.46 NBSS Session message
396 1.100253 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=212334 Ack=210600 Win=4380 Len=0
397 1.100284 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterData request, DriverPolicy
398 1.103251 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250
399 1.150697 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
400 1.150746 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6
401 1.150877 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=211724 Ack=214762 Win=41629 Len=0
402 1.153560 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250
403 1.153580 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
404 1.158511 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=214762 Ack=213880 Win=4380 Len=0
405 1.159517 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
406 1.161046 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
407 1.161112 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=213880 Ack=216958 Win=41664 Len=0
408 1.165602 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment]
409 1.165629 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
410 1.170331 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=216958 Ack=216028 Win=4380 Len=0
411 1.170362 192.168.40.46 192.168.40.2 SPOOLSS ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter)
412 1.170476 192.168.40.2 192.168.40.46 SPOOLSS ClosePrinter response
413 1.174272 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x7250
414 1.174381 192.168.40.2 192.168.40.46 SMB Close Response, FID: 0x7250
415 1.178137 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
416 1.185481 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f
417 1.191104 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x7251, Path: \spoolss
418 1.230649 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=217575 Ack=218689 Win=41663 Len=0
419 1.277782 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x7251
420 1.280815 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0
421 1.280929 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=217714 Ack=218873 Win=41664 Len=0
422 1.281036 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7251, 116 bytes
423 1.284284 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 1024 bytes at offset 0
424 1.284413 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
425 1.287843 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter
426 1.288865 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response
427 1.292489 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 2
428 1.292671 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 2[Malformed Packet]
429 1.295277 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1
430 1.295537 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 1, Insufficient buffer
431 1.299053 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
432 1.299086 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
433 1.299275 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=218212 Ack=222442 Win=41624 Len=0
434 1.300254 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #438]
435 1.300345 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7251, 4280 bytes
436 1.304004 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
437 1.304036 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
438 1.304049 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1
439 1.304208 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=218263 Ack=227006 Win=41615 Len=0
440 1.304612 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251
441 1.308260 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 3256 bytes at offset 0
442 1.309801 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x7251, 3256 bytes
443 1.309841 192.168.40.2 192.168.40.46 NBSS Session message
444 1.314107 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=227069 Ack=222666 Win=4380 Len=0
445 1.314146 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 4280 bytes at offset 0
446 1.314250 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited during capture]
447 1.314283 192.168.40.2 192.168.40.46 NBSS Session message
448 1.319136 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=227132 Ack=225586 Win=4380 Len=0
449 1.320898 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterData request, DriverPolicy
450 1.325622 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251
451 1.330052 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
452 1.330106 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6
453 1.332777 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=226885 Ack=229560 Win=41629 Len=0
454 1.336101 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251
455 1.336134 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
456 1.340311 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=229560 Ack=229041 Win=4380 Len=0
457 1.340361 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
458 1.341426 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
459 1.341488 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=229041 Ack=231756 Win=41664 Len=0
460 1.347994 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment]
461 1.348026 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
462 1.352066 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=231756 Ack=231189 Win=4380 Len=0
463 1.352118 192.168.40.46 192.168.40.2 SPOOLSS ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter)
464 1.352286 192.168.40.2 192.168.40.46 SPOOLSS ClosePrinter response
465 1.355312 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x7251
466 1.355523 192.168.40.2 192.168.40.46 SMB Close Response, FID: 0x7251
467 1.359978 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
468 1.360034 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
469 1.360115 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=231336 Ack=234853 Win=41624 Len=0
470 1.361095 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
471 1.367772 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 4
472 1.367816 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
473 1.372052 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=236177 Ack=234256 Win=4380 Len=0
474 1.377397 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
475 1.377452 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
476 1.377529 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=235532 Ack=239097 Win=41624 Len=0
477 1.378507 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
478 1.384936 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f
479 1.384979 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
480 1.390270 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=240421 Ack=238452 Win=4380 Len=0
481 1.392365 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
482 1.392404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
483 1.392474 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=239728 Ack=243341 Win=41624 Len=0
484 1.393452 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
485 1.402976 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 2
486 1.403018 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
487 1.407124 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=244665 Ack=242648 Win=4380 Len=0
488 1.413401 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
489 1.413458 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
490 1.413538 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=243924 Ack=247585 Win=41624 Len=0
491 1.414515 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
492 1.422727 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f
493 1.422768 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
494 1.427092 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=248909 Ack=246844 Win=4380 Len=0
495 1.429404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
496 1.430888 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU]
497 1.430918 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2
498 1.430983 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=248120 Ack=251829 Win=41664 Len=0
499 1.437383 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 2
500 1.437427 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message
More information about the samba
mailing list