1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
1 2016-11-30 15:35:08.640523 IP (tos 0x0, ttl 128, id 376, offset 0, flags [DF], proto TCP (6), length 128)
192.168.56.55.445 > 192.168.56.119.49199: Flags [P.], cksum 0x3e2f (incorrect -> 0x3d49), seq 4267808374:4267808462, ack 628292694, win 63102, length 88
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0xFF
Flags2 = 0x7
Tree ID = 2048 (0x800)
Proc ID = 2848 (0xb20)
UID = 4098 (0x1002)
MID = 1616 (0x650)
Word Count = 10 (0xa)
TRANSACT2_OPEN param_length=2 data_length=24
TotParam=2 (0x2)
TotData=24 (0x18)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=24 (0x18)
DataOff=60 (0x3c)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=29
Handle=0 (0x0)
Attrib=Data=
Data: (24 bytes)
[000] 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 ^@^@^K^@^@^@^@^@ ^@^@^@^@^@^@^@^@
[010] 01 00 00 00 00 00 00 00 ^A^@^@^@^@^@^@^@
2 2016-11-30 15:35:08.640906 IP (tos 0x0, ttl 128, id 632, offset 0, flags [DF], proto TCP (6), length 114)
192.168.56.119.49199 > 192.168.56.55.445: Flags [P.], cksum 0x2437 (correct), seq 1:75, ack 88, win 254, length 74
SMB PACKET: SMBtrans2 (REQUEST)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x18
Flags2 = 0x7
Tree ID = 2048 (0x800)
Proc ID = 2848 (0xb20)
UID = 4098 (0x1002)
MID = 1632 (0x660)
Word Count = 15 (0xf)
TRANSACT2_QFSINFO param_length=2 data_length=0
TotParam=2 (0x2)
TotData=0 (0x0)
MaxParam=0 (0x0)
MaxData=560 (0x230)
MaxSetup=0 (0x0)
Flags=0x0
TimeOut=0 (0x0)
Res1=0x0
ParamCnt=2 (0x2)
ParamOff=68 (0x44)
DataCnt=0 (0x0)
DataOff=0 (0x0)
SetupCnt=1 (0x1)
smb_bcc=5
InfoLevel=261 (0x105)
3 2016-11-30 15:35:08.641033 IP (tos 0x0, ttl 128, id 377, offset 0, flags [DF], proto TCP (6), length 120)
192.168.56.55.445 > 192.168.56.119.49199: Flags [P.], cksum 0xf1fb (incorrect -> 0x1559), seq 88:168, ack 75, win 63028, length 80
SMB PACKET: SMBtrans2 (REPLY)
SMB Command = 0x32
Error class = 0x0
Error code = 0 (0x0)
Flags1 = 0x98
Flags2 = 0x7
Tree ID = 0 (0x0)
Proc ID = 0 (0x0)
UID = 0 (0x0)
MID = 0 (0x0)
Word Count = 11 (0xb)
TRANSACT2_QFSINFO param_length=0 data_length=20
TotParam=0 (0x0)
TotData=0 (0x0)
Res1=0x0
ParamCnt=0 (0x0)
ParamOff=56 (0x38)
ParamDisp0 (0x0)
DataCnt=20 (0x14)
DataOff=56 (0x38)
DataDisp=0 (0x0)
SetupCnt=0 (0x0)
smb_bcc=65280
Capabilities=0x700FF
MaxFileLen=255 (0xff)
VolNameLen=4278190088
Volume=... [|smb]
data:
[000] FF 00 07 00 FF 00 00 00 08 00 00 FF FF FF FF 00 M-^?^@^G^@M-^?^@^@^@ ^H^@^@M-^?M-^?M-^?M-^?^@
[010] 46 00 53 00 F^@S^@
4 2038-01-01 00:00:00.000000 IP (tos 0x0, ttl 128, id 633, offset 0, flags [DF], proto TCP (6), length 116)
192.168.56.119.49199 > 192.168.56.55.445: Flags [P.], cksum 0x2253 (incorrect -> 0x229b), seq 75:151, ack 168, win 253, length 76 SMB-over-TCP packet:(raw data or continuation?)
|