[ Pobierz całość w formacie PDF ]
.0 = Add 0 to LengthNBT: Packet Length = 170 (0xAA)NBT: SS Data: Number of data bytes remaining = 170 (0x00AA)SMB: C negotiate, Dialect = NT LM 0.12SMB: SMB Status = Error SuccessSMB: Error class = No ErrorSMB: Error code = No ErrorSMB: Header: PID = 0xCAFE TID = 0x0000 MID = 0x0000 UID = 0x0000SMB: Tree ID (TID) = 0 (0x0)SMB: Process ID (PID) = 51966 (0xCAFE)SMB: User ID (UID) = 0 (0x0)SMB: Multiplex ID (MID) = 0 (0x0)SMB: Flags Summary = 24 (0x18)SMB:.0 = Lock & Read and Write & Unlock not supportedSMB:.= Send No Ack not supportedSMB:.1.= Using caseless pathnamesSMB:.1.= Canonicalized pathnamesSMB:.= No Opportunistic lockSMB:.= No Change NotifySMB: 0.= Client commandSMB: flags2 Summary = 3 (0x3)SMB:.1 = Understands long filenamesSMB:.1.= Understands extended attributesSMB:.= No DFS capabilitiesSMB:.= No paging of IOSMB:.= Using SMB status codesSMB: 0.= Using ASCII stringsSMB: Command = C negotiateSMB: Word count = 0SMB: Byte count = 135SMB: Byte parametersSMB: Dialect Strings UnderstoodSMB: Dialect String = PC NETWORK PROGRAM 1.0SMB: Dialect String = XENIX CORESMB: Dialect String = MICROSOFT NETWORKS 1.03SMB: Dialect String = LANMAN1.0SMB: Dialect String = Windows for Workgroups 3.1aSMB: Dialect String = LM1.2X002SMB: Dialect String = LANMAN2.1SMB: Dialect String = NT LM 0.1200000: 00 60 08 36 71 DE 00 00 C0 7A 2D 5C 08 00 45 00.`.6q.z-\.E.00010: 00 D6 91 00 40 00 80 06 70 CF C7 F5 B4 01 C7 F5.@.p.00020: B4 65 04 09 00 8B 00 39 56 C6 00 45 C3 A5 50 18.e.9V.E.P.00030: 22 34 7D 00 00 00 00 00 00 AA FF 53 4D 42 72 00 "4}.SMBr.00040: 00 00 00 18 03 00 00 00 00 00 00 00 00 00 00 00.Rozdział 6194Rysunek 6.23Pakiet SMB C negotiate.Pakiet 5 (patrz rysunek 6.24) służy do utworzenia sesji, przekazanianazwy konta użytkownika (w tym przypadku konta administratora)i nazwy domeny, oraz do podłączenia się do zasobu o nazwie\\NSRVR\IPC$.06-24 FRAME: Base frame propertiesFRAME: Time of capture = May 9, 1998 18:11:7.83FRAME: Time delta from previous physical frame: 26 millisecondsFRAME: Frame number: 5FRAME: Total frame length: 324 bytesFRAME: Capture frame length: 324 bytesFRAME: Frame data: Number of data bytes remaining = 324 (0x0144)ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet ProtocolETHERNET: Destination address : 0060083671DEETHERNET:.0 = Individual addressETHERNET:.= Universally administered addressETHERNET: Source address : 0000C07A2D5CETHERNET:.0 = No routing information presentETHERNET:.= Universally administered addressETHERNET: Frame Length : 324 (0x0144)ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)ETHERNET: Ethernet Data: Number of data bytes remaining = 310 (0x0136)IP: ID = 0x9200; Proto = TCP; Len: 310IP: Version = 4 (0x4)IP: Header Length = 20 (0x14)IP: Service Type = 0 (0x0)IP: Precedence = RoutineIP:.= Normal DelayIP:.= Normal ThroughputIP:.= Normal ReliabilityIP: Total Length = 310 (0x136)IP: Identification = 37376 (0x9200)IP: Flags Summary = 2 (0x2)IP:.0 = Last fragment in datagramIP:.1.= Cannot fragment datagramIP: Fragment Offset = 0 (0x0) bytesIP: Time to Live = 128 (0x80)IP: Protocol = TCP - Transmission ControlIP: Checksum = 0x6F6FIP: Source Address = 199.245.180.1IP: Destination Address = 199.245.180.101IP: Data: Number of data bytes remaining = 290 (0x0122)TCP:.AP., len: 270, seq: 3757940-3758209, ack: 4572168, win: 8657, src: 1033dst: 139 (NBT Session)TCP: Source Port = 0x0409TCP: Destination Port = NETBIOS Session ServiceTCP: Sequence Number = 3757940 (0x395774)TCP: Acknowledgement Number = 4572168 (0x45C408)TCP: Data Offset = 20 (0x14)TCP: Reserved = 0 (0x0000)TCP: Flags = 0x18 :.AP.Z
ledzenie protokołu TCP/IP195TCP:.= No urgent dataTCP:.1.= Acknowledgement field significantTCP:.1.= Push functionTCP:.= No ResetTCP:.= No SynchronizeTCP:.0 = No FinTCP: Window = 8657 (0x21D1)TCP: Checksum = 0x7593TCP: Urgent Pointer = 0 (0x0)TCP: Data: Number of data bytes remaining = 270 (0x010E)NBT: SS: Session Message, Len: 266NBT: Packet Type = Session MessageNBT: Packet Flags = 0 (0x0)NBT:.0 = Add 0 to LengthNBT: Packet Length = 266 (0x10A)NBT: SS Data: Number of data bytes remaining = 266 (0x010A)SMB: C session setup & X, Username = Administrator, and C tree connect & X,Share = \\NTSRVR\IPC$SMB: SMB Status = Error SuccessSMB: Error class = No ErrorSMB: Error code = No ErrorSMB: Header: PID = 0xCAFE TID = 0x0000 MID = 0x0000 UID = 0x0000SMB: Tree ID (TID) = 0 (0x0)SMB: Process ID (PID) = 51966 (0xCAFE)SMB: User ID (UID) = 0 (0x0)SMB: Multiplex ID (MID) = 0 (0x0)SMB: Flags Summary = 24 (0x18)SMB:.0 = Lock & Read and Write & Unlock not supportedSMB:.= Send No Ack not supportedSMB:.1.= Using caseless pathnamesSMB:.1.= Canonicalized pathnamesSMB:.= No Opportunistic lockSMB:.= No Change NotifySMB: 0.= Client commandSMB: flags2 Summary = 32771 (0x8003)SMB:.1 = Understands long filenamesSMB:.1.= Understands extended attributesSMB:.= No DFS capabilitiesSMB:.= No paging of IOSMB:.= Using SMB status codesSMB: 1.= Using UNICODE stringsSMB: Command = C session setup & XSMB: Word count = 13SMB: Word parametersSMB: Next offset = 0x00DESMB: Max Buffer Size = 4356 (0x1104)SMB: Max MPX requests = 50SMB: VC number = 0SMB: Session Key = 0SMB: Password length = 24 (0x18)SMB: Unicode Password length = 24 (0x18)SMB: Capabilities = 212 (0xD4)SMB:.0 = No Raw Reads and Writes.SMB:.= No support for multiplexed commands.SMB:.1.= Supports UNICODE strings.SMB:.= Does not support large files.Rozdział 6196SMB:.1.= Supports the NT SMB extensions.SMB:.= RPC remote API's not supported.SMB:.1.= Recognizes NT Status codes.SMB:.1.= Supports level II oplocks.SMB:.= Does not support Lock and Read.SMB:.= Does not support NT Find.SMB:.= Does not support bulk transfers.SMB:.= Does not support compressed bulk transfers.SMB:.= This server is NOT DFS aware.SMB:.= ReadX responses must be withinnegotiated buffer sizes [ Pobierz całość w formacie PDF ]