orgads/aclnas-works.txt

## aclnas-works.txt
No.     Time        Source                Destination           Protocol Length Info
      3 0.302038    10.33.5.130           10.1.0.14             SMB      178    Trans2 Request, FIND_FIRST2, Pattern: \CompilationResults

Frame 3: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits)
Ethernet II, Src: Universa_47:01:18 (fc:4d:d4:47:01:18), Dst: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c)
Internet Protocol Version 4, Src: 10.33.5.130 (10.33.5.130), Dst: 10.1.0.14 (10.1.0.14)
Transmission Control Protocol, Src Port: 64227 (64227), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 124
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        [Response in: 4]
        SMB Command: Trans2 (0x32)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc807
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .0.. .... = Long Names Used: Path names in request are not long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .1.. = Security Signatures: Security signatures are supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 1
        Process ID: 7572
        User ID: 1
        Multiplex ID: 2048
    Trans2 Request (0x32)
        Word Count (WCT): 15
        Total Parameter Count: 52
        Total Data Count: 0
        Max Parameter Count: 10
        Max Data Count: 16384
        Max Setup Count: 0
        Reserved: 00
        Flags: 0x0000
            .... .... .... ..0. = One Way Transaction: Two way transaction
            .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
        Timeout: Return immediately (0)
        Reserved: 0000
        Parameter Count: 52
        Parameter Offset: 68
        Data Count: 0
        Data Offset: 0
        Setup Count: 1
        Reserved: 00
        Subcommand: FIND_FIRST2 (0x0001)
        Byte Count (BCC): 55
        Padding: 000000
        FIND_FIRST2 Parameters
            Search Attributes: 0x0016
                .... .... .... ...0 = Read Only: Do NOT include read only files in search results
                .... .... .... ..1. = Hidden: Include HIDDEN files in search results
                .... .... .... .1.. = System: Include SYSTEM files in search results
                .... .... .... 0... = Volume ID: Do NOT include volume IDs in search results
                .... .... ...1 .... = Directory: Include DIRECTORIES in search results
                .... .... ..0. .... = Archive: Do NOT include archive files in search results
            Search Count: 1366
            Flags: 0x0007
                .... .... ...0 .... = Backup Intent: No backup intent
                .... .... .... 0... = Continue: New search, do NOT continue from previous position
                .... .... .... .1.. = Resume: Return RESUME keys
                .... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached
                .... .... .... ...1 = Close: CLOSE search after this request
            Level of Interest: Find File Both Directory Info (260)
            Storage Type: 0
            Search Pattern: \CompilationResults

No.     Time        Source                Destination           Protocol Length Info
      4 0.303174    10.1.0.14             10.33.5.130           SMB      256    Trans2 Response, FIND_FIRST2, Files: CompilationResults

Frame 4: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Ethernet II, Src: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c), Dst: Universa_47:01:18 (fc:4d:d4:47:01:18)
Internet Protocol Version 4, Src: 10.1.0.14 (10.1.0.14), Dst: 10.33.5.130 (10.33.5.130)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 64227 (64227), Seq: 1, Ack: 125, Len: 202
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        [Response to: 3]
        [Time from request: 0.001136000 seconds]
        SMB Command: Trans2 (0x32)
        Error Class: Success (0x00)
        Reserved: 00
        Error Code: No Error
        Flags: 0x98
            1... .... = Request/Response: Message is a response to the client/redirector
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0x8807
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .0.. .... .... .... = Error Code Type: Error codes are DOS error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .0.. .... = Long Names Used: Path names in request are not long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .1.. = Security Signatures: Security signatures are supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 1
        Process ID: 7572
        User ID: 1
        Multiplex ID: 2048
    Trans2 Response (0x32)
        Subcommand: FIND_FIRST2 (0x0001)
        [Level of Interest: Find File Both Directory Info (260)]
        [Search Pattern: \CompilationResults]
        Word Count (WCT): 10
        Total Parameter Count: 10
        Total Data Count: 132
        Reserved: 0000
        Parameter Count: 10
        Parameter Offset: 56
        Parameter Displacement: 0
        Data Count: 132
        Data Offset: 66
        Data Displacement: 0
        Setup Count: 0
        Reserved: 00
        Byte Count (BCC): 143
        Padding: 00
        FIND_FIRST2 Parameters
            Level of Interest: Find File Both Directory Info (260)
            Search ID: 0x0001
            Search Count: 1
            End Of Search: 1
            EA Error offset: 0
            Last Name Offset: 94
        FIND_FIRST2 Data
            Find File Both Directory Info File: CompilationResults
                Next Entry Offset: 132
                File Index: 0
                Created: Jan 27, 2015 22:03:32.770176900 Jerusalem Standard Time
                Last Access: Aug 19, 2015 03:46:24.062238300 Jerusalem Daylight Time
                Last Write: Jul  7, 2015 10:46:21.767213400 Jerusalem Daylight Time
                Change: Jul  7, 2015 10:46:21.767213400 Jerusalem Daylight Time
                End Of File: 0
                Allocation Size: 0
                File Attributes: 0x00000030
                    .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
                    .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
                    .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
                    .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
                    .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
                    .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
                    .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
                    .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
                    .... .... .... .... .... .... .0.. .... = Device: This is NOT a device
                    .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
                    .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
                    .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
                    .... .... .... .... .... .... .... .0.. = System: This is NOT a system file
                    .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
                    .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
                File Name Len: 36
                EA List Length: 0
                Short File Name Len: 16
                Reserved: 00
                Short File Name: COMPI~ZE
                File Name: CompilationResults
	No. Time Source Destination Protocol Length Info
	3 0.302038 10.33.5.130 10.1.0.14 SMB 178 Trans2 Request, FIND_FIRST2, Pattern: \CompilationResults

	Frame 3: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits)
	Ethernet II, Src: Universa_47:01:18 (fc:4d:d4:47:01:18), Dst: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c)
	Internet Protocol Version 4, Src: 10.33.5.130 (10.33.5.130), Dst: 10.1.0.14 (10.1.0.14)
	Transmission Control Protocol, Src Port: 64227 (64227), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 124
	NetBIOS Session Service
	SMB (Server Message Block Protocol)
	SMB Header
	Server Component: SMB
	[Response in: 4]
	SMB Command: Trans2 (0x32)
	NT Status: STATUS_SUCCESS (0x00000000)
	Flags: 0x18
	0... .... = Request/Response: Message is a request to the server
	.0.. .... = Notify: Notify client only on open
	..0. .... = Oplocks: OpLock not requested/granted
	...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
	.... 1... = Case Sensitivity: Path names are caseless
	.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
	.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc807
	1... .... .... .... = Unicode Strings: Strings are Unicode
	.1.. .... .... .... = Error Code Type: Error codes are NT error codes
	..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
	...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
	.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
	.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
	.... .... .0.. .... = Long Names Used: Path names in request are not long file names
	.... .... ...0 .... = Security Signatures Required: Security signatures are not required
	.... .... .... 0... = Compressed: Compression is not requested
	.... .... .... .1.. = Security Signatures: Security signatures are supported
	.... .... .... ..1. = Extended Attributes: Extended attributes are supported
	.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 1
	Process ID: 7572
	User ID: 1
	Multiplex ID: 2048
	Trans2 Request (0x32)
	Word Count (WCT): 15
	Total Parameter Count: 52
	Total Data Count: 0
	Max Parameter Count: 10
	Max Data Count: 16384
	Max Setup Count: 0
	Reserved: 00
	Flags: 0x0000
	.... .... .... ..0. = One Way Transaction: Two way transaction
	.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
	Timeout: Return immediately (0)
	Reserved: 0000
	Parameter Count: 52
	Parameter Offset: 68
	Data Count: 0
	Data Offset: 0
	Setup Count: 1
	Reserved: 00
	Subcommand: FIND_FIRST2 (0x0001)
	Byte Count (BCC): 55
	Padding: 000000
	FIND_FIRST2 Parameters
	Search Attributes: 0x0016
	.... .... .... ...0 = Read Only: Do NOT include read only files in search results
	.... .... .... ..1. = Hidden: Include HIDDEN files in search results
	.... .... .... .1.. = System: Include SYSTEM files in search results
	.... .... .... 0... = Volume ID: Do NOT include volume IDs in search results
	.... .... ...1 .... = Directory: Include DIRECTORIES in search results
	.... .... ..0. .... = Archive: Do NOT include archive files in search results
	Search Count: 1366
	Flags: 0x0007
	.... .... ...0 .... = Backup Intent: No backup intent
	.... .... .... 0... = Continue: New search, do NOT continue from previous position
	.... .... .... .1.. = Resume: Return RESUME keys
	.... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached
	.... .... .... ...1 = Close: CLOSE search after this request
	Level of Interest: Find File Both Directory Info (260)
	Storage Type: 0
	Search Pattern: \CompilationResults

	No. Time Source Destination Protocol Length Info
	4 0.303174 10.1.0.14 10.33.5.130 SMB 256 Trans2 Response, FIND_FIRST2, Files: CompilationResults

	Frame 4: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
	Ethernet II, Src: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c), Dst: Universa_47:01:18 (fc:4d:d4:47:01:18)
	Internet Protocol Version 4, Src: 10.1.0.14 (10.1.0.14), Dst: 10.33.5.130 (10.33.5.130)
	Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 64227 (64227), Seq: 1, Ack: 125, Len: 202
	NetBIOS Session Service
	SMB (Server Message Block Protocol)
	SMB Header
	Server Component: SMB
	[Response to: 3]
	[Time from request: 0.001136000 seconds]
	SMB Command: Trans2 (0x32)
	Error Class: Success (0x00)
	Reserved: 00
	Error Code: No Error
	Flags: 0x98
	1... .... = Request/Response: Message is a response to the client/redirector
	.0.. .... = Notify: Notify client only on open
	..0. .... = Oplocks: OpLock not requested/granted
	...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
	.... 1... = Case Sensitivity: Path names are caseless
	.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
	.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0x8807
	1... .... .... .... = Unicode Strings: Strings are Unicode
	.0.. .... .... .... = Error Code Type: Error codes are DOS error codes
	..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
	...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
	.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
	.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
	.... .... .0.. .... = Long Names Used: Path names in request are not long file names
	.... .... ...0 .... = Security Signatures Required: Security signatures are not required
	.... .... .... 0... = Compressed: Compression is not requested
	.... .... .... .1.. = Security Signatures: Security signatures are supported
	.... .... .... ..1. = Extended Attributes: Extended attributes are supported
	.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 1
	Process ID: 7572
	User ID: 1
	Multiplex ID: 2048
	Trans2 Response (0x32)
	Subcommand: FIND_FIRST2 (0x0001)
	[Level of Interest: Find File Both Directory Info (260)]
	[Search Pattern: \CompilationResults]
	Word Count (WCT): 10
	Total Parameter Count: 10
	Total Data Count: 132
	Reserved: 0000
	Parameter Count: 10
	Parameter Offset: 56
	Parameter Displacement: 0
	Data Count: 132
	Data Offset: 66
	Data Displacement: 0
	Setup Count: 0
	Reserved: 00
	Byte Count (BCC): 143
	Padding: 00
	FIND_FIRST2 Parameters
	Level of Interest: Find File Both Directory Info (260)
	Search ID: 0x0001
	Search Count: 1
	End Of Search: 1
	EA Error offset: 0
	Last Name Offset: 94
	FIND_FIRST2 Data
	Find File Both Directory Info File: CompilationResults
	Next Entry Offset: 132
	File Index: 0
	Created: Jan 27, 2015 22:03:32.770176900 Jerusalem Standard Time
	Last Access: Aug 19, 2015 03:46:24.062238300 Jerusalem Daylight Time
	Last Write: Jul 7, 2015 10:46:21.767213400 Jerusalem Daylight Time
	Change: Jul 7, 2015 10:46:21.767213400 Jerusalem Daylight Time
	End Of File: 0
	Allocation Size: 0
	File Attributes: 0x00000030
	.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file
	.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service
	.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline
	.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file
	.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point
	.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file
	.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file
	.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set
	.... .... .... .... .... .... .0.. .... = Device: This is NOT a device
	.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE
	.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY
	.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID
	.... .... .... .... .... .... .... .0.. = System: This is NOT a system file
	.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file
	.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only
	File Name Len: 36
	EA List Length: 0
	Short File Name Len: 16
	Reserved: 00
	Short File Name: COMPI~ZE
	File Name: CompilationResults