Last active
August 29, 2015 14:27
-
-
Save orgads/d2681881668afb9cb08f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
No. Time Source Destination Protocol Length Info | |
3 0.302038 10.33.5.130 10.1.0.14 SMB 178 Trans2 Request, FIND_FIRST2, Pattern: \CompilationResults | |
Frame 3: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits) | |
Ethernet II, Src: Universa_47:01:18 (fc:4d:d4:47:01:18), Dst: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c) | |
Internet Protocol Version 4, Src: 10.33.5.130 (10.33.5.130), Dst: 10.1.0.14 (10.1.0.14) | |
Transmission Control Protocol, Src Port: 64227 (64227), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 124 | |
NetBIOS Session Service | |
SMB (Server Message Block Protocol) | |
SMB Header | |
Server Component: SMB | |
[Response in: 4] | |
SMB Command: Trans2 (0x32) | |
NT Status: STATUS_SUCCESS (0x00000000) | |
Flags: 0x18 | |
0... .... = Request/Response: Message is a request to the server | |
.0.. .... = Notify: Notify client only on open | |
..0. .... = Oplocks: OpLock not requested/granted | |
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized | |
.... 1... = Case Sensitivity: Path names are caseless | |
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted | |
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported | |
Flags2: 0xc807 | |
1... .... .... .... = Unicode Strings: Strings are Unicode | |
.1.. .... .... .... = Error Code Type: Error codes are NT error codes | |
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only | |
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs | |
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported | |
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path | |
.... .... .0.. .... = Long Names Used: Path names in request are not long file names | |
.... .... ...0 .... = Security Signatures Required: Security signatures are not required | |
.... .... .... 0... = Compressed: Compression is not requested | |
.... .... .... .1.. = Security Signatures: Security signatures are supported | |
.... .... .... ..1. = Extended Attributes: Extended attributes are supported | |
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response | |
Process ID High: 0 | |
Signature: 0000000000000000 | |
Reserved: 0000 | |
Tree ID: 1 | |
Process ID: 7572 | |
User ID: 1 | |
Multiplex ID: 2048 | |
Trans2 Request (0x32) | |
Word Count (WCT): 15 | |
Total Parameter Count: 52 | |
Total Data Count: 0 | |
Max Parameter Count: 10 | |
Max Data Count: 16384 | |
Max Setup Count: 0 | |
Reserved: 00 | |
Flags: 0x0000 | |
.... .... .... ..0. = One Way Transaction: Two way transaction | |
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID | |
Timeout: Return immediately (0) | |
Reserved: 0000 | |
Parameter Count: 52 | |
Parameter Offset: 68 | |
Data Count: 0 | |
Data Offset: 0 | |
Setup Count: 1 | |
Reserved: 00 | |
Subcommand: FIND_FIRST2 (0x0001) | |
Byte Count (BCC): 55 | |
Padding: 000000 | |
FIND_FIRST2 Parameters | |
Search Attributes: 0x0016 | |
.... .... .... ...0 = Read Only: Do NOT include read only files in search results | |
.... .... .... ..1. = Hidden: Include HIDDEN files in search results | |
.... .... .... .1.. = System: Include SYSTEM files in search results | |
.... .... .... 0... = Volume ID: Do NOT include volume IDs in search results | |
.... .... ...1 .... = Directory: Include DIRECTORIES in search results | |
.... .... ..0. .... = Archive: Do NOT include archive files in search results | |
Search Count: 1366 | |
Flags: 0x0007 | |
.... .... ...0 .... = Backup Intent: No backup intent | |
.... .... .... 0... = Continue: New search, do NOT continue from previous position | |
.... .... .... .1.. = Resume: Return RESUME keys | |
.... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached | |
.... .... .... ...1 = Close: CLOSE search after this request | |
Level of Interest: Find File Both Directory Info (260) | |
Storage Type: 0 | |
Search Pattern: \CompilationResults | |
No. Time Source Destination Protocol Length Info | |
4 0.303174 10.1.0.14 10.33.5.130 SMB 256 Trans2 Response, FIND_FIRST2, Files: CompilationResults | |
Frame 4: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits) | |
Ethernet II, Src: CheckPoi_3f:a9:5c (00:1c:7f:3f:a9:5c), Dst: Universa_47:01:18 (fc:4d:d4:47:01:18) | |
Internet Protocol Version 4, Src: 10.1.0.14 (10.1.0.14), Dst: 10.33.5.130 (10.33.5.130) | |
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 64227 (64227), Seq: 1, Ack: 125, Len: 202 | |
NetBIOS Session Service | |
SMB (Server Message Block Protocol) | |
SMB Header | |
Server Component: SMB | |
[Response to: 3] | |
[Time from request: 0.001136000 seconds] | |
SMB Command: Trans2 (0x32) | |
Error Class: Success (0x00) | |
Reserved: 00 | |
Error Code: No Error | |
Flags: 0x98 | |
1... .... = Request/Response: Message is a response to the client/redirector | |
.0.. .... = Notify: Notify client only on open | |
..0. .... = Oplocks: OpLock not requested/granted | |
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized | |
.... 1... = Case Sensitivity: Path names are caseless | |
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted | |
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported | |
Flags2: 0x8807 | |
1... .... .... .... = Unicode Strings: Strings are Unicode | |
.0.. .... .... .... = Error Code Type: Error codes are DOS error codes | |
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only | |
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs | |
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported | |
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path | |
.... .... .0.. .... = Long Names Used: Path names in request are not long file names | |
.... .... ...0 .... = Security Signatures Required: Security signatures are not required | |
.... .... .... 0... = Compressed: Compression is not requested | |
.... .... .... .1.. = Security Signatures: Security signatures are supported | |
.... .... .... ..1. = Extended Attributes: Extended attributes are supported | |
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response | |
Process ID High: 0 | |
Signature: 0000000000000000 | |
Reserved: 0000 | |
Tree ID: 1 | |
Process ID: 7572 | |
User ID: 1 | |
Multiplex ID: 2048 | |
Trans2 Response (0x32) | |
Subcommand: FIND_FIRST2 (0x0001) | |
[Level of Interest: Find File Both Directory Info (260)] | |
[Search Pattern: \CompilationResults] | |
Word Count (WCT): 10 | |
Total Parameter Count: 10 | |
Total Data Count: 132 | |
Reserved: 0000 | |
Parameter Count: 10 | |
Parameter Offset: 56 | |
Parameter Displacement: 0 | |
Data Count: 132 | |
Data Offset: 66 | |
Data Displacement: 0 | |
Setup Count: 0 | |
Reserved: 00 | |
Byte Count (BCC): 143 | |
Padding: 00 | |
FIND_FIRST2 Parameters | |
Level of Interest: Find File Both Directory Info (260) | |
Search ID: 0x0001 | |
Search Count: 1 | |
End Of Search: 1 | |
EA Error offset: 0 | |
Last Name Offset: 94 | |
FIND_FIRST2 Data | |
Find File Both Directory Info File: CompilationResults | |
Next Entry Offset: 132 | |
File Index: 0 | |
Created: Jan 27, 2015 22:03:32.770176900 Jerusalem Standard Time | |
Last Access: Aug 19, 2015 03:46:24.062238300 Jerusalem Daylight Time | |
Last Write: Jul 7, 2015 10:46:21.767213400 Jerusalem Daylight Time | |
Change: Jul 7, 2015 10:46:21.767213400 Jerusalem Daylight Time | |
End Of File: 0 | |
Allocation Size: 0 | |
File Attributes: 0x00000030 | |
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file | |
.... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service | |
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline | |
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file | |
.... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point | |
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file | |
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file | |
.... .... .... .... .... .... 0... .... = Normal: This file has some attribute set | |
.... .... .... .... .... .... .0.. .... = Device: This is NOT a device | |
.... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE | |
.... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY | |
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID | |
.... .... .... .... .... .... .... .0.. = System: This is NOT a system file | |
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file | |
.... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only | |
File Name Len: 36 | |
EA List Length: 0 | |
Short File Name Len: 16 | |
Reserved: 00 | |
Short File Name: COMPI~ZE | |
File Name: CompilationResults |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment