17:17:02.226903 192.168.1.15.33251 > 192.168.1.13.139: P [tcp sum ok] 694775992:694776034(42) ack 77116033 win 26136 >>> NBT Packet NBT Session Packet Flags=0x0 Length=38 (0x26) SMB PACKET: SMBchkpth (REQUEST) SMB Command = 0x10 Error class = 0x0 Error code = 0 (0x0) Flags1 = 0x8 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 5 (0x5) Word Count = 0 (0x0) smbbuf[]= Path=\ (DF) (ttl 64, id 54817, len 82) 0x0000 4500 0052 d621 4000 4006 e117 c0a8 010f E..R.!@.@....... 0x0010 c0a8 010d 81e3 008b 2969 70b8 0498 b281 ........)ip..... 0x0020 5018 6618 5cc7 0000 0000 0026 ff53 4d42 P.f.\......&.SMB 0x0030 1000 0000 0008 0108 0000 0000 0000 0000 ................ 0x0040 0000 0000 03c0 d318 0000 0500 0003 0004 ................ 0x0050 5c00 \. 17:17:02.227276 192.168.1.13.139 > 192.168.1.15.33251: P [tcp sum ok] 1:40(39) ack 42 win 63748 >>> NBT Packet NBT Session Packet Flags=0x0 Length=35 (0x23) SMB PACKET: SMBchkpth (REPLY) SMB Command = 0x10 Error class = 0x0 Error code = 0 (0x0) Flags1 = 0x88 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 5 (0x5) Word Count = 0 (0x0) smb_bcc=0 (DF) (ttl 128, id 10976, len 79) 0x0000 4500 004f 2ae0 4000 8006 4c5c c0a8 010d E..O*.@...L\.... 0x0010 c0a8 010f 008b 81e3 0498 b281 2969 70e2 ............)ip. 0x0020 5018 f904 253e 0000 0000 0023 ff53 4d42 P...%>.....#.SMB 0x0030 1000 0000 0088 0108 0000 0000 0000 0000 ................ 0x0040 0000 0000 03c0 d318 0000 0500 0000 00 ............... 17:17:02.326508 192.168.1.15.33251 > 192.168.1.13.139: . [tcp sum ok] 42:42(0) ack 40 win 26136 (DF) (ttl 64, id 54818, len 40) 0x0000 4500 0028 d622 4000 4006 e140 c0a8 010f E..(."@.@..@.... 0x0010 c0a8 010d 81e3 008b 2969 70e2 0498 b2a8 ........)ip..... 0x0020 5010 6618 f254 0000 P.f..T.. 17:17:02.895528 192.168.1.15.33251 > 192.168.1.13.139: P [tcp sum ok] 42:143(101) ack 40 win 26136 >>> NBT Packet NBT Session Packet Flags=0x0 Length=97 (0x61) SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 (0x0) Flags1 = 0x8 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 6 (0x6) Word Count = 15 (0xf) TRANSACT2_QPATHINFO param_length=29 data_length=0 TotParam=29 (0x1d) TotData=0 (0x0) MaxParam=2 (0x2) MaxData=2920 (0xb68) MaxSetup=0 (0x0) Flags=0x0 TimeOut=0 (0x0) Res1=0x0 ParamCnt=29 (0x1d) ParamOff=68 (0x44) DataCnt=0 (0x0) DataOff=97 (0x61) SetupCnt=1 (0x1) TransactionName=Paramaters= Data: (29 bytes) [000] 01 01 00 00 00 00 5C 6F 6E 6F 2D 73 65 6E 64 61 ......\o no-senda [010] 69 5C 63 5C 5C 77 69 6E 64 6F 77 73 00 i\c\\win dows. Data= (DF) (ttl 64, id 54819, len 141) 0x0000 4500 008d d623 4000 4006 e0da c0a8 010f E....#@.@....... 0x0010 c0a8 010d 81e3 008b 2969 70e2 0498 b2a8 ........)ip..... 0x0020 5018 6618 03d4 0000 0000 0061 ff53 4d42 P.f........a.SMB 0x0030 3200 0000 0008 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0600 0f1d 0000 ................ 0x0050 0002 0068 0b00 0000 0000 0000 0000 001d ...h............ 0x0060 0044 0000 0061 0001 0005 0020 0000 4420 .D...a........D. 0x0070 0101 0000 0000 5c6f 6e6f 2d73 656e 6461 ......\ono-senda 0x0080 695c 635c 5c77 696e 646f 7773 00 i\c\\windows. 17:17:02.895902 192.168.1.13.139 > 192.168.1.15.33251: P [tcp sum ok] 40:102(62) ack 143 win 63647 >>> NBT Packet NBT Session Packet Flags=0x0 Length=58 (0x3a) SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x1 Error code = 1 (0x1) Flags1 = 0x88 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 6 (0x6) Word Count = 10 (0xa) SMBError = ERRDOS - ERRbadfunc (Invalid function.) TRANSACT2_QPATHINFO param_length=2 data_length=0 TotParam=2 (0x2) TotData=0 (0x0) Res1=0x0 ParamCnt=2 (0x2) ParamOff=55 (0x37) ParamDisp0 (0x0) DataCnt=0 (0x0) DataOff=58 (0x3a) DataDisp=0 (0x0) SetupCnt=0 (0x0) Paramaters= Data: (2 bytes) [000] 00 00 .. Data= (DF) (ttl 128, id 11232, len 102) 0x0000 4500 0066 2be0 4000 8006 4b45 c0a8 010d E..f+.@...KE.... 0x0010 c0a8 010f 008b 81e3 0498 b2a8 2969 7147 ............)iqG 0x0020 5018 f89f f70d 0000 0000 003a ff53 4d42 P..........:.SMB 0x0030 3201 0001 0088 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0600 0a02 0000 ................ 0x0050 0000 0002 0037 0000 0000 003a 0000 0000 .....7.....:.... 0x0060 0003 0000 0061 .....a 17:17:02.995567 192.168.1.15.33251 > 192.168.1.13.139: . [tcp sum ok] 143:143(0) ack 102 win 26136 (DF) (ttl 64, id 54820, len 40) 0x0000 4500 0028 d624 4000 4006 e13e c0a8 010f E..(.$@.@..>.... 0x0010 c0a8 010d 81e3 008b 2969 7147 0498 b2e6 ........)iqG.... 0x0020 5010 6618 f1b1 0000 P.f..... 17:17:04.547547 192.168.1.15.33251 > 192.168.1.13.139: P [tcp sum ok] 143:236(93) ack 102 win 26136 >>> NBT Packet NBT Session Packet Flags=0x0 Length=89 (0x59) SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 (0x0) Flags1 = 0x8 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 7 (0x7) Word Count = 15 (0xf) TRANSACT2_QPATHINFO param_length=21 data_length=0 TotParam=21 (0x15) TotData=0 (0x0) MaxParam=2 (0x2) MaxData=2920 (0xb68) MaxSetup=0 (0x0) Flags=0x0 TimeOut=0 (0x0) Res1=0x0 ParamCnt=21 (0x15) ParamOff=68 (0x44) DataCnt=0 (0x0) DataOff=89 (0x59) SetupCnt=1 (0x1) TransactionName=Paramaters= Data: (21 bytes) [000] 01 01 00 00 00 00 5C 6F 6E 6F 2D 73 65 6E 64 61 ......\o no-senda [010] 69 5C 63 5C 00 i\c\. Data= (DF) (ttl 64, id 54821, len 133) 0x0000 4500 0085 d625 4000 4006 e0e0 c0a8 010f E....%@.@....... 0x0010 c0a8 010d 81e3 008b 2969 7147 0498 b2e6 ........)iqG.... 0x0020 5018 6618 a429 0000 0000 0059 ff53 4d42 P.f..).....Y.SMB 0x0030 3200 0000 0008 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0700 0f15 0000 ................ 0x0050 0002 0068 0b00 0000 0000 0000 0000 0015 ...h............ 0x0060 0044 0000 0059 0001 0005 0018 0000 4420 .D...Y........D. 0x0070 0101 0000 0000 5c6f 6e6f 2d73 656e 6461 ......\ono-senda 0x0080 695c 635c 00 i\c\. 17:17:04.547961 192.168.1.13.139 > 192.168.1.15.33251: P [tcp sum ok] 102:164(62) ack 236 win 63554 >>> NBT Packet NBT Session Packet Flags=0x0 Length=58 (0x3a) SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x1 Error code = 1 (0x1) Flags1 = 0x88 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 7 (0x7) Word Count = 10 (0xa) SMBError = ERRDOS - ERRbadfunc (Invalid function.) TRANSACT2_QPATHINFO param_length=2 data_length=0 TotParam=2 (0x2) TotData=0 (0x0) Res1=0x0 ParamCnt=2 (0x2) ParamOff=55 (0x37) ParamDisp0 (0x0) DataCnt=0 (0x0) DataOff=58 (0x3a) DataDisp=0 (0x0) SetupCnt=0 (0x0) Paramaters= Data: (2 bytes) [000] 00 00 .. Data= (DF) (ttl 128, id 11488, len 102) 0x0000 4500 0066 2ce0 4000 8006 4a45 c0a8 010d E..f,.@...JE.... 0x0010 c0a8 010f 008b 81e3 0498 b2e6 2969 71a4 ............)iq. 0x0020 5018 f842 f5d7 0000 0000 003a ff53 4d42 P..B.......:.SMB 0x0030 3201 0001 0088 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0700 0a02 0000 ................ 0x0050 0000 0002 0037 0000 0000 003a 0000 0000 .....7.....:.... 0x0060 0003 0000 0059 .....Y 17:17:04.548280 192.168.1.15.33251 > 192.168.1.13.139: P [tcp sum ok] 236:329(93) ack 164 win 26136 >>> NBT Packet NBT Session Packet Flags=0x0 Length=89 (0x59) SMB PACKET: SMBtrans2 (REQUEST) SMB Command = 0x32 Error class = 0x0 Error code = 0 (0x0) Flags1 = 0x8 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 8 (0x8) Word Count = 15 (0xf) TRANSACT2_QPATHINFO param_length=21 data_length=0 TotParam=21 (0x15) TotData=0 (0x0) MaxParam=2 (0x2) MaxData=2920 (0xb68) MaxSetup=0 (0x0) Flags=0x0 TimeOut=0 (0x0) Res1=0x0 ParamCnt=21 (0x15) ParamOff=68 (0x44) DataCnt=0 (0x0) DataOff=89 (0x59) SetupCnt=1 (0x1) TransactionName=Paramaters= Data: (21 bytes) [000] 01 01 00 00 00 00 5C 6F 6E 6F 2D 73 65 6E 64 61 ......\o no-senda [010] 69 5C 63 5C 00 i\c\. Data= (DF) (ttl 64, id 54822, len 133) 0x0000 4500 0085 d626 4000 4006 e0df c0a8 010f E....&@.@....... 0x0010 c0a8 010d 81e3 008b 2969 71a4 0498 b324 ........)iq....$ 0x0020 5018 6618 a28e 0000 0000 0059 ff53 4d42 P.f........Y.SMB 0x0030 3200 0000 0008 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0800 0f15 0000 ................ 0x0050 0002 0068 0b00 0000 0000 0000 0000 0015 ...h............ 0x0060 0044 0000 0059 0001 0005 0018 0000 4420 .D...Y........D. 0x0070 0101 0000 0000 5c6f 6e6f 2d73 656e 6461 ......\ono-senda 0x0080 695c 635c 00 i\c\. 17:17:04.548661 192.168.1.13.139 > 192.168.1.15.33251: P [tcp sum ok] 164:226(62) ack 329 win 63461 >>> NBT Packet NBT Session Packet Flags=0x0 Length=58 (0x3a) SMB PACKET: SMBtrans2 (REPLY) SMB Command = 0x32 Error class = 0x1 Error code = 1 (0x1) Flags1 = 0x88 Flags2 = 0x1 Tree ID = 49155 (0xc003) Proc ID = 6355 (0x18d3) UID = 0 (0x0) MID = 8 (0x8) Word Count = 10 (0xa) SMBError = ERRDOS - ERRbadfunc (Invalid function.) TRANSACT2_QPATHINFO param_length=2 data_length=0 TotParam=2 (0x2) TotData=0 (0x0) Res1=0x0 ParamCnt=2 (0x2) ParamOff=55 (0x37) ParamDisp0 (0x0) DataCnt=0 (0x0) DataOff=58 (0x3a) DataDisp=0 (0x0) SetupCnt=0 (0x0) Paramaters= Data: (2 bytes) [000] 00 00 .. Data= (DF) (ttl 128, id 11744, len 102) 0x0000 4500 0066 2de0 4000 8006 4945 c0a8 010d E..f-.@...IE.... 0x0010 c0a8 010f 008b 81e3 0498 b324 2969 7201 ...........$)ir. 0x0020 5018 f7e5 f499 0000 0000 003a ff53 4d42 P..........:.SMB 0x0030 3201 0001 0088 0108 0000 0000 0000 0000 2............... 0x0040 0000 0000 03c0 d318 0000 0800 0a02 0000 ................ 0x0050 0000 0002 0037 0000 0000 003a 0000 0000 .....7.....:.... 0x0060 0003 0000 0059 .....Y 17:17:04.648507 192.168.1.15.33251 > 192.168.1.13.139: . [tcp sum ok] 329:329(0) ack 226 win 26136 (DF) (ttl 64, id 54823, len 40) 0x0000 4500 0028 d627 4000 4006 e13b c0a8 010f E..(.'@.@..;.... 0x0010 c0a8 010d 81e3 008b 2969 7201 0498 b362 ........)ir....b 0x0020 5010 6618 f07b 0000 P.f..{.. 17:17:04.673168 192.168.1.15.33251 > 192.168.1.13.139: F [tcp sum ok] 329:329(0) ack 226 win 26136 (DF) (ttl 64, id 54824, len 40) 0x0000 4500 0028 d628 4000 4006 e13a c0a8 010f E..(.(@.@..:.... 0x0010 c0a8 010d 81e3 008b 2969 7201 0498 b362 ........)ir....b 0x0020 5011 6618 f07a 0000 P.f..z.. 17:17:04.673475 192.168.1.13.139 > 192.168.1.15.33251: F [tcp sum ok] 226:226(0) ack 330 win 63461 (DF) (ttl 128, id 12000, len 40) 0x0000 4500 0028 2ee0 4000 8006 4883 c0a8 010d E..(..@...H..... 0x0010 c0a8 010f 008b 81e3 0498 b362 2969 7202 ...........b)ir. 0x0020 5011 f7e5 5eac 0000 922c 846c 0000 P...^....,.l.. 17:17:04.677268 192.168.1.15.33251 > 192.168.1.13.139: . [tcp sum ok] 330:330(0) ack 227 win 26136 (DF) (ttl 64, id 54825, len 40) 0x0000 4500 0028 d629 4000 4006 e139 c0a8 010f E..(.)@.@..9.... 0x0010 c0a8 010d 81e3 008b 2969 7202 0498 b363 ........)ir....c 0x0020 5010 6618 f079 0000 P.f..y..