The Samba-Bugzilla – Attachment 2376 Details for
Bug 4503
"net rpc join" failure: WinServer 2003 SP2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
This is the output from the net join command.
netjoin.log (text/plain), 208.92 KB, created by
Kris D
on 2007-04-11 08:37:34 UTC
(
hide
)
Description:
This is the output from the net join command.
Filename:
MIME Type:
Creator:
Kris D
Created:
2007-04-11 08:37:34 UTC
Size:
208.92 KB
patch
obsolete
>./net rpc join -U administrator%password -d10 >[2007/04/06 11:58:36, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 >[2007/04/06 11:58:36, 3] param/loadparm.c:lp_load(4945) > lp_load: refreshing parameters >[2007/04/06 11:58:36, 3] param/loadparm.c:init_globals(1410) > Initialising global parameters >[2007/04/06 11:58:36, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" >[2007/04/06 11:58:36, 3] param/loadparm.c:do_section(3687) > Processing section "[global]" > doing parameter workgroup = D2d > doing parameter server string = Geneva Samba Server > doing parameter security = domain > doing parameter client schannel = No > doing parameter server schannel = No > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 50 > doing parameter dns proxy = no >[2007/04/06 11:58:36, 4] param/loadparm.c:lp_load(4976) > pm_process() returned Yes >[2007/04/06 11:58:36, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find homes >[2007/04/06 11:58:36, 10] param/loadparm.c:set_server_role(4221) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2LE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2LE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16LE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16LE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2BE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2BE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16BE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16BE >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF8 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF8 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-8 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-8 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ASCII >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ASCII >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset 646 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset 646 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ISO-8859-1 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ISO-8859-1 >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS2-HEX >[2007/04/06 11:58:36, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS2-HEX >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:36, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/06 11:58:37, 5] lib/util.c:init_names(286) > Netbios name list:- > my_netbios_names[0]="GENEVA" >[2007/04/06 11:58:37, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.30.21 bcast=192.168.30.255 nmask=255.255.255.0 >[2007/04/06 11:58:37, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up D2D#1b >[2007/04/06 11:58:37, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /usr/local/samba/var/locks/gencache.tdb >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) > Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Fri Apr 6 12:08:20 2007 >[2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_fetch(201) > name D2D#1B found. >[2007/04/06 11:58:37, 6] libsmb/namequery.c:get_pdc_ip(1348) > get_pdc_ip: PDC has 2 IP addresses! >[2007/04/06 11:58:37, 10] libsmb/namequery.c:name_status_find(276) > name_status_find: looking up D2D#1b at 192.168.30.206 >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) > Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Fri Apr 6 12:08:20 2007 >[2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_status_fetch(314) > namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=D2DMAIL >[2007/04/06 11:58:37, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,183) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,183) wrote 183 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=17024 (0x4280) > smb_vwv[12]=51168 (0xC7E0) > smb_vwv[13]=25711 (0x646F) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=17024 (0x4280) > smb_vwv[12]=51168 (0xC7E0) > smb_vwv[13]=25711 (0x646F) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,92) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,92) wrote 92 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 177 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=4099 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=4099 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,82) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,82) wrote 82 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=25491 > smb_uid=4099 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2007/04/06 11:58:37, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876017] >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:37 2007 > (900 seconds ahead) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,104) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,104) wrote 104 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0xa2 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=25491 > smb_uid=4099 > smb_mid=4 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:37, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) > cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED >[2007/04/06 11:58:37, 10] intl/lang_tdb.c:lang_tdb_init(138) > lang_tdb_init: /usr/local/samba/lib/C.msg: No such file or directory >Could not initialise lsa pipe >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,39) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,39) wrote 39 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=25491 > smb_uid=4099 > smb_mid=5 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:37, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up D2D#1b >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) > Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Fri Apr 6 12:08:20 2007 >[2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_fetch(201) > name D2D#1B found. >[2007/04/06 11:58:37, 6] libsmb/namequery.c:get_pdc_ip(1348) > get_pdc_ip: PDC has 2 IP addresses! >[2007/04/06 11:58:37, 10] libsmb/namequery.c:name_status_find(276) > name_status_find: looking up D2D#1b at 192.168.30.206 >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_get(304) > Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Fri Apr 6 12:08:20 2007 >[2007/04/06 11:58:37, 5] libsmb/namecache.c:namecache_status_fetch(314) > namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=D2DMAIL >[2007/04/06 11:58:37, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/06 11:58:37, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,183) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,183) wrote 183 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 1152 (0x480) > smb_vwv[12]=54220 (0xD3CC) > smb_vwv[13]=25711 (0x646F) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 1152 (0x480) > smb_vwv[12]=54220 (0xD3CC) > smb_vwv[13]=25711 (0x646F) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) > Doing spnego session setup (blob length=104) >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 48018 1 2 2 >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 113554 1 2 2 >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 113554 1 2 2 3 >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 3 6 1 4 1 311 2 2 10 >[2007/04/06 11:58:37, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) > got principal=d2dmail$@D2D.COM >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,160) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,160) wrote 160 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 348 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=348 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 348 (0x15C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 177 (0xB1) > smb_bcc=305 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 02 89 62 42 56 43 CD 8D 92 A2 33 00 ......bB VCÍ..¢3. > [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... > [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... > [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D > [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 > [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d > [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d > [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... > [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [130] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=348 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 348 (0x15C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 177 (0xB1) > smb_bcc=305 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 02 89 62 42 56 43 CD 8D 92 A2 33 00 ......bB VCÍ..¢3. > [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... > [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... > [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D > [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 > [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d > [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d > [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... > [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [130] 00 . >[2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(950) > Got challenge flags: >[2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x62890215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(972) > NTLMSSP: Set final flags: >[2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/06 11:58:37, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1046) > NTLMSSP challenge set by NTLM2 >[2007/04/06 11:58:37, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) > challenge is: >[2007/04/06 11:58:37, 5] lib/util.c:dump_data(2222) > [000] 76 A8 4C 09 08 E3 E8 2D v¨L..ãè- >[2007/04/06 11:58:37, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2007/04/06 11:58:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,270) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,270) wrote 270 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 180 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=180 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=137 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r > [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c > [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d > [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=180 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=137 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r > [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c > [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d > [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,82) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,82) wrote 82 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user administrator domain D2D >[2007/04/06 11:58:37, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876017] >[2007/04/06 11:58:37, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:37 2007 > (900 seconds ahead) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,104) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,104) wrote 104 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 512 (0x200) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[4002]: \lsarpc auth_type 0, auth_level 0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4«Í ï..#Eg.« > [010] 00 00 00 00 .... >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345778 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 89 ab >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000000 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16386 (0x4002) > smb_bcc=87 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.??ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,158) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,158) wrote 158 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8A 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8A 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 68 bytes. >[2007/04/06 11:58:37, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 bind request returned ok.[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000308a >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine D2DMAIL and bound anonymously. >[2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) > init_lsa_sec_qos >[2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) > init_open_pol: attr:0 da:33554432 >[2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) > init_lsa_obj_attr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr : 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 system_name: 005c >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 len : 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c ptr_root_dir: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 ptr_obj_name: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 attributes : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 ptr_sec_desc: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c ptr_sec_qos : 00000001 >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_qos sec_qos >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 len : 0000000c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 sec_imp_level : 0002 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0026 sec_ctxt_mode : 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0027 effective_only: 00 >[2007/04/06 11:58:37, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 des_access: 02000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000002c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0006 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16386 (0x4002) > smb_bcc=83 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,154) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,154) wrote 154 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E ........ .....õ). > [020] A6 4B 9B 39 40 A1 7D 32 8B 26 57 63 A5 00 00 00 ¦K.9@¡}2 .&Wc¥... > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E ........ .....õ). > [020] A6 4B 9B 39 40 A1 7D 32 8B 26 57 63 A5 00 00 00 ¦K.9@¡}2 .&Wc¥... > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: a61e29f5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 9b4b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 4039 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: a1 7d 32 8b 26 57 63 a5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_q_query(488) > init_q_query >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: a61e29f5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 9b4b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 4039 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: a1 7d 32 8b 26 57 63 a5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 info_class: 0005 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000016 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0007 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16386 (0x4002) > smb_bcc=61 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 F5 29 1E A6 4B ........ ...õ).¦K > [030] 9B 39 40 A1 7D 32 8B 26 57 63 A5 05 00 .9@¡}2.& Wc¥.. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,132) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,132) wrote 132 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 152 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 1E .H...... ........ > [020] A6 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ¦....... ........ > [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H > [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ > [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... > [060] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 1E .H...... ........ > [020] A6 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 ¦....... ........ > [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H > [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ > [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... > [060] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0060 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000048 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 96 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 144 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 dom_ptr: 00020000 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0004 info_class: 0005 >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query_3 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 uni_dom_max_len: 0006 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a uni_dom_str_len: 0008 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c buffer_dom_name: 00020004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 buffer_dom_sid : 00020008 >[2007/04/06 11:58:37, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 uni_max_len: 00000004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 offset : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_str_len: 00000003 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0020 buffer : D.2.D. >[2007/04/06 11:58:37, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_dom_sid2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 num_auths: 00000004 >[2007/04/06 11:58:37, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_dom_sid sid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002c sid_rev_num: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002d num_auths : 04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002e id_auth[0] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002f id_auth[1] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 id_auth[2] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 id_auth[3] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0032 id_auth[4] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0033 id_auth[5] : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0034 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0044 status: NT_STATUS_OK >[2007/04/06 11:58:37, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2126) > init_lsa_q_close >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: a61e29f5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 9b4b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 4039 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: a1 7d 32 8b 26 57 63 a5 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000014 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0000 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16386 (0x4002) > smb_bcc=59 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 F5 29 1E A6 4B ........ ...õ).¦K > [030] 9B 39 40 A1 7D 32 8B 26 57 63 A5 .9@¡}2.& Wc¥ >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,130) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,130) wrote 130 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0x4002 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,45) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,45) wrote 45 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \lsarpc to machine D2DMAIL >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,100) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,100) wrote 100 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 768 (0x300) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[4003]: \samr auth_type 0, auth_level 0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AC .4Wx.4«Í ï..#Eg.¬ > [010] 00 00 00 01 .... >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345778 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 89 ac >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=87 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.??ï ..#Eg.¬. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,158) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,158) wrote 158 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8B 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8B 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 68 bytes. >[2007/04/06 11:58:37, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \samr fnum 0x4003 bind request returned ok. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000308b >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \samr to machine D2DMAIL and bound anonymously. >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) > cli_samr_connect to D2DMAIL >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6978) > init_samr_q_connect >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_connect >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 ptr_srv_name: 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 00000008 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 00000008 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : D.2.D.M.A.I.L... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 access_mask: 02000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 003c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000024 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0039 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=75 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ > [030] 00 00 00 08 00 00 00 44 00 32 00 44 00 4D 00 41 .......D .2.D.M.A > [040] 00 49 00 4C 00 00 00 00 00 00 02 .I.L.... ... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,146) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,146) wrote 146 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB 93 6A ........ .....Ë.j > [020] B1 0E 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 ±.IïN¬àâ ¦þÛa_... > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 CB 93 6A ........ .....Ë.j > [020] B1 0E 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 ±.IïN¬àâ ¦þÛa_... > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000006 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_connect >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd connect_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: b16a93cb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 490e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 4eef >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: ac e0 e2 a6 fe db 61 5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) > cli_samr_open_domain with sid S-1-5-21-1027589457-4058082779-2152882814 >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) > samr_init_samr_q_open_domain >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_domain >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: b16a93cb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 490e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 4eef >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: ac e0 e2 a6 fe db 61 5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 flags: 02000000 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_dom_sid2 sid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_auths: 00000004 >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_dom_sid sid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c sid_rev_num: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d num_auths : 04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e id_auth[0] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001f id_auth[1] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0020 id_auth[2] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0021 id_auth[3] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0022 id_auth[4] : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0023 id_auth[5] : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0024 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 004c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000034 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0007 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=91 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 CB 93 6A B1 0E ........ ...Ë.j±. > [030] 49 EF 4E AC E0 E2 A6 FE DB 61 5F 00 00 00 02 04 IïN¬àâ¦þ Ûa_..... > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 51 ........ .......Q > [050] C5 3F 3D DB 6D E1 F1 7E 62 52 80 Å?=Ûmáñ~ bR. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,162) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,162) wrote 162 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F7 AA 37 ........ .....÷ª7 > [020] C0 B1 A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 1£}B.íª ~Ôtú»... > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F7 AA 37 ........ .....÷ª7 > [020] C0 B1 A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 1£}B.íª ~Ôtú»... > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_domain >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: c037aaf7 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: a3b1 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 427d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 9a ed aa 7e d4 74 fa bb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1601) > cli_samr_create_dom_user geneva$ >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_create_user(5168) > samr_init_samr_q_create_user >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_create_user >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: c037aaf7 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: a3b1 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 427d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 9a ed aa 7e d4 74 fa bb >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unihdr hdr_name >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 uni_str_len: 000e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 uni_max_len: 000e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 buffer : 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 uni_name >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c uni_max_len: 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_str_len: 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0028 buffer : g.e.n.e.v.a.$. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 acb_info : 00000080 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c access_mask: e005000b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000040 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0032 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=170 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=103 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 58 00 00 00 08 00 00 00 40 .......X .......@ > [020] 00 00 00 00 00 32 00 00 00 00 00 F7 AA 37 C0 B1 .....2.. ...÷ª71 > [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 0E 00 0E 00 01 £}B.íª~Ô tú»..... > [040] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g > [050] 00 65 00 6E 00 65 00 76 00 61 00 24 00 00 00 80 .e.n.e.v .a.$.... > [060] 00 00 00 0B 00 05 E0 ......à >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,174) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,174) wrote 174 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 112 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0038 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000008 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000020 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 56 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 64 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_create_user >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 access_granted: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 user_rid : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 001c status: NT_STATUS_USER_EXISTS >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1541) > cli_samr_lookup_names >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4817) > init_samr_q_lookup_names >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_lookup_names >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: c037aaf7 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: a3b1 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 427d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 9a ed aa 7e d4 74 fa bb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 num_names1: 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 flags : 000003e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c ptr : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 num_names2: 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unihdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 uni_str_len: 000e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 uni_max_len: 000e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 buffer : 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_max_len: 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset : 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 uni_str_len: 00000007 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0038 buffer : g.e.n.e.v.a.$. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 005e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000046 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0011 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=109 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 09 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 11 00 00 00 00 00 F7 AA 37 C0 B1 ........ ...÷ª71 > [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 01 00 00 00 E8 £}B.íª~Ô tú»....è > [040] 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E 00 01 ........ ........ > [050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g > [060] 00 65 00 6E 00 65 00 76 00 61 00 24 00 .e.n.e.v .a.$. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,180) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,180) wrote 180 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 116 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 24 0C 00 00 01 00 00 00 04 00 02 .....$.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 24 0C 00 00 01 00 00 00 04 00 02 .....$.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 003c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000009 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000024 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 60 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 72 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_lookup_names >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_rids1: 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_rids : 00020000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 num_rids2: 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c rid[00] : 00000c24 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 num_types1: 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_types : 00020004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_types2: 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c type[00] : 00000001 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0020 status: NT_STATUS_OK >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_open_user(187) > cli_samr_open_user with rid 0xc24 >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_open_user(5099) > samr_init_samr_q_open_user >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_user >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: c037aaf7 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: a3b1 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 427d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 9a ed aa 7e d4 74 fa bb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 access_mask: 02000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 user_rid : 00000c24 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0034 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000001c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0022 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=67 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 22 00 00 00 00 00 F7 AA 37 C0 B1 .....".. ...÷ª71 > [030] A3 7D 42 9A ED AA 7E D4 74 FA BB 00 00 00 02 24 £}B.íª~Ô tú»....$ > [040] 0C 00 00 ... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,138) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,138) wrote 138 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F BF 1D ........ ....._¿. > [020] 5B 09 13 2C 49 B9 9C 5B 57 18 E5 F7 59 00 00 00 [..,I¹.[ W.å÷Y... > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 5F BF 1D ........ ....._¿. > [020] 5B 09 13 2C 49 B9 9C 5B 57 18 E5 F7 59 00 00 00 [..,I¹.[ W.å÷Y... > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000a >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_user >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 5b1dbf5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1309 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 492c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: b9 9c 5b 57 18 e5 f7 59 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 10] rpc_parse/parse_samr.c:init_sam_user_info24(5592) > init_sam_user_info24: >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1645) > cli_samr_set_userinfo >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6818) > init_samr_q_set_userinfo >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6587) > init_samr_userinfo_ctr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 5b1dbf5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1309 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 492c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: b9 9c 5b 57 18 e5 f7 59 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 switch_value: 0018 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 switch_value: 0018 >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 sam_io_user_info24 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0018 password: c7 03 bb 45 8a 94 09 39 b7 f6 3e 51 3f af 84 b4 2a db eb 7b 93 bf 23 96 4d 95 2d 63 8e b8 6c 79 62 23 e4 97 5c 42 97 c2 ff f1 2d 6e 1c 0c c1 e3 e3 ce f9 ac f6 48 5d 94 b5 07 17 e8 20 ce 47 42 06 84 97 59 d6 b5 f9 c4 65 26 db 70 8e 23 16 14 62 d9 c5 75 83 09 c9 9a 6b 84 15 b2 78 1d 13 e1 8a 79 02 11 1d 12 16 15 18 76 60 c6 24 c0 02 94 0f 78 ee 71 be 45 f0 96 5d bc 5e ca f3 64 5e ef e7 e4 01 bb 8f 2c 7c 55 4f 03 b5 59 af 05 a7 75 39 5b 66 2e 4f f4 c7 a3 1a e4 b5 dc 75 c6 57 60 0f 8e 38 b4 9a 09 93 ca f1 f3 bb 4e e6 02 2e 84 0a 35 f3 9b c1 47 59 a9 fa b1 9c af ea c1 b6 65 01 18 dc f8 34 90 ad f1 64 ce c3 12 3a 0e b8 ba 69 aa 77 84 ed e2 ac b7 0a 00 a8 11 2f 21 a9 19 ee 7d f4 b6 e1 e6 2d 31 2f a2 e8 b1 96 28 67 23 33 24 fe 2c f2 fb be 81 f7 9b e9 cd c1 c3 84 f6 42 69 b3 73 7a cb 72 f7 d7 5b ad 88 f1 e2 19 38 ce 4c 4e 49 87 c5 93 d8 8d 94 92 df 6a 43 fb 19 57 de e9 5c ed f0 b3 82 90 86 b6 df eb b8 c9 2a 63 3e 4c 33 31 cb 9d 3c cf 58 52 d4 22 12 9a 14 1f 6f 8b 2a 12 0a d0 72 49 bf ee 6 +> > f da 7e 23 c7 7c e6 72 7c 48 e6 1c 8c 43 8b 4b 6d 9f c9 53 1c 94 71 2c fb b8 2a b9 a4 a6 33 5e 91 69 e4 30 03 82 76 24 46 74 e4 6f 59 fc e8 72 d6 5e c6 88 a2 7e 46 b3 22 ae c8 7c c3 38 37 0a 04 5e 94 89 54 7d b0 af 7f e5 e7 e7 1e a4 62 4d 45 12 96 96 b4 f6 44 30 a3 35 37 ac dd 70 74 9e 5c 7e 40 d5 08 48 a2 6e fd d4 6a b8 fb 4e 32 f0 b9 d5 b6 3c 26 15 83 7c 4e 56 8d 08 6e ae e2 ca 25 68 ef be c3 80 eb 00 a3 8e ad c7 ff be ee aa 3f 6b 67 e0 ae f4 9c 30 c5 d3 f7 a5 db e0 03 41 95 eb 5b 91 7e b1 65 11 dc 13 3d 1c 09 a3 5c 2a ac 28 75 a5 46 54 6b fa a8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 021c pw_len: 0018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0236 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000021e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 003a >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=648 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 566 (0x236) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 566 (0x236) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=581 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 36 02 00 00 0B 00 00 00 1E .......6 ........ > [020] 02 00 00 00 00 3A 00 00 00 00 00 5F BF 1D 5B 09 .....:.. ..._¿.[. > [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 18 00 18 00 C7 .,I¹.[W. å÷Y....Ç > [040] 03 BB 45 8A 94 09 39 B7 F6 3E 51 3F AF 84 B4 2A .»E...9· ö>Q?¯.´* > [050] DB EB 7B 93 BF 23 96 4D 95 2D 63 8E B8 6C 79 62 Ûë{.¿#.M .-c.¸lyb > [060] 23 E4 97 5C 42 97 C2 FF F1 2D 6E 1C 0C C1 E3 E3 #ä.\B.Âÿ ñ-n..Áãã > [070] CE F9 AC F6 48 5D 94 B5 07 17 E8 20 CE 47 42 06 Îù¬öH].µ ..è ÎGB. > [080] 84 97 59 D6 B5 F9 C4 65 26 DB 70 8E 23 16 14 62 ..Y??ùÄe &Ûp.#..b > [090] D9 C5 75 83 09 C9 9A 6B 84 15 B2 78 1D 13 E1 8A ÙÅu..É.k ..²x..á. > [0A0] 79 02 11 1D 12 16 15 18 76 60 C6 24 C0 02 94 0F y....... v`Æ$À... > [0B0] 78 EE 71 BE 45 F0 96 5D BC 5E CA F3 64 5E EF E7 xîq¾Eð.] ¼^Êód^ïç > [0C0] E4 01 BB 8F 2C 7C 55 4F 03 B5 59 AF 05 A7 75 39 ä.».,|UO .µY¯.§u9 > [0D0] 5B 66 2E 4F F4 C7 A3 1A E4 B5 DC 75 C6 57 60 0F [f.OôÇ£. äµÜuÆW`. > [0E0] 8E 38 B4 9A 09 93 CA F1 F3 BB 4E E6 02 2E 84 0A .8´...Êñ ó»Næ.... > [0F0] 35 F3 9B C1 47 59 A9 FA B1 9C AF EA C1 B6 65 01 5ó.ÁGY©ú ±.¯êÁ¶e. > [100] 18 DC F8 34 90 AD F1 64 CE C3 12 3A 0E B8 BA 69 .Üø4.ñd ÎÃ.:.¸ºi > [110] AA 77 84 ED E2 AC B7 0A 00 A8 11 2F 21 A9 19 EE ªw.í⬷. .¨./!©.î > [120] 7D F4 B6 E1 E6 2D 31 2F A2 E8 B1 96 28 67 23 33 }ô¶áæ-1/ ¢è±.(g#3 > [130] 24 FE 2C F2 FB BE 81 F7 9B E9 CD C1 C3 84 F6 42 $þ,òû¾.÷ .éÍÁÃ.öB > [140] 69 B3 73 7A CB 72 F7 D7 5B AD 88 F1 E2 19 38 CE i³szËr÷× [.ñâ.8Î > [150] 4C 4E 49 87 C5 93 D8 8D 94 92 DF 6A 43 FB 19 57 LNI.Å.Ø. ..ßjCû.W > [160] DE E9 5C ED F0 B3 82 90 86 B6 DF EB B8 C9 2A 63 Þé\íð³.. .¶ßë¸É*c > [170] 3E 4C 33 31 CB 9D 3C CF 58 52 D4 22 12 9A 14 1F >L31Ë.<Ï XRÔ".... > [180] 6F 8B 2A 12 0A D0 72 49 BF EE 6F DA 7E 23 C7 7C o.*..ÐrI ¿îoÚ~#Ç| > [190] E6 72 7C 48 E6 1C 8C 43 8B 4B 6D 9F C9 53 1C 94 ær|Hæ..C .Km.ÉS.. > [1A0] 71 2C FB B8 2A B9 A4 A6 33 5E 91 69 E4 30 03 82 q,û¸*¹¤¦ 3^.iä0.. > [1B0] 76 24 46 74 E4 6F 59 FC E8 72 D6 5E C6 88 A2 7E v$FtäoYü èrÖ^Æ.¢~ > [1C0] 46 B3 22 AE C8 7C C3 38 37 0A 04 5E 94 89 54 7D F³"®È|Ã8 7..^..T} > [1D0] B0 AF 7F E5 E7 E7 1E A4 62 4D 45 12 96 96 B4 F6 °¯.åçç.¤ bME...´ö > [1E0] 44 30 A3 35 37 AC DD 70 74 9E 5C 7E 40 D5 08 48 D0£57¬Ýp t.\~@Õ.H > [1F0] A2 6E FD D4 6A B8 FB 4E 32 F0 B9 D5 B6 3C 26 15 ¢nýÔj¸ûN 2ð¹Õ¶<&. >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,652) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,652) wrote 652 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 84 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 8 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0000 status: NT_STATUS_OK >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5437) > init_sam_user_info16 >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1696) > cli_samr_set_userinfo2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6892) > init_samr_q_set_userinfo2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo2 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 5b1dbf5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1309 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 492c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: b9 9c 5b 57 18 e5 f7 59 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 switch_value: 0010 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 switch_value: 0010 >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 samr_io_r_user_info16 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 acb_info: 00000080 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0034 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000001c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0025 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=67 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 0C 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 25 00 00 00 00 00 5F BF 1D 5B 09 .....%.. ..._¿.[. > [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 10 00 10 00 80 .,I¹.[W. å÷Y..... > [040] 00 00 00 ... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,138) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,138) wrote 138 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 84 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 001c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000004 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 8 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo2 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0000 status: NT_STATUS_OK >[2007/04/06 11:58:37, 10] rpc_client/cli_samr.c:rpccli_samr_close(109) > cli_samr_close >[2007/04/06 11:58:37, 5] rpc_parse/parse_samr.c:init_samr_q_close_hnd(38) > init_samr_q_close_hnd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_close_hnd >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 5b1dbf5f >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 1309 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 492c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: b9 9c 5b 57 18 e5 f7 59 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 002c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000014 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0001 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16387 (0x4003) > smb_bcc=59 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 5F BF 1D 5B 09 ........ ..._¿.[. > [030] 13 2C 49 B9 9C 5B 57 18 E5 F7 59 .,I¹.[W. å÷Y >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,130) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,130) wrote 130 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0030 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000d >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000018 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/06 11:58:37, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x4003 returned 48 bytes. >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_close_hnd >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 data1: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 data2: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 data3: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a data4: 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 000c data5: 00 00 00 00 00 00 00 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0014 status: NT_STATUS_OK >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,45) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,45) wrote 45 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=21 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:37, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \samr to machine D2DMAIL >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,108) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,108) wrote 108 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=22 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[4004]: \NETLOGON auth_type 0, auth_level 0 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû > [010] 00 00 00 01 .... >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2007/04/06 11:58:37, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/06 11:58:37, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2007/04/06 11:58:37, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16388 (0x4004) > smb_bcc=87 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,158) >[2007/04/06 11:58:37, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,158) wrote 158 >[2007/04/06 11:58:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8C 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:37, 5] lib/util.c:show_msg(495) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/06 11:58:37, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... > [010] 00 B8 10 B8 10 8C 30 00 00 0C 00 5C 50 49 50 45 .¸.¸..0. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:37, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 68 bytes. >[2007/04/06 11:58:38, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 bind request returned ok. >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000e >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0000308c >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine D2DMAIL and bound anonymously. >[2007/04/06 11:58:38, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) > cli_net_req_chal: LSA Request Challenge from GENEVA to \\D2DMAIL >[2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.D.2.D.M.A.I.L... >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000007 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000007 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : G.E.N.E.V.A... >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_chal >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data: 53 a3 37 e0 3e cf ce a1 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 005e >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000f >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000046 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16388 (0x4004) > smb_bcc=109 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 0F 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D > [040] 00 4D 00 41 00 49 00 4C 00 00 00 07 00 00 00 00 .M.A.I.L ........ > [050] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [060] 00 41 00 00 00 53 A3 37 E0 3E CF CE A1 .A...S£7 à>ÏΡ >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,180) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,180) wrote 180 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 F6 44 9B 96 60 81 95 ........ .öD..`.. > [020] 53 00 00 00 00 S.... >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 F6 44 9B 96 60 81 95 ........ .öD..`.. > [020] 53 00 00 00 00 S.... >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 0000000f >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 24 bytes. >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: f6 44 9b 96 60 81 95 53 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 0008 status: NT_STATUS_OK >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 701ff >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : 53A337E03ECFCEA1 >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : F6449B9660819553 >[2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: 53A337E03ECFCEA1 >[2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : F6449B9660819553 >[2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : 49E8D2769E5064F5 >[2007/04/06 11:58:38, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : DD349E35A0783B0C >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : 50362D5696D18372 >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : 049D6162809D3C25 >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : 50362D5696D18372 >[2007/04/06 11:58:38, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) > cli_net_auth2: srv:\\D2DMAIL acct:GENEVA$ sc:2 mc: GENEVA neg: 701ff >[2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2007/04/06 11:58:38, 5] rpc_parse/parse_misc.c:init_log_info(1409) > make_log_info 1409 >[2007/04/06 11:58:38, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.D.2.D.M.A.I.L... >[2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000008 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000008 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : G.E.N.E.V.A.$... >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 sec_chan: 0002 >[2007/04/06 11:58:38, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_unistr2 unistr2 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 uni_max_len: 00000007 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 offset : 00000000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c uni_str_len: 00000007 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0050 buffer : G.E.N.E.V.A... >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00005e smb_io_chal >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 005e data: 50 36 2d 56 96 d1 83 72 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 net_io_neg_flags >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 neg_flags: 000701ff >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0084 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000010 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000006c >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2007/04/06 11:58:38, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16388 (0x4004) > smb_bcc=147 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 10 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D > [040] 00 4D 00 41 00 49 00 4C 00 00 00 08 00 00 00 00 .M.A.I.L ........ > [050] 00 00 00 08 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [060] 00 41 00 24 00 00 00 02 00 00 00 07 00 00 00 00 .A.$.... ........ > [070] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [080] 00 41 00 00 00 50 36 2D 56 96 D1 83 72 00 00 FF .A...P6- V.Ñ.r..ÿ > [090] 01 07 00 ... >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,218) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,218) wrote 218 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 04 9D 61 62 80 9D 3C ........ ...ab..< > [020] 25 FF 01 07 00 00 00 00 00 %ÿ...... . >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 04 9D 61 62 80 9D 3C ........ ...ab..< > [020] 25 FF 01 07 00 00 00 00 00 %ÿ...... . >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000010 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2007/04/06 11:58:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x4004 returned 32 bytes. >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 04 9d 61 62 80 9d 3c 25 >[2007/04/06 11:58:38, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 000701ff >[2007/04/06 11:58:38, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) > 000c status: NT_STATUS_OK >[2007/04/06 11:58:38, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2007/04/06 11:58:38, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) > rpccli_netlogon_setup_creds: server D2DMAIL credential chain established. >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,45) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,45) wrote 45 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=26 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:38, 10] libsmb/clientgen.c:cli_rpc_pipe_close(384) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL >[2007/04/06 11:58:38, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=D2DMAIL >[2007/04/06 11:58:38, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/06 11:58:38, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(7,183) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(7,183) wrote 183 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=51840 (0xCA80) > smb_vwv[12]=36901 (0x9025) > smb_vwv[13]=25712 (0x6470) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=51840 (0xCA80) > smb_vwv[12]=36901 (0x9025) > smb_vwv[13]=25712 (0x6470) > smb_vwv[14]=51064 (0xC778) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] C2 64 A7 6E 42 FA BE 4F 8D 13 06 5A D9 EF 32 16 Âd§nBú¾O ...ZÙï2. > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(7,92) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(7,92) wrote 92 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 177 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6146 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=25491 > smb_uid=6146 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(7,82) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(7,82) wrote 82 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4098 > smb_pid=25491 > smb_uid=6146 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2007/04/06 11:58:38, 10] lib/util.c:dump_data(2222) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/06 11:58:38, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2007/04/06 11:58:38, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1175876018] >[2007/04/06 11:58:38, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Fri Apr 6 12:13:38 2007 > (900 seconds ahead) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(7,108) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(7,108) wrote 108 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0xa2 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=4098 > smb_pid=25491 > smb_uid=6146 > smb_mid=4 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:38, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) > cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED >[2007/04/06 11:58:38, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) > net_rpc_join_ok: failed to get schannel session key from server D2DMAIL for domain D2D. Error was NT_STATUS_ACCESS_DENIED >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(7,39) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(7,39) wrote 39 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4098 > smb_pid=25491 > smb_uid=6146 > smb_mid=5 > smt_wct=0 > smb_bcc=0 >Unable to join domain D2D. >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(132) > write_socket(4,39) >[2007/04/06 11:58:38, 6] libsmb/clientgen.c:write_socket(135) > write_socket(4,39) wrote 39 >[2007/04/06 11:58:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(485) >[2007/04/06 11:58:38, 5] lib/util.c:show_msg(495) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4097 > smb_pid=25491 > smb_uid=6144 > smb_mid=27 > smt_wct=0 > smb_bcc=0 >[2007/04/06 11:58:38, 2] utils/net.c:main(988) > return code = -1 >#
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2376">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4503
: 2376 |
2383
|
2400