The Samba-Bugzilla – Attachment 2400 Details for
Bug 4503
"net rpc join" failure: WinServer 2003 SP2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
latest debug log file
netjoin042307.log (text/plain), 260.01 KB, created by
Kris D
on 2007-04-23 14:47:48 UTC
(
hide
)
Description:
latest debug log file
Filename:
MIME Type:
Creator:
Kris D
Created:
2007-04-23 14:47:48 UTC
Size:
260.01 KB
patch
obsolete
>[2007/04/23 15:44:06, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 >[2007/04/23 15:44:06, 3] param/loadparm.c:lp_load(5024) > lp_load: refreshing parameters >[2007/04/23 15:44:06, 3] param/loadparm.c:init_globals(1424) > Initialising global parameters >[2007/04/23 15:44:06, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file "/opt/samba/lib/smb.conf" >[2007/04/23 15:44:06, 3] param/loadparm.c:do_section(3763) > Processing section "[global]" > doing parameter workgroup = D2d > doing parameter server string = Geneva Samba Server > doing parameter security = domain > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 50 > doing parameter dns proxy = no >[2007/04/23 15:44:06, 4] param/loadparm.c:lp_load(5055) > pm_process() returned Yes >[2007/04/23 15:44:06, 7] param/loadparm.c:lp_servicenumber(5193) > lp_servicenumber: couldn't find homes >[2007/04/23 15:44:06, 10] param/loadparm.c:set_server_role(4299) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2LE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2LE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16LE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16LE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2BE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2BE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16BE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16BE >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF8 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF8 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-8 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-8 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ASCII >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ASCII >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset 646 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset 646 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ISO-8859-1 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ISO-8859-1 >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS2-HEX >[2007/04/23 15:44:06, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS2-HEX >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/charcnv.c:charset_name(82) > Substituting charset 'ISO8859-1' for LOCALE >[2007/04/23 15:44:06, 5] lib/util.c:init_names(287) > Netbios name list:- > my_netbios_names[0]="GENEVA" >[2007/04/23 15:44:06, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.30.21 bcast=192.168.30.255 nmask=255.255.255.0 >[2007/04/23 15:44:06, 10] libsmb/namequery.c:internal_resolve_name(1166) > internal_resolve_name: looking up D2D#1b (sitename (NULL)) >[2007/04/23 15:44:06, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /opt/samba/var/locks/gencache.tdb >[2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) > Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Mon Apr 23 15:52:57 2007 >[2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_fetch(214) > name D2D#1B found. >[2007/04/23 15:44:06, 6] libsmb/namequery.c:get_pdc_ip(1395) > get_pdc_ip: PDC has 2 IP addresses! >[2007/04/23 15:44:06, 10] libsmb/namequery.c:name_status_find(303) > name_status_find: looking up D2D#1b at 192.168.30.206 >[2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) > Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Mon Apr 23 15:52:57 2007 >[2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_status_fetch(350) > namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL >[2007/04/23 15:44:06, 3] libsmb/cliconnect.c:cli_start_connection(1503) > Connecting to host=D2DMAIL >[2007/04/23 15:44:06, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/23 15:44:06, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,194) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,194) wrote 194 >[2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 6272 (0x1880) > smb_vwv[12]=14932 (0x3A54) > smb_vwv[13]=57281 (0xDFC1) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]= 6272 (0x1880) > smb_vwv[12]=14932 (0x3A54) > smb_vwv[13]=57281 (0xDFC1) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,92) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,92) wrote 92 >[2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 177 >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=16384 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) > [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=16384 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) > [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,82) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,82) wrote 82 >[2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 56 >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=28677 > smb_pid=2726 > smb_uid=16384 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2007/04/23 15:44:06, 10] lib/util.c:dump_data(2249) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/23 15:44:06, 10] libsmb/clientgen.c:cli_init_creds(254) > cli_init_creds: user domain >[2007/04/23 15:44:06, 10] libsmb/namequery.c:saf_store(74) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358346] >[2007/04/23 15:44:06, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:06 2007 > (900 seconds ahead) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,104) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,104) wrote 104 >[2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0xa2 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=28677 > smb_pid=2726 > smb_uid=16384 > smb_mid=4 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:06, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) > cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED >[2007/04/23 15:44:06, 10] intl/lang_tdb.c:lang_tdb_init(138) > lang_tdb_init: /opt/samba/lib/C.msg: No such file or directory >Could not initialise lsa pipe >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,39) >[2007/04/23 15:44:06, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,39) wrote 39 >[2007/04/23 15:44:06, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:06, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=28677 > smb_pid=2726 > smb_uid=16384 > smb_mid=5 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:06, 10] libsmb/namequery.c:internal_resolve_name(1166) > internal_resolve_name: looking up D2D#1b (sitename (NULL)) >[2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) > Returning valid cache entry: key = NBT/D2D#1B, value = 192.168.30.206:0,169.254.168.193:0, timeout = Mon Apr 23 15:52:57 2007 >[2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_fetch(214) > name D2D#1B found. >[2007/04/23 15:44:06, 6] libsmb/namequery.c:get_pdc_ip(1395) > get_pdc_ip: PDC has 2 IP addresses! >[2007/04/23 15:44:06, 10] libsmb/namequery.c:name_status_find(303) > name_status_find: looking up D2D#1b at 192.168.30.206 >[2007/04/23 15:44:06, 10] lib/gencache.c:gencache_get(226) > Returning valid cache entry: key = NBT/D2D#1B.20.192.168.30.206, value = D2DMAIL, timeout = Mon Apr 23 15:52:57 2007 >[2007/04/23 15:44:06, 5] libsmb/namecache.c:namecache_status_fetch(350) > namecache_status_fetch: key NBT/D2D#1B.20.192.168.30.206 -> D2DMAIL >[2007/04/23 15:44:06, 3] libsmb/cliconnect.c:cli_start_connection(1503) > Connecting to host=D2DMAIL >[2007/04/23 15:44:06, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/23 15:44:07, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,194) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,194) wrote 194 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=13440 (0x3480) > smb_vwv[12]=18594 (0x48A2) > smb_vwv[13]=57281 (0xDFC1) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=13440 (0x3480) > smb_vwv[12]=18594 (0x48A2) > smb_vwv[13]=57281 (0xDFC1) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(787) > Doing spnego session setup (blob length=104) >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) > got OID=1 2 840 48018 1 2 2 >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) > got OID=1 2 840 113554 1 2 2 >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) > got OID=1 2 840 113554 1 2 2 3 >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(812) > got OID=1 3 6 1 4 1 311 2 2 10 >[2007/04/23 15:44:07, 3] libsmb/cliconnect.c:cli_session_setup_spnego(820) > got principal=d2dmail$@D2D.COM >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,160) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,160) wrote 160 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 348 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=348 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=2726 > smb_uid=10240 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 348 (0x15C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 177 (0xB1) > smb_bcc=305 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 82 89 62 D0 2F C2 C4 AA 8A CB 8A 00 ......bÐ /ÂĪ.Ë.. > [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... > [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... > [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D > [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 > [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d > [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d > [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... > [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [130] 00 . >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=348 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=2726 > smb_uid=10240 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 348 (0x15C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 177 (0xB1) > smb_bcc=305 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] A1 81 AE 30 81 AB A0 03 0A 01 01 A1 0C 06 0A 2B ¡.®0.« . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 95 04 81 92 4E .....7.. .¢.....N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 82 89 62 D0 2F C2 C4 AA 8A CB 8A 00 ......bÐ /ÂĪ.Ë.. > [040] 00 00 00 00 00 00 00 54 00 54 00 3E 00 00 00 05 .......T .T.>.... > [050] 02 CE 0E 00 00 00 0F 44 00 32 00 44 00 02 00 06 .Î.....D .2.D.... > [060] 00 44 00 32 00 44 00 01 00 0E 00 44 00 32 00 44 .D.2.D.. ...D.2.D > [070] 00 4D 00 41 00 49 00 4C 00 04 00 0E 00 64 00 32 .M.A.I.L .....d.2 > [080] 00 64 00 2E 00 63 00 6F 00 6D 00 03 00 1E 00 64 .d...c.o .m.....d > [090] 00 32 00 64 00 6D 00 61 00 69 00 6C 00 2E 00 64 .2.d.m.a .i.l...d > [0A0] 00 32 00 64 00 2E 00 63 00 6F 00 6D 00 00 00 00 .2.d...c .o.m.... > [0B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [0C0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [0D0] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [0E0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [0F0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [100] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [110] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [120] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [130] 00 . >[2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018) > Got challenge flags: >[2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040) > NTLMSSP: Set final flags: >[2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/23 15:44:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1112) > NTLMSSP challenge set by NTLM2 >[2007/04/23 15:44:07, 5] libsmb/ntlmssp.c:ntlmssp_client_challenge(1113) > challenge is: >[2007/04/23 15:44:07, 5] lib/util.c:dump_data(2249) > [000] E2 7F B4 A0 13 A2 0B 27 â.´ .¢.' >[2007/04/23 15:44:07, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2007/04/23 15:44:07, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,270) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,270) wrote 270 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 180 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=180 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=2726 > smb_uid=10240 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=137 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r > [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c > [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d > [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=180 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=2726 > smb_uid=10240 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=137 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [030] 00 33 00 37 00 39 00 30 00 20 00 53 00 65 00 72 .3.7.9.0 . .S.e.r > [040] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c > [050] 00 6B 00 20 00 32 00 00 00 57 00 69 00 6E 00 64 .k. .2.. .W.i.n.d > [060] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [070] 00 65 00 72 00 20 00 32 00 30 00 30 00 33 00 20 .e.r. .2 .0.0.3. > [080] 00 35 00 2E 00 32 00 00 00 .5...2.. . >[2007/04/23 15:44:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(141) > Mandatory SMB signing enabled! >[2007/04/23 15:44:07, 5] libsmb/smb_signing.c:set_smb_signing_real_common(145) > SMB signing enabled! >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(490) > cli_simple_set_signing: user_session_key >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] CF A8 EE 72 E5 9E C2 95 1C A0 82 02 9A B7 C5 BB ??îrå.Â. . ...·Å» >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:cli_simple_set_signing(498) > cli_simple_set_signing: NULL response_data >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 0 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 36 4D A0 2D 1B 9E 3D E0 6M -..=à >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 1 mid = 3 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 1 mid = 3 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 1 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 1: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] F2 6A D6 E5 74 A3 A3 A1 òjÖåt££¡ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 2 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 15 A4 70 1E AD B8 26 AF .¤p.¸&¯ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 3 mid = 4 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,82) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,82) wrote 82 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 56 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 3 mid = 4 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 3 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 3: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] E7 86 52 57 7D B7 06 88 ç.RW}·.. >[2007/04/23 15:44:07, 10] libsmb/clientgen.c:cli_init_creds(254) > cli_init_creds: user Administrator domain D2D >[2007/04/23 15:44:07, 10] libsmb/namequery.c:saf_store(74) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358347] >[2007/04/23 15:44:07, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:07 2007 > (900 seconds ahead) >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 4 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 5A 72 43 AA 14 65 F3 F7 ZrCª.eó÷ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 5 mid = 5 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,104) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,104) wrote 104 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1792 (0x700) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 5 mid = 5 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 5 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 5: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] CB C7 2D AD 3B 00 5F E1 ËÇ-;._á >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[c007]: \lsarpc auth_type 0, auth_level 0 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AB .4Wx.4«Í ï..#Eg.« > [010] 00 00 00 00 .... >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0b >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0048 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0018 num_contexts: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 001c context_id : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001e num_transfer_syntaxes: 01 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 data : 12345778 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 data : 1234 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0026 data : abcd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0028 data : ef 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 002a data : 01 23 45 67 89 ab >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 version: 00000000 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0034 data : 8a885d04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0038 data : 1ceb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 003a data : 11c9 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003c data : 9f e8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003e data : 08 00 2b 10 48 60 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0044 version: 00000002 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=87 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.??ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 6 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] B5 36 C0 84 55 DD CA B9 µ6À.UÝʹ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 7 mid = 6 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,158) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,158) wrote 158 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 BF 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.¿.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 7 mid = 6 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 7 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 7: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] C6 43 A4 85 AE F5 9F B7 ÆC¤.®õ.· >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 BF 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.¿.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 7 mid = 6 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000001 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 68 bytes. >[2007/04/23 15:44:07, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 bind request returned ok. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 000182bf >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0018 len: 000c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 001a str: \PIPE\lsass. >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0028 num_results: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002c result : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002e reason : 0000 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 data : 8a885d04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0034 data : 1ceb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0036 data : 11c9 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0038 data : 9f e8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003a data : 08 00 2b 10 48 60 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0040 version: 00000002 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine D2DMAIL and bound anonymously. >[2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_sec_qos(185) > init_lsa_sec_qos >[2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304) > init_open_pol: attr:0 da:33554432 >[2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236) > init_lsa_obj_attr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 ptr : 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0004 system_name: 005c >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 len : 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c ptr_root_dir: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 ptr_obj_name: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 attributes : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 ptr_sec_desc: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 001c ptr_sec_qos : 00000001 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_qos sec_qos >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 len : 0000000c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 sec_imp_level : 0002 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0026 sec_ctxt_mode : 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0027 effective_only: 00 >[2007/04/23 15:44:07, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0028 des_access: 02000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000002 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000002c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0006 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=83 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 02 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 8 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] B4 FE 7C 5D 67 50 3E 5F ´þ|]gP>_ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 9 mid = 7 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,154) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,154) wrote 154 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 ........ .....q.Ñ > [020] 6A FB 54 BE 43 97 98 61 D6 08 2A E1 76 00 00 00 jûT¾C..a Ö.*áv... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 9 mid = 7 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 9 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 9: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 80 E0 B3 59 4D 90 64 50 .à³YM.dP >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 ........ .....q.Ñ > [020] 6A FB 54 BE 43 97 98 61 D6 08 2A E1 76 00 00 00 jûT¾C..a Ö.*áv... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 9 mid = 7 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000002 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 48 bytes. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 6ad19271 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 54fb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 43be >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 97 98 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 61 d6 08 2a e1 76 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_q_query(488) > init_q_query >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 6ad19271 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 54fb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 43be >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 97 98 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 61 d6 08 2a e1 76 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 info_class: 0005 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 002e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000003 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000016 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0007 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=61 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 71 92 D1 6A FB ........ ...q.Ñjû > [030] 54 BE 43 97 98 61 D6 08 2A E1 76 05 00 T¾C..aÖ. *áv.. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 10 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] D7 8D 43 15 06 91 35 CB ×.C...5Ë >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 11 mid = 8 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,132) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,132) wrote 132 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 152 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 D1 .H...... .......Ñ > [020] 6A 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 j....... ........ > [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H > [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ > [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... > [060] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 11 mid = 8 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 11 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 11: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] FF 7C FA EB CD EE 57 6B ÿ|úëÍîWk >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 02 00 05 00 D1 .H...... .......Ñ > [020] 6A 06 00 08 00 04 00 02 00 08 00 02 00 04 00 00 j....... ........ > [030] 00 00 00 00 00 03 00 00 00 44 00 32 00 44 00 48 ........ .D.2.D.H > [040] 60 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 `....... ........ > [050] 00 51 C5 3F 3D DB 6D E1 F1 7E 62 52 80 00 00 00 .QÅ?=Ûmá ñ~bR.... > [060] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 11 mid = 8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0060 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000003 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000048 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 96 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 144 bytes. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 dom_ptr: 00020000 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 lsa_io_query_info_ctr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0004 info_class: 0005 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query_3 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 uni_dom_max_len: 0006 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a uni_dom_str_len: 0008 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c buffer_dom_name: 00020004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 buffer_dom_sid : 00020008 >[2007/04/23 15:44:07, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 uni_max_len: 00000004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 offset : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 001c uni_str_len: 00000003 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0020 buffer : D.2.D. >[2007/04/23 15:44:07, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_dom_sid2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0028 num_auths: 00000004 >[2007/04/23 15:44:07, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_dom_sid sid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 002c sid_rev_num: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 002d num_auths : 04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 002e id_auth[0] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 002f id_auth[1] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0030 id_auth[2] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0031 id_auth[3] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0032 id_auth[4] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0033 id_auth[5] : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32s(993) > 0034 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0044 status: NT_STATUS_OK >[2007/04/23 15:44:07, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2126) > init_lsa_q_close >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_close >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 6ad19271 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 54fb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 43be >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 97 98 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 61 d6 08 2a e1 76 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 002c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000014 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0000 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49159 (0xC007) > smb_bcc=59 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 71 92 D1 6A FB ........ ...q.Ñjû > [030] 54 BE 43 97 98 61 D6 08 2A E1 76 T¾C..aÖ. *áv >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 12 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] B8 A8 3C 18 D8 A4 9E EB ¸¨<.??.ë >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 13 mid = 9 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,130) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,130) wrote 130 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 13 mid = 9 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 13 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 13: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 2A A9 FC 71 FE 4C 8D 5E *©üqþL.^ >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 13 mid = 9 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \lsarpc fnum 0xc007 returned 48 bytes. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_close >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 00 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 00 00 00 00 00 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 14 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 13 D0 27 B2 F3 2B CF C2 .Ð'²ó+Ï >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 15 mid = 10 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,45) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,45) wrote 45 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 15 mid = 10 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 15 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 15: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 83 A1 6B 95 E8 46 43 0F .¡k.èFC. >[2007/04/23 15:44:07, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) > cli_rpc_pipe_close: closed pipe \lsarpc to machine D2DMAIL >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 16 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 75 FE 10 9B CA 4A 9E 2D uþ..ÊJ.- >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 17 mid = 11 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,100) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,100) wrote 100 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 17 mid = 11 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 17 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 17: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 99 80 84 3C D5 81 1D 74 ...<Õ..t >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[8000]: \samr auth_type 0, auth_level 0 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 57 78 12 34 AB CD EF 00 01 23 45 67 89 AC .4Wx.4«Í ï..#Eg.¬ > [010] 00 00 00 01 .... >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0b >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0048 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000005 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0018 num_contexts: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 001c context_id : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001e num_transfer_syntaxes: 01 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 data : 12345778 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 data : 1234 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0026 data : abcd >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0028 data : ef 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 002a data : 01 23 45 67 89 ac >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 version: 00000001 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0034 data : 8a885d04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0038 data : 1ceb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 003a data : 11c9 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003c data : 9f e8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003e data : 08 00 2b 10 48 60 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0044 version: 00000002 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=87 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.??ï ..#Eg.¬. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 18 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 47 54 A5 B1 36 C1 40 1D GT¥±6Á@. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 19 mid = 12 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,158) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,158) wrote 158 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 C0 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.À.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 19 mid = 12 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 19 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 19: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] AC 5D 8C 92 48 C9 23 C9 ¬]..HÉ#É >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 C0 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.À.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 19 mid = 12 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000005 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 68 bytes.[2007/04/23 15:44:07, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \samr fnum 0x8000 bind request returned ok. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000005 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 000182c0 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0018 len: 000c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 001a str: \PIPE\lsass. >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0028 num_results: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002c result : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002e reason : 0000 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 data : 8a885d04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0034 data : 1ceb >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0036 data : 11c9 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0038 data : 9f e8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003a data : 08 00 2b 10 48 60 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0040 version: 00000002 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) > cli_rpc_pipe_open_noauth: opened pipe \samr to machine D2DMAIL and bound anonymously. >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_connect(36) > cli_samr_connect to D2DMAIL >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_connect(6977) > init_samr_q_connect >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_connect >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 ptr_srv_name: 00000001 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 uni_max_len: 00000008 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 offset : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c uni_str_len: 00000008 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0010 buffer : D.2.D.M.A.I.L... >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 access_mask: 02000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 003c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000006 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000024 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0039 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=75 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 06 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ > [030] 00 00 00 08 00 00 00 44 00 32 00 44 00 4D 00 41 .......D .2.D.M.A > [040] 00 49 00 4C 00 00 00 00 00 00 02 .I.L.... ... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 20 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 60 5E 48 3A F5 B0 71 D2 `^H:õ°qÒ >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 21 mid = 13 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,146) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,146) wrote 146 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 61 B5 3C ........ .....aµ< > [020] 9D 34 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 .4*£J.øP b??æ.... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 21 mid = 13 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 21 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 21: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 24 46 23 49 C7 E6 3D FE $F#IÇæ=þ >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 61 B5 3C ........ .....aµ< > [020] 9D 34 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 .4*£J.øP b??æ.... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 21 mid = 13 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000006 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_connect >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd connect_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 9d3cb561 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 2a34 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4aa3 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 86 f8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 50 62 d5 a3 e6 96 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_open_domain(149) > cli_samr_open_domain with sid S-1-5-21-1027589457-4058082779-2152882814 >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_open_domain(248) > samr_init_samr_q_open_domain >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_domain >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 9d3cb561 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 2a34 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4aa3 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 86 f8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 50 62 d5 a3 e6 96 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 flags: 02000000 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_dom_sid2 sid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 num_auths: 00000004 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_dom_sid sid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001c sid_rev_num: 01 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001d num_auths : 04 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001e id_auth[0] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001f id_auth[1] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0020 id_auth[2] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0021 id_auth[3] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0022 id_auth[4] : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0023 id_auth[5] : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32s(993) > 0024 sub_auths : 00000015 3d3fc551 f1e16ddb 8052627e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 004c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000034 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0007 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=91 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 07 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 61 B5 3C 9D 34 ........ ...aµ<.4 > [030] 2A A3 4A 86 F8 50 62 D5 A3 E6 96 00 00 00 02 04 *£J.øPbÕ £æ...... > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 51 ........ .......Q > [050] C5 3F 3D DB 6D E1 F1 7E 62 52 80 Å?=Ûmáñ~ bR. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 22 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] DE 75 EA CE 8E AB 4D 11 ÞuêÎ.«M. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 23 mid = 14 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,162) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,162) wrote 162 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BA F0 3A ........ .....ºð: > [020] 5B 03 D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 [.Õ.D¿.4 à7.(.... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 23 mid = 14 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 23 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 23: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 59 E3 F0 FB 62 0B 7E BA Yãðûb.~º >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 BA F0 3A ........ .....ºð: > [020] 5B 03 D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 [.Õ.D¿.4 à7.(.... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 23 mid = 14 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_domain >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 5b3af0ba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : d503 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4485 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : bf 89 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 34 e0 37 1a 28 8d >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1650) > cli_samr_create_dom_user geneva$ >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_create_user(5159) > samr_init_samr_q_create_user >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_create_user >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 5b3af0ba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : d503 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4485 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : bf 89 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 34 e0 37 1a 28 8d >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unihdr hdr_name >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 uni_str_len: 000e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 uni_max_len: 000e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 buffer : 00000001 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 uni_name >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 001c uni_max_len: 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 offset : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0024 uni_str_len: 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0028 buffer : g.e.n.e.v.a.$. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0038 acb_info : 00000080 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 003c access_mask: e005000b >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0058 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000008 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000040 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0032 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=170 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=103 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 58 00 00 00 08 00 00 00 40 .......X .......@ > [020] 00 00 00 00 00 32 00 00 00 00 00 BA F0 3A 5B 03 .....2.. ...ºð:[. > [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 0E 00 0E 00 01 Õ.D¿.4à7 .(...... > [040] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g > [050] 00 65 00 6E 00 65 00 76 00 61 00 24 00 00 00 80 .e.n.e.v .a.$.... > [060] 00 00 00 0B 00 05 E0 ......à >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 24 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 9C 32 CF 2D B1 81 EE 6E .2Ï-±.în >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 25 mid = 15 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,174) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,174) wrote 174 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 112 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 25 mid = 15 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 25 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 25: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] A8 69 03 FC F8 DC 89 D2 ¨i.üøÜ.Ò >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 08 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 25 mid = 15 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0038 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000008 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000020 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 56 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 64 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_create_user >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 00 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 00 00 00 00 00 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 access_granted: 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 user_rid : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 001c status: NT_STATUS_USER_EXISTS >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1590) > cli_samr_lookup_names >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4808) > init_samr_q_lookup_names >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_lookup_names >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 5b3af0ba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : d503 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4485 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : bf 89 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 34 e0 37 1a 28 8d >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 num_names1: 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 flags : 000003e8 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 001c ptr : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 num_names2: 00000001 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unihdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 uni_str_len: 000e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0026 uni_max_len: 000e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0028 buffer : 00000001 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_unistr2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 002c uni_max_len: 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 offset : 00000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0034 uni_str_len: 00000007 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0038 buffer : g.e.n.e.v.a.$. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 005e >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000009 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000046 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0011 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=109 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 09 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 11 00 00 00 00 00 BA F0 3A 5B 03 ........ ...ºð:[. > [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 01 00 00 00 E8 Õ.D¿.4à7 .(.....è > [040] 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E 00 01 ........ ........ > [050] 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 67 ........ .......g > [060] 00 65 00 6E 00 65 00 76 00 61 00 24 00 .e.n.e.v .a.$. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 26 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] DF EB 4E 75 36 87 73 9A ßëNu6.s. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 27 mid = 16 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,180) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,180) wrote 180 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 116 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 28 0C 00 00 01 00 00 00 04 00 02 .....(.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 27 mid = 16 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 27 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 27: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 46 37 4F 57 A9 BC 1A EF F7OW©¼.ï >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 09 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 28 0C 00 00 01 00 00 00 04 00 02 .....(.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 27 mid = 16 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 003c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000009 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000024 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 60 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 72 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_lookup_names >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 num_rids1: 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 ptr_rids : 00020000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 num_rids2: 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c rid[00] : 00000c28 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 num_types1: 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 ptr_types : 00020004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 num_types2: 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 001c type[00] : 00000001 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0020 status: NT_STATUS_OK >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_open_user(187) > cli_samr_open_user with rid 0xc28 >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_open_user(5090) > samr_init_samr_q_open_user >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_open_user >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd domain_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 5b3af0ba >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : d503 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4485 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : bf 89 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 34 e0 37 1a 28 8d >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 access_mask: 02000000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 user_rid : 00000c28 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0034 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000a >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000001c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0022 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=67 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 0A 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 22 00 00 00 00 00 BA F0 3A 5B 03 .....".. ...ºð:[. > [030] D5 85 44 BF 89 34 E0 37 1A 28 8D 00 00 00 02 28 Õ.D¿.4à7 .(.....( > [040] 0C 00 00 ... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 28 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] B1 65 AE 18 33 88 01 13 ±e®.3... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 29 mid = 17 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,138) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,138) wrote 138 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 C3 58 ........ ..... ÃX > [020] A8 FC 3A 96 49 93 82 2A 32 D0 62 BA 53 00 00 00 ¨ü:.I..* 2ÐbºS... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 29 mid = 17 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 29 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 29: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] EC F9 DF 9C 48 D4 EB 04 ìùß.HÔë. >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 C3 58 ........ ..... ÃX > [020] A8 FC 3A 96 49 93 82 2A 32 D0 62 BA 53 00 00 00 ¨ü:.I..* 2ÐbºS... > [030] 00 . >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 29 mid = 17 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000a >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_open_user >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd user_pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : a858c320 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 3afc >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4996 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 93 82 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 2a 32 d0 62 ba 53 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:07, 10] rpc_parse/parse_samr.c:init_sam_user_info24(5584) > init_sam_user_info24: >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1694) > cli_samr_set_userinfo >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6817) > init_samr_q_set_userinfo >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6586) > init_samr_userinfo_ctr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : a858c320 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 3afc >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4996 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 93 82 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 2a 32 d0 62 ba 53 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 switch_value: 0018 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 switch_value: 0018 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 sam_io_user_info24 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0018 password: 25 2d 3c 2f 13 dc 83 09 52 2b d2 57 6a c4 7c bc 08 a9 98 32 32 07 0e e1 a4 2b 4b 6f 11 1b 2f 3c 12 a1 c9 10 3e 91 14 c0 d7 8f d0 3e bb e1 83 88 8b e4 23 06 51 c0 49 67 8f c6 f5 92 cd d6 63 95 38 8e 32 b4 e3 12 5b 19 d9 93 b4 27 2a 14 f2 b5 ad de dd 4c 64 b5 71 33 6c 24 eb df 4d 5e 09 e1 0b f1 95 2c cf 55 13 a1 66 24 b1 b3 bf 6e ef 5d c6 94 26 38 bc 41 52 54 93 0d c6 2b b9 9e aa 71 ca e9 58 e6 59 2a 38 da a8 43 8f 6c 65 21 42 63 79 1c 7c 67 6a 65 35 45 2e 67 ad c3 99 3a dd 4d d6 da 8b eb 4b a8 aa ae cc 77 f7 26 db 2c 1d 65 74 da a3 6f 14 7c 30 3c 74 b7 ab 37 b4 4c 31 20 c1 1f 26 1b 64 92 45 d3 c9 91 a6 f0 7e 58 cb 86 b0 2e aa b8 fe 00 81 92 78 ab b4 09 39 98 1a 85 45 e7 18 d3 14 43 f9 a4 b4 b0 aa 7b 57 e9 4b e7 74 49 3d 77 e4 39 70 25 f0 2e 39 58 e1 f8 2e 87 93 d2 ae 1f b3 f4 d6 db ca 27 a2 be f6 9d 3f da 85 14 f5 63 ab e5 d1 ec 88 08 6a e5 b1 bb 8f 2d 72 e4 24 f3 ce cf 24 90 80 70 1c ba ea a8 f8 32 d6 31 bd 36 e1 72 4b b6 ec 17 c1 1a 8a 7c 35 e5 96 5c 6e 92 1e a3 cd f4 29 41 f7 1 +> > 5 34 1f 8e 65 dd 65 b3 d5 a3 07 bc 07 e6 68 1d 3d c2 89 42 d9 ae 70 55 4d 62 69 d8 52 d1 12 36 3f 98 ee 05 05 1e cd b0 63 a5 e4 f5 e4 a3 2f 82 34 61 9d f9 85 17 f8 61 e8 44 1d ed 19 97 ab b3 b0 b3 88 a9 8f ab 3e a8 30 36 ac 5a ee ec 81 5c ba aa 1a 1c 4d 72 bf 46 24 8c 55 db e7 7d a5 37 3b 24 25 12 e9 06 17 da b8 b8 f1 1b 8c 6c 8e be 73 06 2b 3d de 96 3e 8e 0d d4 5e 59 c4 81 6b 77 6b e3 31 e4 1a d9 7c 9b 02 d8 21 20 5c ce 02 6e a3 38 a2 c7 26 7b 02 d7 1d 3a 13 0d 1b 8f a8 44 9a 8f 3c 00 3e d6 ab 2f 3f b4 70 b1 8c 5d f6 ca 99 ea 64 ef 2a 4a a9 e0 fa >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 021c pw_len: 18 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0235 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000b >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000021d >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 003a >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=647 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 565 (0x235) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 565 (0x235) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=580 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 35 02 00 00 0B 00 00 00 1D .......5 ........ > [020] 02 00 00 00 00 3A 00 00 00 00 00 20 C3 58 A8 FC .....:.. ... ÃX¨ü > [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 18 00 18 00 25 :.I..*2Ð bºS....% > [040] 2D 3C 2F 13 DC 83 09 52 2B D2 57 6A C4 7C BC 08 -</.Ü..R +ÒWjÄ|¼. > [050] A9 98 32 32 07 0E E1 A4 2B 4B 6F 11 1B 2F 3C 12 ©.22..ᤠ+Ko../<. > [060] A1 C9 10 3E 91 14 C0 D7 8F D0 3E BB E1 83 88 8B ¡É.>..À× .Ð>»á... > [070] E4 23 06 51 C0 49 67 8F C6 F5 92 CD D6 63 95 38 ä#.QÀIg. Æõ.ÍÖc.8 > [080] 8E 32 B4 E3 12 5B 19 D9 93 B4 27 2A 14 F2 B5 AD .2´ã.[.Ù .´'*.?? > [090] DE DD 4C 64 B5 71 33 6C 24 EB DF 4D 5E 09 E1 0B ÞÝLdµq3l $ëßM^.á. > [0A0] F1 95 2C CF 55 13 A1 66 24 B1 B3 BF 6E EF 5D C6 ñ.,ÏU.¡f $±³¿nï]Æ > [0B0] 94 26 38 BC 41 52 54 93 0D C6 2B B9 9E AA 71 CA .&8¼ART. .Æ+¹.ªqÊ > [0C0] E9 58 E6 59 2A 38 DA A8 43 8F 6C 65 21 42 63 79 éXæY*8?? C.le!Bcy > [0D0] 1C 7C 67 6A 65 35 45 2E 67 AD C3 99 3A DD 4D D6 .|gje5E. gÃ.:ÝMÖ > [0E0] DA 8B EB 4B A8 AA AE CC 77 F7 26 DB 2C 1D 65 74 Ú.ëK¨ª®Ì w÷&Û,.et > [0F0] DA A3 6F 14 7C 30 3C 74 B7 AB 37 B4 4C 31 20 C1 ??o.|0<t ·«7´L1 Á > [100] 1F 26 1B 64 92 45 D3 C9 91 A6 F0 7E 58 CB 86 B0 .&.d.EÓÉ .¦ð~XË.° > [110] 2E AA B8 FE 00 81 92 78 AB B4 09 39 98 1A 85 45 .ª¸þ...x «´.9...E > [120] E7 18 D3 14 43 F9 A4 B4 B0 AA 7B 57 E9 4B E7 74 ç.Ó.C?? °ª{WéKçt > [130] 49 3D 77 E4 39 70 25 F0 2E 39 58 E1 F8 2E 87 93 I=wä9p%ð .9Xáø... > [140] D2 AE 1F B3 F4 D6 DB CA 27 A2 BE F6 9D 3F DA 85 ??.³ôÖÛÊ '¢¾ö.?Ú. > [150] 14 F5 63 AB E5 D1 EC 88 08 6A E5 B1 BB 8F 2D 72 .õc«åÑì. .j??.-r > [160] E4 24 F3 CE CF 24 90 80 70 1C BA EA A8 F8 32 D6 ä$óÎÏ$.. p.ºê¨ø2Ö > [170] 31 BD 36 E1 72 4B B6 EC 17 C1 1A 8A 7C 35 E5 96 1½6árK¶ì .Á..|5å. > [180] 5C 6E 92 1E A3 CD F4 29 41 F7 15 34 1F 8E 65 DD \n..£Íô) A÷.4..eÝ > [190] 65 B3 D5 A3 07 BC 07 E6 68 1D 3D C2 89 42 D9 AE e³Õ£.¼.æ h.=Â.B?? > [1A0] 70 55 4D 62 69 D8 52 D1 12 36 3F 98 EE 05 05 1E pUMbiØRÑ .6?.î... > [1B0] CD B0 63 A5 E4 F5 E4 A3 2F 82 34 61 9D F9 85 17 ??c¥äõä£ /.4a.ù.. > [1C0] F8 61 E8 44 1D ED 19 97 AB B3 B0 B3 88 A9 8F AB øaèD.í.. «³°³.©.« > [1D0] 3E A8 30 36 AC 5A EE EC 81 5C BA AA 1A 1C 4D 72 >¨06¬Zîì .\ºª..Mr > [1E0] BF 46 24 8C 55 DB E7 7D A5 37 3B 24 25 12 E9 06 ¿F$.UÛç} ¥7;$%.é. > [1F0] 17 DA B8 B8 F1 1B 8C 6C 8E BE 73 06 2B 3D DE 96 .??¸ñ..l .¾s.+=Þ. >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 30 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] AA 13 57 04 AE E2 1F 63 ª.W.®â.c >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 31 mid = 18 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,651) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,651) wrote 651 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 84 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 31 mid = 18 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 31 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 31: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] D7 51 60 FE B9 B1 1E 96 ×Q`??.. >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 31 mid = 18 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 001c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000b >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000004 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/04/23 15:44:07, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 8 bytes. >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0000 status: NT_STATUS_OK >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5428) > init_sam_user_info16 >[2007/04/23 15:44:07, 10] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1745) > cli_samr_set_userinfo2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6891) > init_samr_q_set_userinfo2 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_set_userinfo2 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : a858c320 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 3afc >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4996 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 93 82 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 2a 32 d0 62 ba 53 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 switch_value: 0010 >[2007/04/23 15:44:07, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 samr_io_userinfo_ctr ctr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 switch_value: 0010 >[2007/04/23 15:44:07, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 samr_io_r_user_info16 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0018 acb_info: 00000080 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0034 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000001c >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:07, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0025 >[2007/04/23 15:44:07, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=67 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 0C 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 25 00 00 00 00 00 20 C3 58 A8 FC .....%.. ... ÃX¨ü > [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 10 00 10 00 80 :.I..*2Ð bºS..... > [040] 00 00 00 ... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 32 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] C4 05 C4 3F 3B 82 90 D7 Ä.Ä?;..× >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 33 mid = 19 >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,138) >[2007/04/23 15:44:07, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,138) wrote 138 >[2007/04/23 15:44:07, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 84 >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(494) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 33 mid = 19 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 33 >[2007/04/23 15:44:07, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 33: got good SMB signature of >[2007/04/23 15:44:07, 10] lib/util.c:dump_data(2249) > [000] 7F C2 67 C4 65 E5 E2 94 .ÂgÄeåâ. >[2007/04/23 15:44:07, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0C 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 33 mid = 19 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 001c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000004 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 8 bytes. >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_set_userinfo2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0000 status: NT_STATUS_OK >[2007/04/23 15:44:08, 10] rpc_client/cli_samr.c:rpccli_samr_close(109) > cli_samr_close >[2007/04/23 15:44:08, 5] rpc_parse/parse_samr.c:init_samr_q_close_hnd(38) > init_samr_q_close_hnd >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_q_close_hnd >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : a858c320 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 3afc >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 4996 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 93 82 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 2a 32 d0 62 ba 53 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 002c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000d >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000014 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0001 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=59 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 20 C3 58 A8 FC ........ ... ÃX¨ü > [030] 3A 96 49 93 82 2A 32 D0 62 BA 53 :.I..*2Ð bºS >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 34 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 7D 73 85 22 77 30 02 B5 }s."w0.µ >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 35 mid = 20 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,130) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,130) wrote 130 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 104 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 35 mid = 20 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 35 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 35: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 41 FD AF 1E D3 06 78 3D Aý¯.Ó.x= >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 35 mid = 20 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0030 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000d >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000018 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \samr fnum 0x8000 returned 48 bytes.[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 samr_io_r_close_hnd >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd pol >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 handle_type: 00000000 >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 data : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 data : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a data : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000c data : 00 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 000e data : 00 00 00 00 00 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0014 status: NT_STATUS_OK >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 36 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 92 26 27 F7 52 04 2E 17 .&'÷R... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 37 mid = 21 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,45) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,45) wrote 45 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=21 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 37 mid = 21 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 37 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 37: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 82 CB C0 F7 F3 DD 4B 6A .ËÀ÷óÝKj >[2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) > cli_rpc_pipe_close: closed pipe \samr to machine D2DMAIL >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 38 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] E2 A2 4D 04 6D C5 E9 C1 â¢M.mÅéÁ >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 39 mid = 22 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,108) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,108) wrote 108 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=22 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 320 (0x140) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 39 mid = 22 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 39 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 39: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 2C 9D B3 AF AF DA F9 DF ,.³¯¯Úùß >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[400a]: \NETLOGON auth_type 0, auth_level 0 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû > [010] 00 00 00 01 .... >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0b >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0048 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000e >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0018 num_contexts: 01 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 001c context_id : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001e num_transfer_syntaxes: 01 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 data : 12345678 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 data : 1234 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0026 data : abcd >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0028 data : ef 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 002a data : 01 23 45 67 cf fb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 version: 00000001 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0034 data : 8a885d04 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0038 data : 1ceb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 003a data : 11c9 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003c data : 9f e8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003e data : 08 00 2b 10 48 60 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0044 version: 00000002 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=87 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 40 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 9B 2F 85 3D 52 45 C2 79 ./.=REÂy >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 41 mid = 23 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,158) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,158) wrote 158 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... > [010] 00 B8 10 B8 10 C3 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ã.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 41 mid = 23 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 41 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 41: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] FB 49 A0 7A 42 D3 92 20 ûI zBÓ. >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... > [010] 00 B8 10 B8 10 C3 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ã.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 41 mid = 23 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000e >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 68 bytes. >[2007/04/23 15:44:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a bind request returned ok. >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0044 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000e >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 000182c3 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0018 len: 000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 001a str: \PIPE\lsass. >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0028 num_results: 01 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002c result : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002e reason : 0000 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 data : 8a885d04 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0034 data : 1ceb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0036 data : 11c9 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0038 data : 9f e8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003a data : 08 00 2b 10 48 60 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0040 version: 00000002 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2277) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine D2DMAIL and bound anonymously. >[2007/04/23 15:44:08, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(46) > cli_net_req_chal: LSA Request Challenge from GENEVA to \\D2DMAIL >[2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 undoc_buffer: 00000001 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 uni_max_len: 0000000a >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 offset : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c uni_str_len: 0000000a >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0010 buffer : \.\.D.2.D.M.A.I.L... >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0024 uni_max_len: 00000007 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0028 offset : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 002c uni_str_len: 00000007 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0030 buffer : G.E.N.E.V.A... >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_chal >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003e data: 26 78 86 92 d9 0f ac 43 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 005e >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000f >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000046 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 0004 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=109 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5E 00 00 00 0F 00 00 00 46 .......^ .......F > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D > [040] 00 4D 00 41 00 49 00 4C 00 00 00 07 00 00 00 00 .M.A.I.L ........ > [050] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [060] 00 41 00 00 00 26 78 86 92 D9 0F AC 43 .A...&x. .Ù.¬C >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 42 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] BE 5A 47 77 16 E0 C0 8D ¾ZGw.àÀ. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 43 mid = 24 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,180) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,180) wrote 180 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 8D 60 7B 0D 20 2C EB ........ ..`{. ,ë > [020] 5E 00 00 00 00 ^.... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 43 mid = 24 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 43 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 43: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 8D BC 84 D6 FB 6F 7C 65 .¼.Öûo|e >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0F 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 8D 60 7B 0D 20 2C EB ........ ..`{. ,ë > [020] 5E 00 00 00 00 ^.... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 43 mid = 24 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0024 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 0000000f >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 24 bytes. >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0000 data: 8d 60 7b 0d 20 2c eb 5e >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 0008 status: NT_STATUS_OK >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: neg_flags : 400701ff >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(289) > creds_client_init: client chal : 26788692D90FAC43 >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(290) > creds_client_init: server chal : 8D607B0D202CEB5E >[2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(119) > creds_init_64 >[2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(120) > clnt_chal_in: 26788692D90FAC43 >[2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(121) > srv_chal_in : 8D607B0D202CEB5E >[2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(122) > clnt+srv : B3D801A0F93B97A2 >[2007/04/23 15:44:08, 5] libsmb/credentials.c:creds_init_64(123) > sess_key_out : EB6CA2A7BFE474A2 >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: clnt : BD35FE4C52C2B69E >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(309) > creds_client_init: server : 2B48462A610F6C8B >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_init(310) > creds_client_init: seed : BD35FE4C52C2B69E >[2007/04/23 15:44:08, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(170) > cli_net_auth2: srv:\\D2DMAIL acct:GENEVA$ sc:2 mc: GENEVA neg: 400701ff >[2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2007/04/23 15:44:08, 5] rpc_parse/parse_misc.c:init_log_info(1421) > make_log_info 1421 >[2007/04/23 15:44:08, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 undoc_buffer: 00000001 >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 uni_max_len: 0000000a >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 offset : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c uni_str_len: 0000000a >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0010 buffer : \.\.D.2.D.M.A.I.L... >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0024 uni_max_len: 00000008 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0028 offset : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 002c uni_str_len: 00000008 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0030 buffer : G.E.N.E.V.A.$... >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0040 sec_chan: 0002 >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_unistr2 unistr2 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0044 uni_max_len: 00000007 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0048 offset : 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 004c uni_str_len: 00000007 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:dbg_rw_punival(938) > 0050 buffer : G.E.N.E.V.A... >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00005e smb_io_chal >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 005e data: bd 35 fe 4c 52 c2 b6 9e >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 net_io_neg_flags >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0068 neg_flags: 400701ff >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0084 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000010 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 0000006c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0016 opnum : 000f >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=16394 (0x400A) > smb_bcc=147 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 10 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 44 00 32 00 44 .......\ .\.D.2.D > [040] 00 4D 00 41 00 49 00 4C 00 00 00 08 00 00 00 00 .M.A.I.L ........ > [050] 00 00 00 08 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [060] 00 41 00 24 00 00 00 02 00 00 00 07 00 00 00 00 .A.$.... ........ > [070] 00 00 00 07 00 00 00 47 00 45 00 4E 00 45 00 56 .......G .E.N.E.V > [080] 00 41 00 00 00 BD 35 FE 4C 52 C2 B6 9E 00 00 FF .A...½5þ LR¶...ÿ > [090] 01 07 40 ..@ >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 44 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 4F 06 2D F3 85 FA A1 A3 O.-ó.?? >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 45 mid = 25 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,218) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,218) wrote 218 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 2B 48 46 2A 61 0F 6C ........ .+HF*a.l > [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 45 mid = 25 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 45 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 45: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 21 1C 18 DE FA BA 40 B0 !..Þúº@° >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 10 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 2B 48 46 2A 61 0F 6C ........ .+HF*a.l > [020] 8B FF 01 07 40 00 00 00 00 .ÿ..@... . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 45 mid = 25 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 02 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0028 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000010 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0010 alloc_hint: 00000010 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0014 context_id: 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0016 cancel_ct : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0017 reserved : 00 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0x400a returned 32 bytes. >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0000 data: 2b 48 46 2a 61 0f 6c 8b >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0008 neg_flags: 400701ff >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(765) > 000c status: NT_STATUS_OK >[2007/04/23 15:44:08, 10] libsmb/credentials.c:creds_client_check(327) > creds_client_check: credentials check OK. >[2007/04/23 15:44:08, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346) > rpccli_netlogon_setup_creds: server D2DMAIL credential chain established. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 46 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 42 0B 08 D3 8F 10 75 35 B..Ó..u5 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 47 mid = 26 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,108) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,108) wrote 108 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=26 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 3072 (0xC00) > smb_vwv[ 3]= 448 (0x1C0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 47 mid = 26 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 47 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 47: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] CC D5 FF BF 7A 00 B9 DA ÌÕÿ¿z.¹Ú >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044) > Bind RPC Pipe[c00c]: \NETLOGON auth_type 2, auth_level 6 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 12 34 56 78 12 34 AB CD EF 00 01 23 45 67 CF FB .4Vx.4«Í ï..#EgÏû > [010] 00 00 00 01 .... >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 8A 88 5D 04 1C EB 11 C9 9F E8 08 00 2B 10 48 60 ..]..ë.É .è..+.H` > [010] 00 00 00 02 .... >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0000 type1: 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0004 type2: 00000003 >[2007/04/23 15:44:08, 6] lib/util.c:dump_data(2249) > [000] 44 32 44 D2D >[2007/04/23 15:44:08, 6] lib/util.c:dump_data(2249) > [000] 47 45 4E 45 56 41 GENEVA >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0b >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0063 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 0013 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000011 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 00000000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0018 num_contexts: 01 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 001c context_id : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 001e num_transfer_syntaxes: 01 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0020 data : 12345678 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0024 data : 1234 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0026 data : abcd >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0028 data : ef 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 002a data : 01 23 45 67 cf fb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 version: 00000001 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0034 data : 8a885d04 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0038 data : 1ceb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 003a data : 11c9 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003c data : 9f e8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003e data : 08 00 2b 10 48 60 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0044 version: 00000002 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0048 auth_type : 44 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0049 auth_level : 06 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 004a auth_pad_len : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 004b auth_reserved: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 004c auth_context_id: 00000001 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=181 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=27 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 99 (0x63) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 99 (0x63) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=49164 (0xC00C) > smb_bcc=114 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 63 00 13 00 11 00 00 00 B8 .......c .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.??ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 44 32 44 00 47 45 4E 45 56 .......D 2D.GENEV > [070] 41 00 A. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 48 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 5A CE 2F 6D 5F 06 FC 6E ZÎ/m_.ün >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 49 mid = 27 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,185) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,185) wrote 185 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 11 00 00 ........ .X...... > [010] 00 B8 10 B8 10 C4 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ä.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 19 04 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 00 00 00 ........ . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 49 mid = 27 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 49 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 49: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 70 07 87 B6 66 17 EA 5E p..¶f.ê^ >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=27 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 00 05 00 0C 03 10 00 00 00 58 00 0C 00 11 00 00 ........ .X...... > [010] 00 B8 10 B8 10 C4 82 01 00 0C 00 5C 50 49 50 45 .¸.¸.Ä.. ...\PIPE > [020] 5C 6C 73 61 73 73 00 19 04 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 00 00 00 ........ . >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 49 mid = 27 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0058 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000011 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) > rpc_api_pipe: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c returned 88 bytes. >[2007/04/23 15:44:08, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine D2DMAIL pipe \NETLOGON fnum 0xc00c bind request returned ok. >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0000 major : 05 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0001 minor : 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0002 pkt_type : 0c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0003 flags : 03 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0004 pack_type0: 10 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0005 pack_type1: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0006 pack_type2: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0007 pack_type3: 00 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0008 frag_len : 0058 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 000a auth_len : 000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 000c call_id : 00000011 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0010 max_tsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0012 max_rsize: 10b8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0014 assoc_gid: 000182c4 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0018 len: 000c >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 001a str: \PIPE\lsass. >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8(616) > 0028 num_results: 01 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002c result : 0000 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 002e reason : 0000 >[2007/04/23 15:44:08, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2007/04/23 15:44:08, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0030 data : 8a885d04 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0034 data : 1ceb >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint16(677) > 0036 data : 11c9 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 0038 data : 9f e8 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint8s(853) > 003a data : 08 00 2b 10 48 60 >[2007/04/23 15:44:08, 5] rpc_parse/parse_prs.c:prs_uint32(706) > 0040 version: 00000002 >[2007/04/23 15:44:08, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2007/04/23 15:44:08, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2543) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine D2DMAIL for domain D2D and bound using schannel. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 50 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 68 93 20 2E 7E D9 A7 CD h. .~??Í >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 51 mid = 28 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,45) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,45) wrote 45 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=28 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 51 mid = 28 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 51 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 51: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] A9 F2 99 B1 F7 E1 AF 23 ©ò.±÷á¯# >[2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 52 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] ED 88 4E 6E B2 A6 62 83 í.Nn²¦b. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 53 mid = 29 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,45) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,45) wrote 45 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=29 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 53 mid = 29 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 53 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 53: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] CE 29 0D AF 0C 23 2D D4 Î).¯.#-Ô >[2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_rpc_pipe_close(395) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine D2DMAIL >[2007/04/23 15:44:08, 3] libsmb/cliconnect.c:cli_start_connection(1503) > Connecting to host=D2DMAIL >[2007/04/23 15:44:08, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 192.168.30.206 at port 445 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 49152 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 49640 >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDLOWAT. >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVLOWAT. >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_SNDTIMEO. >[2007/04/23 15:44:08, 5] lib/util_sock.c:print_socket_options(204) > Could not test socket option SO_RCVTIMEO. >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(7,194) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(7,194) wrote 194 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 173 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=38016 (0x9480) > smb_vwv[12]=21417 (0x53A9) > smb_vwv[13]=57282 (0xDFC2) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=38016 (0x9480) > smb_vwv[12]=21417 (0x53A9) > smb_vwv[13]=57282 (0xDFC2) > smb_vwv[14]=51077 (0xC785) > smb_vwv[15]=61441 (0xF001) > smb_vwv[16]= 0 (0x0) > smb_bcc=104 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 6F D4 6E CA FF 85 57 43 8D 8B D7 06 B2 3B B4 78 oÔnÊÿ.WC ..×.²;´x > [010] 60 56 06 06 2B 06 01 05 05 02 A0 4C 30 4A A0 30 `V..+... .. L0J 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 16 30 14 A0 12 1B 10 64 32 64 6D 61 69 6C 24 £.0. ... d2dmail$ > [060] 40 44 32 44 2E 43 4F 4D @D2D.COM >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(7,92) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(7,92) wrote 92 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 177 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=51200 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 24 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 $W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=177 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2726 > smb_uid=51200 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 177 (0xB1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=136 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 24 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 $W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0 > [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e > [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. > [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2 > [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2.. > [080] 00 44 00 32 00 44 00 00 .D.2.D.. >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(7,82) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(7,82) wrote 82 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 56 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=28672 > smb_pid=2726 > smb_uid=51200 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]= 511 (0x1FF) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 511 (0x1FF) > smb_vwv[ 6]= 0 (0x0) > smb_bcc=7 >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/04/23 15:44:08, 10] libsmb/clientgen.c:cli_init_creds(254) > cli_init_creds: user domain >[2007/04/23 15:44:08, 10] libsmb/namequery.c:saf_store(74) > saf_store: domain = [D2D], server = [D2DMAIL], expire = [1177358348] >[2007/04/23 15:44:08, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/D2D; value = D2DMAIL and timeout = Mon Apr 23 15:59:08 2007 > (900 seconds ahead) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(7,108) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(7,108) wrote 108 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0xa2 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=28672 > smb_pid=2726 > smb_uid=51200 > smb_mid=4 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:08, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222) > cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine D2DMAIL. Error was NT_STATUS_ACCESS_DENIED >[2007/04/23 15:44:08, 0] utils/net_rpc_join.c:net_rpc_join_ok(70) > net_rpc_join_ok: failed to get schannel session key from server D2DMAIL for domain D2D. Error was NT_STATUS_ACCESS_DENIED >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(7,39) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(7,39) wrote 39 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=28672 > smb_pid=2726 > smb_uid=51200 > smb_mid=5 > smt_wct=0 > smb_bcc=0 >Unable to join domain D2D. >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 54 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349) client_sign_outgoing_message: sent SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 0A EF 61 20 96 9F 99 0A .ïa .... >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) > store_sequence_for_reply: stored seq = 55 mid = 30 >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(153) > write_socket(4,39) >[2007/04/23 15:44:08, 6] libsmb/clientgen.c:write_socket(156) > write_socket(4,39) wrote 39 >[2007/04/23 15:44:08, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(484) >[2007/04/23 15:44:08, 5] lib/util.c:show_msg(494) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=63488 > smb_pid=2726 > smb_uid=10240 > smb_mid=30 > smt_wct=0 > smb_bcc=0 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) > get_sequence_for_reply: found seq = 55 mid = 30 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:simple_packet_signature(283) > simple_packet_signature: sequence number 55 >[2007/04/23 15:44:08, 10] libsmb/smb_signing.c:client_check_incoming_message(430) > client_check_incoming_message: seq 55: got good SMB signature of >[2007/04/23 15:44:08, 10] lib/util.c:dump_data(2249) > [000] 78 19 21 6D 96 82 9B 43 x.!m...C >[2007/04/23 15:44:08, 2] utils/net.c:main(1032) > return code = -1 >#
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2400">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4503
:
2376
|
2383
| 2400