The Samba-Bugzilla – Attachment 3053 Details for
Bug 4879
Samba not joining longhorn server in security = DOMAIN
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
debug level 10 output of net rpc join
net_join (text/plain), 339.79 KB, created by
Magnus Mertens
on 2007-12-18 08:49:21 UTC
(
hide
)
Description:
debug level 10 output of net rpc join
Filename:
MIME Type:
Creator:
Magnus Mertens
Created:
2007-12-18 08:49:21 UTC
Size:
339.79 KB
patch
obsolete
>[2007/12/14 15:52:56, 5] lib/debug.c:debug_dump_status(392) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > registry: False/0 >[2007/12/14 15:52:56, 3] param/loadparm.c:lp_load(5656) > lp_load: refreshing parameters >[2007/12/14 15:52:56, 3] param/loadparm.c:init_globals(1457) > Initialising global parameters >[2007/12/14 15:52:56, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" >[2007/12/14 15:52:56, 3] param/loadparm.c:do_section(4349) > Processing section "[global]" > doing parameter workgroup = MM > doing parameter security = domain > doing parameter max log size = 0 > doing parameter log file = /var/log/samba/log.%I > doing parameter log level = 10 > doing parameter debug pid = yes > doing parameter debug hires timestamp = yes >[2007/12/14 15:52:56.360275, 4, pid=6050] param/loadparm.c:lp_load(5688) > pm_process() returned Yes >[2007/12/14 15:52:56.360341, 7, pid=6050] param/loadparm.c:lp_servicenumber(5829) > lp_servicenumber: couldn't find homes >[2007/12/14 15:52:56.360413, 10, pid=6050] param/loadparm.c:set_server_role(4893) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2007/12/14 15:52:56.360965, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2LE >[2007/12/14 15:52:56.361081, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2LE >[2007/12/14 15:52:56.361115, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16LE >[2007/12/14 15:52:56.361160, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16LE >[2007/12/14 15:52:56.361193, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS-2BE >[2007/12/14 15:52:56.361225, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UCS-2BE >[2007/12/14 15:52:56.361256, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-16BE >[2007/12/14 15:52:56.361288, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-16BE >[2007/12/14 15:52:56.361319, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF8 >[2007/12/14 15:52:56.361917, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UTF8 >[2007/12/14 15:52:56.362085, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UTF-8 >[2007/12/14 15:52:56.362243, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UTF-8 >[2007/12/14 15:52:56.362277, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ASCII >[2007/12/14 15:52:56.362308, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset ASCII >[2007/12/14 15:52:56.362923, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset 646 >[2007/12/14 15:52:56.362956, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset 646 >[2007/12/14 15:52:56.363085, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset ISO-8859-1 >[2007/12/14 15:52:56.363119, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset ISO-8859-1 >[2007/12/14 15:52:56.363150, 5, pid=6050] lib/iconv.c:smb_register_charset(104) > Attempting to register new charset UCS2-HEX >[2007/12/14 15:52:56.363262, 5, pid=6050] lib/iconv.c:smb_register_charset(112) > Registered charset UCS2-HEX >[2007/12/14 15:52:56.363983, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.365100, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.365201, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.365248, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.365351, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.365962, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.366077, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.366169, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.366217, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.366302, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367065, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367152, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367238, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367286, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367333, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.367955, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368074, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368149, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368197, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368240, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368282, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368328, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.368965, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.369078, 5, pid=6050] lib/charcnv.c:charset_name(81) > Substituting charset 'ISO-8859-1' for LOCALE >[2007/12/14 15:52:56.426182, 5, pid=6050] lib/util.c:init_names(273) > Netbios name list:- > my_netbios_names[0]="SARGE26" >[2007/12/14 15:52:56.428213, 2, pid=6050] lib/interface.c:add_interface(334) > added interface eth0 ip=fe80::20c:29ff:fe06:ad6d%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2007/12/14 15:52:56.429067, 2, pid=6050] lib/interface.c:add_interface(334) > added interface eth1 ip=fe80::20c:29ff:fe06:ad77%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: >[2007/12/14 15:52:56.429140, 2, pid=6050] lib/interface.c:add_interface(334) > added interface eth1 ip=192.168.42.248 bcast=192.168.42.255 netmask=255.255.255.0 >[2007/12/14 15:52:56.429180, 2, pid=6050] lib/interface.c:add_interface(334) > added interface eth0 ip=10.0.27.2 bcast=10.255.255.255 netmask=255.0.0.0 >[2007/12/14 15:52:56.429308, 10, pid=6050] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up MM#1b (sitename (null)) >[2007/12/14 15:52:56.429975, 5, pid=6050] lib/gencache.c:gencache_init(62) > Opening cache file at /usr/local/samba/var/locks/gencache.tdb >[2007/12/14 15:52:56.430922, 10, pid=6050] lib/gencache.c:gencache_get(219) > Returning valid cache entry: key = NBT/MM#1B, value = 10.0.27.1:0, timeout = Fri Dec 14 16:01:05 2007 >[2007/12/14 15:52:56.431082, 5, pid=6050] libsmb/namecache.c:namecache_fetch(233) > name MM#1B found. >[2007/12/14 15:52:56.431246, 10, pid=6050] libsmb/namequery.c:name_status_find(319) > name_status_find: looking up MM#1b at 10.0.27.1 >[2007/12/14 15:52:56.431304, 10, pid=6050] lib/gencache.c:gencache_get(219) > Returning valid cache entry: key = NBT/MM#1B.20.10.0.27.1, value = WIN2008, timeout = Fri Dec 14 16:01:05 2007 >[2007/12/14 15:52:56.431931, 5, pid=6050] libsmb/namecache.c:namecache_status_fetch(387) > namecache_status_fetch: key NBT/MM#1B.20.10.0.27.1 -> WIN2008 >[2007/12/14 15:52:56.432961, 3, pid=6050] libsmb/cliconnect.c:cli_start_connection(1560) > Connecting to host=WIN2008 >[2007/12/14 15:52:56.433156, 3, pid=6050] lib/util_sock.c:open_socket_out(1457) > Connecting to 10.0.27.1 at port 445 >[2007/12/14 15:52:56.446962, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_KEEPALIVE = 0 >[2007/12/14 15:52:56.447109, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_REUSEADDR = 0 >[2007/12/14 15:52:56.447146, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_BROADCAST = 0 >[2007/12/14 15:52:56.447186, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_NODELAY = 1 >[2007/12/14 15:52:56.447219, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPCNT = 9 >[2007/12/14 15:52:56.447253, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPIDLE = 7200 >[2007/12/14 15:52:56.447318, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPINTVL = 75 >[2007/12/14 15:52:56.447358, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option IPTOS_LOWDELAY = 0 >[2007/12/14 15:52:56.447934, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option IPTOS_THROUGHPUT = 0 >[2007/12/14 15:52:56.448072, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDBUF = 16384 >[2007/12/14 15:52:56.448107, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVBUF = 87380 >[2007/12/14 15:52:56.448140, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDLOWAT = 1 >[2007/12/14 15:52:56.448173, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVLOWAT = 1 >[2007/12/14 15:52:56.448205, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDTIMEO = 0 >[2007/12/14 15:52:56.448241, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVTIMEO = 0 >[2007/12/14 15:52:56.448313, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,194) >[2007/12/14 15:52:56.448937, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,194) wrote 194 >[2007/12/14 15:52:56.450172, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 193 >[2007/12/14 15:52:56.450254, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.450280, 5, pid=6050] lib/util.c:show_msg(582) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=28288 (0x6E80) > smb_vwv[12]=50515 (0xC553) > smb_vwv[13]=24822 (0x60F6) > smb_vwv[14]=51262 (0xC83E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2007/12/14 15:52:56.451168, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 9C 85 79 AD 09 86 14 47 93 C3 B9 DD FE A9 CB EE ..y...G .ùÝþ©Ëî > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... .. `0^ 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 £*0( &.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2007/12/14 15:52:56.452089, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.452116, 5, pid=6050] lib/util.c:show_msg(582) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=28288 (0x6E80) > smb_vwv[12]=50515 (0xC553) > smb_vwv[13]=24822 (0x60F6) > smb_vwv[14]=51262 (0xC83E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2007/12/14 15:52:56.452905, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 9C 85 79 AD 09 86 14 47 93 C3 B9 DD FE A9 CB EE ..y...G .ùÝþ©Ëî > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... .. `0^ 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 £*0( &.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2007/12/14 15:52:56.453977, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,92) >[2007/12/14 15:52:56.454074, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,92) wrote 92 >[2007/12/14 15:52:56.455098, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 241 >[2007/12/14 15:52:56.455154, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.455179, 5, pid=6050] lib/util.c:show_msg(582) > size=241 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 241 (0xF1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=200 >[2007/12/14 15:52:56.455310, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 11 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [020] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [030] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d > [040] 00 20 00 36 00 30 00 30 00 31 00 20 00 53 00 65 . .6.0.0 .1. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 2C 00 20 00 76 00 2E .c.k. .1 .,. .v.. > [070] 00 36 00 36 00 37 00 00 00 57 00 69 00 6E 00 64 .6.6.7.. .W.i.n.d > [080] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [090] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [0A0] 00 30 00 30 00 38 00 20 00 53 00 74 00 61 00 6E .0.0.8. .S.t.a.n > [0B0] 00 64 00 61 00 72 00 64 00 20 00 36 00 2E 00 30 .d.a.r.d . .6...0 > [0C0] 00 00 00 4D 00 4D 00 00 ...M.M.. >[2007/12/14 15:52:56.456283, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.456310, 5, pid=6050] lib/util.c:show_msg(582) > size=241 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 241 (0xF1) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=200 >[2007/12/14 15:52:56.456441, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 11 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [020] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [030] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d > [040] 00 20 00 36 00 30 00 30 00 31 00 20 00 53 00 65 . .6.0.0 .1. .S.e > [050] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e. .P.a > [060] 00 63 00 6B 00 20 00 31 00 2C 00 20 00 76 00 2E .c.k. .1 .,. .v.. > [070] 00 36 00 36 00 37 00 00 00 57 00 69 00 6E 00 64 .6.6.7.. .W.i.n.d > [080] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [090] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [0A0] 00 30 00 30 00 38 00 20 00 53 00 74 00 61 00 6E .0.0.8. .S.t.a.n > [0B0] 00 64 00 61 00 72 00 64 00 20 00 36 00 2E 00 30 .d.a.r.d . .6...0 > [0C0] 00 00 00 4D 00 4D 00 00 ...M.M.. >[2007/12/14 15:52:56.457512, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,82) >[2007/12/14 15:52:56.457600, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,82) wrote 82 >[2007/12/14 15:52:56.459075, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 56 >[2007/12/14 15:52:56.459130, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.459154, 5, pid=6050] lib/util.c:show_msg(582) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=3 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]=65535 (0xFFFF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]= 31 (0x1F) > smb_bcc=7 >[2007/12/14 15:52:56.459940, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/12/14 15:52:56.460079, 10, pid=6050] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user domain >[2007/12/14 15:52:56.460132, 10, pid=6050] libsmb/namequery.c:saf_store(75) > saf_store: domain = [MM], server = [WIN2008], expire = [1197644876] >[2007/12/14 15:52:56.460179, 10, pid=6050] lib/gencache.c:gencache_set(138) > Adding cache entry with key = SAF/DOMAIN/MM; value = WIN2008 and timeout = Fri Dec 14 16:07:56 2007 > (900 seconds ahead) >[2007/12/14 15:52:56.460901, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,104) >[2007/12/14 15:52:56.461069, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,104) wrote 104 >[2007/12/14 15:52:56.462111, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 103 >[2007/12/14 15:52:56.462176, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.462201, 5, pid=6050] lib/util.c:show_msg(582) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/12/14 15:52:56.463108, 5, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) > Bind RPC Pipe[8004]: \lsarpc auth_type 0, auth_level 0 >[2007/12/14 15:52:56.463158, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1648) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« > [010] 00 00 00 00 .... >[2007/12/14 15:52:56.463285, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1651) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2007/12/14 15:52:56.463918, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.464159, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.464196, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.464228, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2007/12/14 15:52:56.464260, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.464292, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.464324, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.464894, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.464927, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.465059, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2007/12/14 15:52:56.465094, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.465126, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2007/12/14 15:52:56.465159, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2007/12/14 15:52:56.465223, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:52:56.465255, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:52:56.465287, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:52:56.465319, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2007/12/14 15:52:56.465914, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2007/12/14 15:52:56.466050, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2007/12/14 15:52:56.466084, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2007/12/14 15:52:56.466117, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2007/12/14 15:52:56.466157, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2007/12/14 15:52:56.466191, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2007/12/14 15:52:56.466223, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2007/12/14 15:52:56.466255, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2007/12/14 15:52:56.466287, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2007/12/14 15:52:56.466930, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2007/12/14 15:52:56.467053, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2007/12/14 15:52:56.467087, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2007/12/14 15:52:56.467118, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2007/12/14 15:52:56.467150, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2007/12/14 15:52:56.467181, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2007/12/14 15:52:56.467213, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2007/12/14 15:52:56.467245, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2007/12/14 15:52:56.467278, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2007/12/14 15:52:56.467898, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2007/12/14 15:52:56.468048, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 >[2007/12/14 15:52:56.468138, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.468167, 5, pid=6050] lib/util.c:show_msg(582) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32772 (0x8004) > smb_bcc=87 >[2007/12/14 15:52:56.468979, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/12/14 15:52:56.469269, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,158) >[2007/12/14 15:52:56.469370, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,158) wrote 158 >[2007/12/14 15:52:56.470930, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 124 >[2007/12/14 15:52:56.471108, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.471136, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:52:56.471323, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5D 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.].. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 C0 01 00 00 00 00 00 00 \lsass.. À....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:52:56.472123, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.472150, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:52:56.472335, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5D 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.].. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 C0 01 00 00 00 00 00 00 \lsass.. À....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:52:56.473094, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.473148, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.473182, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.473214, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:52:56.473246, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.473278, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.473310, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.473922, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.474060, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.474094, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:52:56.474126, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.474186, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2007/12/14 15:52:56.474243, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/12/14 15:52:56.474279, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 returned 68 bytes. >[2007/12/14 15:52:56.474904, 3, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) > rpc_pipe_bind: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 bind request returned ok. >[2007/12/14 15:52:56.475046, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.475081, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.475114, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.475146, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:52:56.475177, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.475210, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.475241, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.475274, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.475914, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.476047, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:52:56.476081, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.476113, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000001 >[2007/12/14 15:52:56.476146, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2007/12/14 15:52:56.476179, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:52:56.476211, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:52:56.476243, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:52:56.476275, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 0000985d >[2007/12/14 15:52:56.476308, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2007/12/14 15:52:56.477127, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2007/12/14 15:52:56.477170, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2007/12/14 15:52:56.477252, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2007/12/14 15:52:56.477287, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2007/12/14 15:52:56.477319, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2007/12/14 15:52:56.477361, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2007/12/14 15:52:56.477920, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2007/12/14 15:52:56.478047, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2007/12/14 15:52:56.478082, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2007/12/14 15:52:56.478114, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2007/12/14 15:52:56.478146, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2007/12/14 15:52:56.478210, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2007/12/14 15:52:56.478249, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2007/12/14 15:52:56.478286, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2007/12/14 15:52:56.478899, 5, pid=6050] rpc_client/cli_pipe.c:check_bind_response(1702) > check_bind_response: accepted! >[2007/12/14 15:52:56.478933, 10, pid=6050] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine WIN2008 and bound anonymously. >[2007/12/14 15:52:56.479089, 5, pid=6050] rpc_parse/parse_lsa.c:init_q_open_pol(303) > init_open_pol: attr:0 da:33554432 >[2007/12/14 15:52:56.479123, 5, pid=6050] rpc_parse/parse_lsa.c:init_lsa_obj_attr(235) > init_lsa_obj_attr >[2007/12/14 15:52:56.479183, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_q_open_pol >[2007/12/14 15:52:56.479251, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 ptr : 00000001 >[2007/12/14 15:52:56.479285, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 system_name: 005c >[2007/12/14 15:52:56.479916, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 lsa_io_obj_attr >[2007/12/14 15:52:56.480046, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 00000018 >[2007/12/14 15:52:56.480080, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c ptr_root_dir: 00000000 >[2007/12/14 15:52:56.480112, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 ptr_obj_name: 00000000 >[2007/12/14 15:52:56.480145, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 attributes : 00000000 >[2007/12/14 15:52:56.480177, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 ptr_sec_desc: 00000000 >[2007/12/14 15:52:56.480209, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c ptr_sec_qos : 00000000 >[2007/12/14 15:52:56.480242, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 des_access: 02000000 >[2007/12/14 15:52:56.480907, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.481046, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.481080, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.481144, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:52:56.481178, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.481211, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.481242, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.481274, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.481306, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.481917, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2007/12/14 15:52:56.482045, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.482114, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2007/12/14 15:52:56.482150, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:52:56.482183, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000024 >[2007/12/14 15:52:56.482215, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.482278, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2007/12/14 15:52:56.482902, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 >[2007/12/14 15:52:56.483046, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.483071, 5, pid=6050] lib/util.c:show_msg(582) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32772 (0x8004) > smb_bcc=75 >[2007/12/14 15:52:56.483302, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... >[2007/12/14 15:52:56.484134, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,146) >[2007/12/14 15:52:56.484186, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,146) wrote 146 >[2007/12/14 15:52:56.485163, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:52:56.485234, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.485259, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:52:56.486046, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FB D7 17 ........ .....û×. > [020] ED 7E 3D 6D 41 94 E4 C8 62 12 C2 D4 D3 00 00 00 í~=mA.äÈ b.ÂÔÓ... > [030] 00 . >[2007/12/14 15:52:56.486251, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.486277, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:52:56.486965, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 FB D7 17 ........ .....û×. > [020] ED 7E 3D 6D 41 94 E4 C8 62 12 C2 D4 D3 00 00 00 í~=mA.äÈ b.ÂÔÓ... > [030] 00 . >[2007/12/14 15:52:56.487177, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.487245, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.487279, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.487311, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:52:56.487342, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.487374, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.487897, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.487930, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.488070, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.488104, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:52:56.488192, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.488226, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000002 >[2007/12/14 15:52:56.488260, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:52:56.488325, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:52:56.488921, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.489046, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:52:56.489079, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:52:56.489111, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:52:56.489156, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:52:56.489192, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 returned 48 bytes. >[2007/12/14 15:52:56.489232, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_r_open_pol >[2007/12/14 15:52:56.489267, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd >[2007/12/14 15:52:56.489300, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:52:56.489910, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:52:56.490042, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : ed17d7fb >[2007/12/14 15:52:56.490106, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 3d7e >[2007/12/14 15:52:56.490138, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 416d >[2007/12/14 15:52:56.490170, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 94 e4 >[2007/12/14 15:52:56.490205, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : c8 62 12 c2 d4 d3 >[2007/12/14 15:52:56.490242, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:52:56.490292, 5, pid=6050] rpc_parse/parse_lsa.c:init_q_query(487) > init_q_query >[2007/12/14 15:52:56.490914, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_q_query >[2007/12/14 15:52:56.491044, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd >[2007/12/14 15:52:56.491079, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:52:56.491110, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:52:56.491142, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : ed17d7fb >[2007/12/14 15:52:56.491223, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 3d7e >[2007/12/14 15:52:56.491259, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 416d >[2007/12/14 15:52:56.491292, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 94 e4 >[2007/12/14 15:52:56.491905, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : c8 62 12 c2 d4 d3 >[2007/12/14 15:52:56.492045, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 info_class: 0005 >[2007/12/14 15:52:56.492084, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.492117, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.492149, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.492181, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:52:56.492212, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.492244, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.492275, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.492307, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.492954, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.493064, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2007/12/14 15:52:56.493098, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.493130, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2007/12/14 15:52:56.493161, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:52:56.493193, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2007/12/14 15:52:56.493225, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.493257, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2007/12/14 15:52:56.493306, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 >[2007/12/14 15:52:56.493912, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.493937, 5, pid=6050] lib/util.c:show_msg(582) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32772 (0x8004) > smb_bcc=61 >[2007/12/14 15:52:56.494295, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 FB D7 17 ED 7E ........ ...û×.í~ > [030] 3D 6D 41 94 E4 C8 62 12 C2 D4 D3 05 00 =mA.äÈb. ÂÔÓ.. >[2007/12/14 15:52:56.494959, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,132) >[2007/12/14 15:52:56.495905, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,132) wrote 132 >[2007/12/14 15:52:56.496144, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 148 >[2007/12/14 15:52:56.496195, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.496220, 5, pid=6050] lib/util.c:show_msg(582) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 92 (0x5C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=93 >[2007/12/14 15:52:56.496985, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 03 00 00 ........ .\...... > [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .D...... ........ > [020] 00 04 00 06 00 04 00 02 00 08 00 02 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 02 00 00 00 4D 00 4D 00 04 00 00 ........ .M.M.... > [040] 00 01 04 00 00 00 00 00 05 15 00 00 00 D0 C2 54 ........ .....ÐÂT > [050] 8B 0C F8 91 62 2F 75 AA ED 00 00 00 00 ..ø.b/uª í.... >[2007/12/14 15:52:56.497238, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.497263, 5, pid=6050] lib/util.c:show_msg(582) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 92 (0x5C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=93 >[2007/12/14 15:52:56.497925, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 03 00 00 ........ .\...... > [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .D...... ........ > [020] 00 04 00 06 00 04 00 02 00 08 00 02 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 02 00 00 00 4D 00 4D 00 04 00 00 ........ .M.M.... > [040] 00 01 04 00 00 00 00 00 05 15 00 00 00 D0 C2 54 ........ .....ÐÂT > [050] 8B 0C F8 91 62 2F 75 AA ED 00 00 00 00 ..ø.b/uª í.... >[2007/12/14 15:52:56.498218, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.498253, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.498285, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.498316, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:52:56.498380, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.498414, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.498903, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.499040, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.499074, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.499105, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 005c >[2007/12/14 15:52:56.499137, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.499168, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000003 >[2007/12/14 15:52:56.499201, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:52:56.499233, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000044 >[2007/12/14 15:52:56.499264, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.499296, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:52:56.499980, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:52:56.500073, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 92, data_len 68, ss_len 0 >[2007/12/14 15:52:56.500108, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 92 at offset 0 >[2007/12/14 15:52:56.500179, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 returned 136 bytes. >[2007/12/14 15:52:56.500246, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_r_query >[2007/12/14 15:52:56.500285, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 dom_ptr: 00020000 >[2007/12/14 15:52:56.500317, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 lsa_io_query_info_ctr >[2007/12/14 15:52:56.500908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 info_class: 0005 >[2007/12/14 15:52:56.501041, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 lsa_io_dom_query_3 >[2007/12/14 15:52:56.501075, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 uni_dom_max_len: 0004 >[2007/12/14 15:52:56.501139, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a uni_dom_str_len: 0006 >[2007/12/14 15:52:56.501174, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c buffer_dom_name: 00020004 >[2007/12/14 15:52:56.501206, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 buffer_dom_sid : 00020008 >[2007/12/14 15:52:56.501238, 8, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000014 smb_io_unistr2 unistr2 >[2007/12/14 15:52:56.501270, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 uni_max_len: 00000003 >[2007/12/14 15:52:56.501302, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 offset : 00000000 >[2007/12/14 15:52:56.501912, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c uni_str_len: 00000002 >[2007/12/14 15:52:56.502043, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0020 buffer : M.M. >[2007/12/14 15:52:56.502090, 8, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_dom_sid2 >[2007/12/14 15:52:56.502124, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_auths: 00000004 >[2007/12/14 15:52:56.502156, 9, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000028 smb_io_dom_sid sid >[2007/12/14 15:52:56.502264, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 sid_rev_num: 01 >[2007/12/14 15:52:56.502304, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 num_auths : 04 >[2007/12/14 15:52:56.502916, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002a id_auth[0] : 00 >[2007/12/14 15:52:56.503043, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002b id_auth[1] : 00 >[2007/12/14 15:52:56.503078, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002c id_auth[2] : 00 >[2007/12/14 15:52:56.503111, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002d id_auth[3] : 00 >[2007/12/14 15:52:56.503144, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002e id_auth[4] : 00 >[2007/12/14 15:52:56.503177, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002f id_auth[5] : 05 >[2007/12/14 15:52:56.503209, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0030 sub_auths : 00000015 8b54c2d0 6291f80c edaa752f >[2007/12/14 15:52:56.503247, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0040 status: NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : ed17d7fb-3d7e-416d-94e4-c86212c2d4d3 >[2007/12/14 15:52:56.504269, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.504327, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.504909, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.505087, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:52:56.505123, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.505186, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.505218, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.505250, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.505282, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.505314, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2007/12/14 15:52:56.505895, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.505929, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2007/12/14 15:52:56.506065, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:52:56.506100, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2007/12/14 15:52:56.506132, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.506164, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2007/12/14 15:52:56.506197, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 >[2007/12/14 15:52:56.506236, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.506309, 5, pid=6050] lib/util.c:show_msg(582) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32772 (0x8004) > smb_bcc=59 >[2007/12/14 15:52:56.506958, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 FB D7 17 ED 7E ........ ...û×.í~ > [030] 3D 6D 41 94 E4 C8 62 12 C2 D4 D3 =mA.äÈb. ÂÔÓ >[2007/12/14 15:52:56.507129, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,130) >[2007/12/14 15:52:56.507219, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,130) wrote 130 >[2007/12/14 15:52:56.508098, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:52:56.508159, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.508184, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:52:56.508372, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:52:56.508512, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.508662, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:52:56.508994, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:52:56.509220, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.509255, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.509287, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.509318, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:52:56.509350, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.509381, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.509413, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.509444, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.509475, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.509540, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:52:56.509574, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.509606, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000004 >[2007/12/14 15:52:56.509639, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:52:56.509671, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:52:56.509702, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.509734, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:52:56.509765, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:52:56.509797, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:52:56.509831, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:52:56.509865, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8004 returned 48 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2007/12/14 15:52:56.510128, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,45) >[2007/12/14 15:52:56.510682, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,45) wrote 45 >[2007/12/14 15:52:56.510770, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:52:56.510820, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.510845, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=9 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:52:56.510955, 10, pid=6050] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine WIN2008 >[2007/12/14 15:52:56.511012, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,108) >[2007/12/14 15:52:56.511069, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,108) wrote 108 >[2007/12/14 15:52:56.511751, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 103 >[2007/12/14 15:52:56.511810, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.511859, 5, pid=6050] lib/util.c:show_msg(582) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=10 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1280 (0x500) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/12/14 15:52:56.512303, 5, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) > Bind RPC Pipe[8005]: \NETLOGON auth_type 0, auth_level 0 >[2007/12/14 15:52:56.512440, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1648) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû > [010] 01 00 00 00 .... >[2007/12/14 15:52:56.512524, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1651) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2007/12/14 15:52:56.512606, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.512645, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.512677, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.512806, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2007/12/14 15:52:56.512870, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.512908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.512941, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.512974, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.513006, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.513054, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2007/12/14 15:52:56.513088, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.513120, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2007/12/14 15:52:56.513153, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2007/12/14 15:52:56.513186, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:52:56.513218, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:52:56.513250, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:52:56.513351, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2007/12/14 15:52:56.513393, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2007/12/14 15:52:56.513426, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2007/12/14 15:52:56.513459, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2007/12/14 15:52:56.513491, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2007/12/14 15:52:56.513523, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2007/12/14 15:52:56.513555, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2007/12/14 15:52:56.513587, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2007/12/14 15:52:56.513619, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2007/12/14 15:52:56.513651, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2007/12/14 15:52:56.513686, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2007/12/14 15:52:56.513723, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2007/12/14 15:52:56.513755, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2007/12/14 15:52:56.513816, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2007/12/14 15:52:56.513853, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2007/12/14 15:52:56.513891, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2007/12/14 15:52:56.513925, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2007/12/14 15:52:56.513957, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2007/12/14 15:52:56.513991, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2007/12/14 15:52:56.514045, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2007/12/14 15:52:56.514080, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 >[2007/12/14 15:52:56.514115, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.514139, 5, pid=6050] lib/util.c:show_msg(582) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32773 (0x8005) > smb_bcc=87 >[2007/12/14 15:52:56.514400, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/12/14 15:52:56.514602, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,158) >[2007/12/14 15:52:56.514989, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,158) wrote 158 >[2007/12/14 15:52:56.515125, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 124 >[2007/12/14 15:52:56.515213, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.515242, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:52:56.515425, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5E 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.^.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:52:56.515623, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.515649, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:52:56.515854, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5E 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.^.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:52:56.515947, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.515982, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.516119, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.516152, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:52:56.516208, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.516240, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.516272, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.516303, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.516335, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.516367, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:52:56.516398, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.516430, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2007/12/14 15:52:56.516463, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/12/14 15:52:56.516614, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 returned 68 bytes. >[2007/12/14 15:52:56.516647, 3, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) > rpc_pipe_bind: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 bind request returned ok. >[2007/12/14 15:52:56.516680, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.516712, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.516744, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.516813, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:52:56.516847, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.516884, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.516918, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.516950, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.517063, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.517098, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:52:56.517129, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.517161, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000005 >[2007/12/14 15:52:56.517194, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2007/12/14 15:52:56.517226, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:52:56.517258, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:52:56.517290, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:52:56.517322, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 0000985e >[2007/12/14 15:52:56.517354, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2007/12/14 15:52:56.517386, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2007/12/14 15:52:56.517418, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2007/12/14 15:52:56.517491, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2007/12/14 15:52:56.517526, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2007/12/14 15:52:56.517558, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2007/12/14 15:52:56.517590, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2007/12/14 15:52:56.517622, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2007/12/14 15:52:56.517654, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2007/12/14 15:52:56.517686, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2007/12/14 15:52:56.517718, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2007/12/14 15:52:56.517750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2007/12/14 15:52:56.517782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2007/12/14 15:52:56.517816, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2007/12/14 15:52:56.517854, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2007/12/14 15:52:56.517892, 5, pid=6050] rpc_client/cli_pipe.c:check_bind_response(1702) > check_bind_response: accepted! >[2007/12/14 15:52:56.517926, 10, pid=6050] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine WIN2008 and bound anonymously. >[2007/12/14 15:52:56.518124, 4, pid=6050] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from SARGE26 to \\WIN2008 >[2007/12/14 15:52:56.518171, 5, pid=6050] rpc_parse/parse_net.c:init_q_req_chal(762) > init_q_req_chal: 762 >[2007/12/14 15:52:56.518245, 5, pid=6050] rpc_parse/parse_net.c:init_q_req_chal(771) > init_q_req_chal: 771 >[2007/12/14 15:52:56.518332, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_q_req_chal >[2007/12/14 15:52:56.518370, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 undoc_buffer: 00000001 >[2007/12/14 15:52:56.518465, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 >[2007/12/14 15:52:56.518500, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 0000000a >[2007/12/14 15:52:56.518532, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2007/12/14 15:52:56.518564, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 0000000a >[2007/12/14 15:52:56.518596, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : \.\.W.I.N.2.0.0.8... >[2007/12/14 15:52:56.518642, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unistr2 >[2007/12/14 15:52:56.518674, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 uni_max_len: 00000008 >[2007/12/14 15:52:56.518706, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 offset : 00000000 >[2007/12/14 15:52:56.518738, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 002c uni_str_len: 00000008 >[2007/12/14 15:52:56.518770, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0030 buffer : S.A.R.G.E.2.6... >[2007/12/14 15:52:56.518820, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000040 smb_io_chal >[2007/12/14 15:52:56.518854, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0040 data: 37 50 89 c9 79 af 7b 6f >[2007/12/14 15:52:56.519069, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.519110, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.519142, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.519173, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:52:56.519205, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.519237, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.519268, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.519300, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.519332, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.519363, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2007/12/14 15:52:56.519395, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.519461, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2007/12/14 15:52:56.519494, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:52:56.519526, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000048 >[2007/12/14 15:52:56.519558, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.519590, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0004 >[2007/12/14 15:52:56.519622, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 >[2007/12/14 15:52:56.519656, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.519680, 5, pid=6050] lib/util.c:show_msg(582) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32773 (0x8005) > smb_bcc=111 >[2007/12/14 15:52:56.520067, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 00 00 06 00 00 00 48 .......` .......H > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 57 00 49 00 4E .......\ .\.W.I.N > [040] 00 32 00 30 00 30 00 38 00 00 00 08 00 00 00 00 .2.0.0.8 ........ > [050] 00 00 00 08 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [060] 00 32 00 36 00 00 00 37 50 89 C9 79 AF 7B 6F .2.6...7 P.Éy¯{o >[2007/12/14 15:52:56.520308, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,182) >[2007/12/14 15:52:56.520351, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,182) wrote 182 >[2007/12/14 15:52:56.521071, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 92 >[2007/12/14 15:52:56.521170, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.521200, 5, pid=6050] lib/util.c:show_msg(582) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/12/14 15:52:56.521387, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 AB 68 2A 95 44 4C 51 ........ .«h*.DLQ > [020] 3A 00 00 00 00 :.... >[2007/12/14 15:52:56.521516, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.521540, 5, pid=6050] lib/util.c:show_msg(582) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/12/14 15:52:56.521756, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 AB 68 2A 95 44 4C 51 ........ .«h*.DLQ > [020] 3A 00 00 00 00 :.... >[2007/12/14 15:52:56.521875, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.521911, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.521943, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.521975, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:52:56.522041, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.522074, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.522106, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.522169, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.522203, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.522235, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0024 >[2007/12/14 15:52:56.522267, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.522299, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000006 >[2007/12/14 15:52:56.522332, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:52:56.522404, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000000c >[2007/12/14 15:52:56.522440, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.522472, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:52:56.522504, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:52:56.522536, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2007/12/14 15:52:56.522570, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2007/12/14 15:52:56.522604, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 returned 24 bytes. >[2007/12/14 15:52:56.522665, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_r_req_chal >[2007/12/14 15:52:56.522700, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_chal >[2007/12/14 15:52:56.522733, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0000 data: ab 68 2a 95 44 4c 51 3a >[2007/12/14 15:52:56.522772, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0008 status: NT_STATUS_OK >[2007/12/14 15:52:56.522823, 10, pid=6050] libsmb/credentials.c:creds_client_init(289) > creds_client_init: neg_flags : 701ff >[2007/12/14 15:52:56.522920, 10, pid=6050] libsmb/credentials.c:creds_client_init(290) > creds_client_init: client chal : 375089C979AF7B6F >[2007/12/14 15:52:56.522993, 10, pid=6050] libsmb/credentials.c:creds_client_init(291) > creds_client_init: server chal : AB682A95444C513A >[2007/12/14 15:52:56.523202, 5, pid=6050] libsmb/credentials.c:creds_init_64(120) > creds_init_64 >[2007/12/14 15:52:56.523239, 5, pid=6050] libsmb/credentials.c:creds_init_64(121) > clnt_chal_in: 375089C979AF7B6F >[2007/12/14 15:52:56.523275, 5, pid=6050] libsmb/credentials.c:creds_init_64(122) > srv_chal_in : AB682A95444C513A >[2007/12/14 15:52:56.523310, 5, pid=6050] libsmb/credentials.c:creds_init_64(123) > clnt+srv : E2B8B35EBDFBCCA9 >[2007/12/14 15:52:56.523345, 5, pid=6050] libsmb/credentials.c:creds_init_64(124) > sess_key_out : 01156ABC6EEC1BEA >[2007/12/14 15:52:56.523670, 10, pid=6050] libsmb/credentials.c:creds_client_init(309) > creds_client_init: clnt : 024C0A4733B61802 >[2007/12/14 15:52:56.523713, 10, pid=6050] libsmb/credentials.c:creds_client_init(310) > creds_client_init: server : F94BC5D49E3A14F2 >[2007/12/14 15:52:56.523748, 10, pid=6050] libsmb/credentials.c:creds_client_init(311) > creds_client_init: seed : 024C0A4733B61802 >[2007/12/14 15:52:56.523784, 4, pid=6050] rpc_client/cli_netlogon.c:rpccli_net_auth2(169) > cli_net_auth2: srv:\\WIN2008 acct:SARGE26$ sc:2 mc: SARGE26 neg: 701ff >[2007/12/14 15:52:56.523825, 5, pid=6050] rpc_parse/parse_net.c:init_q_auth_2(883) > init_q_auth_2: 883 >[2007/12/14 15:52:56.523858, 5, pid=6050] rpc_parse/parse_misc.c:init_log_info(1383) > make_log_info 1383 >[2007/12/14 15:52:56.523898, 5, pid=6050] rpc_parse/parse_net.c:init_q_auth_2(889) > init_q_auth_2: 889 >[2007/12/14 15:52:56.523942, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_q_auth_2 >[2007/12/14 15:52:56.523975, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_log_info >[2007/12/14 15:52:56.524008, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 undoc_buffer: 00000001 >[2007/12/14 15:52:56.524056, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 unistr2 >[2007/12/14 15:52:56.524653, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 0000000a >[2007/12/14 15:52:56.524690, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2007/12/14 15:52:56.524722, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 0000000a >[2007/12/14 15:52:56.524754, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : \.\.W.I.N.2.0.0.8... >[2007/12/14 15:52:56.524839, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unistr2 unistr2 >[2007/12/14 15:52:56.524873, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 uni_max_len: 00000009 >[2007/12/14 15:52:56.524913, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 offset : 00000000 >[2007/12/14 15:52:56.524946, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 002c uni_str_len: 00000009 >[2007/12/14 15:52:56.524978, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0030 buffer : S.A.R.G.E.2.6.$... >[2007/12/14 15:52:56.525040, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0042 sec_chan: 0002 >[2007/12/14 15:52:56.525106, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_unistr2 unistr2 >[2007/12/14 15:52:56.525140, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 uni_max_len: 00000008 >[2007/12/14 15:52:56.525172, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 offset : 00000000 >[2007/12/14 15:52:56.525204, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 004c uni_str_len: 00000008 >[2007/12/14 15:52:56.525236, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0050 buffer : S.A.R.G.E.2.6... >[2007/12/14 15:52:56.525279, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000060 smb_io_chal >[2007/12/14 15:52:56.525312, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0060 data: 02 4c 0a 47 33 b6 18 02 >[2007/12/14 15:52:56.525361, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000068 net_io_neg_flags >[2007/12/14 15:52:56.525394, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0068 neg_flags: 000701ff >[2007/12/14 15:52:56.525476, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:52:56.525514, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.525577, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.525612, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:52:56.525644, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.525675, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.525707, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.525738, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.525770, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.525801, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0084 >[2007/12/14 15:52:56.525833, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.525867, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2007/12/14 15:52:56.525906, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:52:56.525939, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000006c >[2007/12/14 15:52:56.525972, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.526004, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2007/12/14 15:52:56.526078, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 >[2007/12/14 15:52:56.526156, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.526182, 5, pid=6050] lib/util.c:show_msg(582) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32773 (0x8005) > smb_bcc=147 >[2007/12/14 15:52:56.526453, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 07 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 57 00 49 00 4E .......\ .\.W.I.N > [040] 00 32 00 30 00 30 00 38 00 00 00 09 00 00 00 00 .2.0.0.8 ........ > [050] 00 00 00 09 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [060] 00 32 00 36 00 24 00 00 00 02 00 08 00 00 00 00 .2.6.$.. ........ > [070] 00 00 00 08 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [080] 00 32 00 36 00 00 00 02 4C 0A 47 33 B6 18 02 FF .2.6.... L.G3¶..ÿ > [090] 01 07 00 ... >[2007/12/14 15:52:56.526814, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,218) >[2007/12/14 15:52:56.527000, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,218) wrote 218 >[2007/12/14 15:52:56.527139, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 96 >[2007/12/14 15:52:56.527191, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.527216, 5, pid=6050] lib/util.c:show_msg(582) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/12/14 15:52:56.527403, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 FF 01 07 00 88 03 00 C0 .ÿ...... À >[2007/12/14 15:52:56.527512, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.527535, 5, pid=6050] lib/util.c:show_msg(582) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/12/14 15:52:56.527814, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 FF 01 07 00 88 03 00 C0 .ÿ...... À >[2007/12/14 15:52:56.528170, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:52:56.528208, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:52:56.528240, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:52:56.528272, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:52:56.528304, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:52:56.528337, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:52:56.528369, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:52:56.528401, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:52:56.528445, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:52:56.528478, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0028 >[2007/12/14 15:52:56.528510, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:52:56.528542, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000007 >[2007/12/14 15:52:56.528650, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:52:56.528685, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000010 >[2007/12/14 15:52:56.528718, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:52:56.528750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:52:56.528782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:52:56.528814, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2007/12/14 15:52:56.528849, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2007/12/14 15:52:56.528888, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8005 returned 32 bytes. >[2007/12/14 15:52:56.528924, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_r_auth_2 >[2007/12/14 15:52:56.528957, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_chal >[2007/12/14 15:52:56.528989, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0000 data: 00 00 00 00 00 00 00 00 >[2007/12/14 15:52:56.529073, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 net_io_neg_flags >[2007/12/14 15:52:56.529114, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 neg_flags: 000701ff >[2007/12/14 15:52:56.529146, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 000c status: NT_STATUS_DOWNGRADE_DETECTED >[2007/12/14 15:52:56.529226, 3, pid=6050] libsmb/trusts_util.c:just_change_the_password(56) > just_change_the_password: unable to setup creds (NT_STATUS_DOWNGRADE_DETECTED)! >[2007/12/14 15:52:56.531128, 1, pid=6050] utils/net_rpc.c:run_rpc_command(176) > rpc command function failed! (NT_STATUS_DOWNGRADE_DETECTED) >[2007/12/14 15:52:56.531214, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,45) >[2007/12/14 15:52:56.531302, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,45) wrote 45 >[2007/12/14 15:52:56.532049, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:52:56.532117, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.532142, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:52:56.532312, 10, pid=6050] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine WIN2008 >[2007/12/14 15:52:56.532356, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,39) >[2007/12/14 15:52:56.532656, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,39) wrote 39 >[2007/12/14 15:52:56.532710, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:52:56.532789, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:52:56.532816, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=6050 > smb_uid=6144 > smb_mid=15 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:52:56.533041, 10, pid=6050] libsmb/namequery.c:internal_resolve_name(1443) > internal_resolve_name: looking up MM#1b (sitename (null)) >[2007/12/14 15:52:56.533121, 10, pid=6050] lib/gencache.c:gencache_get(219) > Returning valid cache entry: key = NBT/MM#1B, value = 10.0.27.1:0, timeout = Fri Dec 14 16:01:05 2007 >[2007/12/14 15:52:56.533178, 5, pid=6050] libsmb/namecache.c:namecache_fetch(233) > name MM#1B found. >[2007/12/14 15:52:56.533454, 10, pid=6050] libsmb/namequery.c:name_status_find(319) > name_status_find: looking up MM#1b at 10.0.27.1 >[2007/12/14 15:52:56.533508, 10, pid=6050] lib/gencache.c:gencache_get(219) > Returning valid cache entry: key = NBT/MM#1B.20.10.0.27.1, value = WIN2008, timeout = Fri Dec 14 16:01:05 2007 >[2007/12/14 15:52:56.533561, 5, pid=6050] libsmb/namecache.c:namecache_status_fetch(387) > namecache_status_fetch: key NBT/MM#1B.20.10.0.27.1 -> WIN2008 >[2007/12/14 15:53:05.450306, 3, pid=6050] libsmb/cliconnect.c:cli_start_connection(1560) > Connecting to host=WIN2008 >[2007/12/14 15:53:05.450421, 3, pid=6050] lib/util_sock.c:open_socket_out(1457) > Connecting to 10.0.27.1 at port 445 >[2007/12/14 15:53:05.462809, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_KEEPALIVE = 0 >[2007/12/14 15:53:05.462876, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_REUSEADDR = 0 >[2007/12/14 15:53:05.462911, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_BROADCAST = 0 >[2007/12/14 15:53:05.462945, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_NODELAY = 1 >[2007/12/14 15:53:05.462979, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPCNT = 9 >[2007/12/14 15:53:05.463012, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPIDLE = 7200 >[2007/12/14 15:53:05.463046, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option TCP_KEEPINTVL = 75 >[2007/12/14 15:53:05.463081, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option IPTOS_LOWDELAY = 0 >[2007/12/14 15:53:05.463115, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option IPTOS_THROUGHPUT = 0 >[2007/12/14 15:53:05.463178, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDBUF = 16384 >[2007/12/14 15:53:05.463213, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVBUF = 87380 >[2007/12/14 15:53:05.463247, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDLOWAT = 1 >[2007/12/14 15:53:05.463280, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVLOWAT = 1 >[2007/12/14 15:53:05.463314, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_SNDTIMEO = 0 >[2007/12/14 15:53:05.463346, 5, pid=6050] lib/util_sock.c:print_socket_options(776) > socket option SO_RCVTIMEO = 0 >[2007/12/14 15:53:05.463403, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,194) >[2007/12/14 15:53:05.463497, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,194) wrote 194 >[2007/12/14 15:53:05.463834, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 193 >[2007/12/14 15:53:05.463906, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.463932, 5, pid=6050] lib/util.c:show_msg(582) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=57472 (0xE080) > smb_vwv[12]= 7030 (0x1B76) > smb_vwv[13]=24828 (0x60FC) > smb_vwv[14]=51262 (0xC83E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2007/12/14 15:53:05.464199, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 9C 85 79 AD 09 86 14 47 93 C3 B9 DD FE A9 CB EE ..y...G .ùÝþ©Ëî > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... .. `0^ 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 £*0( &.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2007/12/14 15:53:05.464680, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.464708, 5, pid=6050] lib/util.c:show_msg(582) > size=193 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=6050 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 9 (0x9) > smb_vwv[ 1]=12815 (0x320F) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 499 (0x1F3) > smb_vwv[11]=57472 (0xE080) > smb_vwv[12]= 7030 (0x1B76) > smb_vwv[13]=24828 (0x60FC) > smb_vwv[14]=51262 (0xC83E) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=124 >[2007/12/14 15:53:05.464986, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 9C 85 79 AD 09 86 14 47 93 C3 B9 DD FE A9 CB EE ..y...G .ùÝþ©Ëî > [010] 60 6A 06 06 2B 06 01 05 05 02 A0 60 30 5E A0 30 `j..+... .. `0^ 0 > [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. ÷......* > [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H.÷.... ..*.H.÷. > [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... > [050] A3 2A 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 £*0( &.$ not_defi > [060] 6E 65 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 ned_in_R FC4178@p > [070] 6C 65 61 73 65 5F 69 67 6E 6F 72 65 lease_ig nore >[2007/12/14 15:53:05.465368, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(790) > Doing spnego session setup (blob length=124) >[2007/12/14 15:53:05.465480, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(815) > got OID=1 2 840 48018 1 2 2 >[2007/12/14 15:53:05.465514, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(815) > got OID=1 2 840 113554 1 2 2 >[2007/12/14 15:53:05.465545, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(815) > got OID=1 2 840 113554 1 2 2 3 >[2007/12/14 15:53:05.465576, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(815) > got OID=1 3 6 1 4 1 311 2 2 10 >[2007/12/14 15:53:05.465607, 3, pid=6050] libsmb/cliconnect.c:cli_session_setup_spnego(823) > got principal=not_defined_in_RFC4178@please_ignore >[2007/12/14 15:53:05.465811, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,160) >[2007/12/14 15:53:05.465900, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,160) wrote 160 >[2007/12/14 15:53:05.466787, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 458 >[2007/12/14 15:53:05.466852, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.466878, 5, pid=6050] lib/util.c:show_msg(582) > size=458 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 458 (0x1CA) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 221 (0xDD) > smb_bcc=415 >[2007/12/14 15:53:05.467017, 10, pid=6050] lib/util.c:dump_data(2192) > [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ¡.Ú0.× . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .¢.Á..¾N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 04 00 04 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 82 89 62 D4 90 68 8A B4 D7 A3 83 00 ......bÔ .h.´×£.. > [040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 06 ........ ...<.... > [050] 00 71 17 00 00 00 0F 4D 00 4D 00 02 00 04 00 4D .q.....M .M.....M > [060] 00 4D 00 01 00 0E 00 57 00 49 00 4E 00 32 00 30 .M.....W .I.N.2.0 > [070] 00 30 00 38 00 04 00 14 00 6D 00 6D 00 2E 00 70 .0.8.... .m.m...p > [080] 00 72 00 69 00 76 00 61 00 74 00 65 00 03 00 24 .r.i.v.a .t.e...$ > [090] 00 77 00 69 00 6E 00 32 00 30 00 30 00 38 00 2E .w.i.n.2 .0.0.8.. > [0A0] 00 6D 00 6D 00 2E 00 70 00 72 00 69 00 76 00 61 .m.m...p .r.i.v.a > [0B0] 00 74 00 65 00 05 00 14 00 6D 00 6D 00 2E 00 70 .t.e.... .m.m...p > [0C0] 00 72 00 69 00 76 00 61 00 74 00 65 00 07 00 08 .r.i.v.a .t.e.... > [0D0] 00 E0 76 1B FC 60 3E C8 01 00 00 00 00 57 00 69 .àv.ü`>È .....W.i > [0E0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e > [0F0] 00 72 00 76 00 65 00 72 00 20 00 28 00 52 00 29 .r.v.e.r . .(.R.) > [100] 00 20 00 32 00 30 00 30 00 38 00 20 00 53 00 74 . .2.0.0 .8. .S.t > [110] 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 00 36 .a.n.d.a .r.d. .6 > [120] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [130] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [140] 00 20 00 31 00 2C 00 20 00 76 00 2E 00 36 00 36 . .1.,. .v...6.6 > [150] 00 37 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .7...W.i .n.d.o.w > [160] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r > [170] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 > [180] 00 38 00 20 00 53 00 74 00 61 00 6E 00 64 00 61 .8. .S.t .a.n.d.a > [190] 00 72 00 64 00 20 00 36 00 2E 00 30 00 00 00 .r.d. .6 ...0... >[2007/12/14 15:53:05.467706, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.467759, 5, pid=6050] lib/util.c:show_msg(582) > size=458 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 458 (0x1CA) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 221 (0xDD) > smb_bcc=415 >[2007/12/14 15:53:05.467930, 10, pid=6050] lib/util.c:dump_data(2192) > [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ¡.Ú0.× . ...¡...+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .¢.Á..¾N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 04 00 04 00 38 TLMSSP.. .......8 > [030] 00 00 00 15 82 89 62 D4 90 68 8A B4 D7 A3 83 00 ......bÔ .h.´×£.. > [040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 06 ........ ...<.... > [050] 00 71 17 00 00 00 0F 4D 00 4D 00 02 00 04 00 4D .q.....M .M.....M > [060] 00 4D 00 01 00 0E 00 57 00 49 00 4E 00 32 00 30 .M.....W .I.N.2.0 > [070] 00 30 00 38 00 04 00 14 00 6D 00 6D 00 2E 00 70 .0.8.... .m.m...p > [080] 00 72 00 69 00 76 00 61 00 74 00 65 00 03 00 24 .r.i.v.a .t.e...$ > [090] 00 77 00 69 00 6E 00 32 00 30 00 30 00 38 00 2E .w.i.n.2 .0.0.8.. > [0A0] 00 6D 00 6D 00 2E 00 70 00 72 00 69 00 76 00 61 .m.m...p .r.i.v.a > [0B0] 00 74 00 65 00 05 00 14 00 6D 00 6D 00 2E 00 70 .t.e.... .m.m...p > [0C0] 00 72 00 69 00 76 00 61 00 74 00 65 00 07 00 08 .r.i.v.a .t.e.... > [0D0] 00 E0 76 1B FC 60 3E C8 01 00 00 00 00 57 00 69 .àv.ü`>È .....W.i > [0E0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 .n.d.o.w .s. .S.e > [0F0] 00 72 00 76 00 65 00 72 00 20 00 28 00 52 00 29 .r.v.e.r . .(.R.) > [100] 00 20 00 32 00 30 00 30 00 38 00 20 00 53 00 74 . .2.0.0 .8. .S.t > [110] 00 61 00 6E 00 64 00 61 00 72 00 64 00 20 00 36 .a.n.d.a .r.d. .6 > [120] 00 30 00 30 00 31 00 20 00 53 00 65 00 72 00 76 .0.0.1. .S.e.r.v > [130] 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B .i.c.e. .P.a.c.k > [140] 00 20 00 31 00 2C 00 20 00 76 00 2E 00 36 00 36 . .1.,. .v...6.6 > [150] 00 37 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .7...W.i .n.d.o.w > [160] 00 73 00 20 00 53 00 65 00 72 00 76 00 65 00 72 .s. .S.e .r.v.e.r > [170] 00 20 00 28 00 52 00 29 00 20 00 32 00 30 00 30 . .(.R.) . .2.0.0 > [180] 00 38 00 20 00 53 00 74 00 61 00 6E 00 64 00 61 .8. .S.t .a.n.d.a > [190] 00 72 00 64 00 20 00 36 00 2E 00 30 00 00 00 .r.d. .6 ...0... >[2007/12/14 15:53:05.468929, 3, pid=6050] libsmb/ntlmssp.c:ntlmssp_client_challenge(1021) > Got challenge flags: >[2007/12/14 15:53:05.468966, 3, pid=6050] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/12/14 15:53:05.469105, 3, pid=6050] libsmb/ntlmssp.c:ntlmssp_client_challenge(1043) > NTLMSSP: Set final flags: >[2007/12/14 15:53:05.469138, 3, pid=6050] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/12/14 15:53:05.469313, 5, pid=6050] libsmb/ntlmssp.c:ntlmssp_client_challenge(1115) > NTLMSSP challenge set by NTLM2 >[2007/12/14 15:53:05.469348, 5, pid=6050] libsmb/ntlmssp.c:ntlmssp_client_challenge(1116) > challenge is: >[2007/12/14 15:53:05.469380, 5, pid=6050] lib/util.c:dump_data(2192) > [000] 32 AA 49 57 10 3A 32 14 2ªIW.:2. >[2007/12/14 15:53:05.469720, 3, pid=6050] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: >[2007/12/14 15:53:05.469760, 3, pid=6050] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2007/12/14 15:53:05.469888, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,270) >[2007/12/14 15:53:05.469975, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,270) wrote 270 >[2007/12/14 15:53:05.471850, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 246 >[2007/12/14 15:53:05.471967, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.472030, 5, pid=6050] lib/util.c:show_msg(582) > size=246 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 246 (0xF6) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=203 >[2007/12/14 15:53:05.472173, 10, pid=6050] lib/util.c:dump_data(2192) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 53 00 74 00 61 00 6E .0.0.8. .S.t.a.n > [040] 00 64 00 61 00 72 00 64 00 20 00 36 00 30 00 30 .d.a.r.d . .6.0.0 > [050] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c > [060] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 > [070] 00 2C 00 20 00 76 00 2E 00 36 00 36 00 37 00 00 .,. .v.. .6.6.7.. > [080] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [090] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [0A0] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [0B0] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d > [0C0] 00 20 00 36 00 2E 00 30 00 00 00 . .6...0 ... >[2007/12/14 15:53:05.472641, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.472685, 5, pid=6050] lib/util.c:show_msg(582) > size=246 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=6050 > smb_uid=6144 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 246 (0xF6) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=203 >[2007/12/14 15:53:05.472836, 10, pid=6050] lib/util.c:dump_data(2192) > [000] A1 07 30 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 ¡.0. ... .W.i.n.d > [010] 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 00 76 .o.w.s. .S.e.r.v > [020] 00 65 00 72 00 20 00 28 00 52 00 29 00 20 00 32 .e.r. .( .R.). .2 > [030] 00 30 00 30 00 38 00 20 00 53 00 74 00 61 00 6E .0.0.8. .S.t.a.n > [040] 00 64 00 61 00 72 00 64 00 20 00 36 00 30 00 30 .d.a.r.d . .6.0.0 > [050] 00 31 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .1. .S.e .r.v.i.c > [060] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 .e. .P.a .c.k. .1 > [070] 00 2C 00 20 00 76 00 2E 00 36 00 36 00 37 00 00 .,. .v.. .6.6.7.. > [080] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [090] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 28 .S.e.r.v .e.r. .( > [0A0] 00 52 00 29 00 20 00 32 00 30 00 30 00 38 00 20 .R.). .2 .0.0.8. > [0B0] 00 53 00 74 00 61 00 6E 00 64 00 61 00 72 00 64 .S.t.a.n .d.a.r.d > [0C0] 00 20 00 36 00 2E 00 30 00 00 00 . .6...0 ... >[2007/12/14 15:53:05.473380, 5, pid=6050] libsmb/smb_signing.c:set_smb_signing_real_common(125) > Mandatory SMB signing enabled! >[2007/12/14 15:53:05.473418, 5, pid=6050] libsmb/smb_signing.c:set_smb_signing_real_common(129) > SMB signing enabled! >[2007/12/14 15:53:05.473481, 10, pid=6050] libsmb/smb_signing.c:cli_simple_set_signing(479) > cli_simple_set_signing: user_session_key >[2007/12/14 15:53:05.473515, 10, pid=6050] lib/util.c:dump_data(2192) > [000] F7 75 29 F2 F1 09 A4 E3 FF 7A 49 85 DC 90 F3 39 ÷u)òñ.¤ã ÿzI.Ü.ó9 >[2007/12/14 15:53:05.473570, 10, pid=6050] libsmb/smb_signing.c:cli_simple_set_signing(487) > cli_simple_set_signing: NULL response_data >[2007/12/14 15:53:05.473602, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 0 >[2007/12/14 15:53:05.473641, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.473692, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 42 39 F0 E9 14 ED 04 EC B9ðé.í.ì >[2007/12/14 15:53:05.473751, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 1 mid = 3 >[2007/12/14 15:53:05.473785, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 1 mid = 3 >[2007/12/14 15:53:05.473817, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 1 >[2007/12/14 15:53:05.473852, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 1: got good SMB signature of >[2007/12/14 15:53:05.473883, 10, pid=6050] lib/util.c:dump_data(2192) > [000] B8 30 DF 78 8D 58 5D C4 ¸0ßx.X]Ä >[2007/12/14 15:53:05.473979, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 2 >[2007/12/14 15:53:05.474017, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.474048, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 86 15 81 66 1B F6 E2 47 ...f.öâG >[2007/12/14 15:53:05.474098, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 3 mid = 4 >[2007/12/14 15:53:05.474129, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,82) >[2007/12/14 15:53:05.474227, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,82) wrote 82 >[2007/12/14 15:53:05.474961, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 56 >[2007/12/14 15:53:05.475056, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.475083, 5, pid=6050] lib/util.c:show_msg(582) > size=56 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=4 > smt_wct=7 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 1 (0x1) > smb_vwv[ 3]=65535 (0xFFFF) > smb_vwv[ 4]= 31 (0x1F) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]= 31 (0x1F) > smb_bcc=7 >[2007/12/14 15:53:05.475245, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 49 50 43 00 00 00 00 IPC.... >[2007/12/14 15:53:05.475309, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 3 mid = 4 >[2007/12/14 15:53:05.475342, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 3 >[2007/12/14 15:53:05.475376, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 3: got good SMB signature of >[2007/12/14 15:53:05.475408, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 69 65 34 36 B6 E5 D9 3C ie46¶åÙ< >[2007/12/14 15:53:05.475460, 10, pid=6050] libsmb/clientgen.c:cli_init_creds(415) > cli_init_creds: user Administrator domain MM >[2007/12/14 15:53:05.475531, 10, pid=6050] libsmb/namequery.c:saf_store(75) > saf_store: domain = [MM], server = [WIN2008], expire = [1197644885] >[2007/12/14 15:53:05.475577, 10, pid=6050] lib/gencache.c:gencache_set(138) > Adding cache entry with key = SAF/DOMAIN/MM; value = WIN2008 and timeout = Fri Dec 14 16:08:05 2007 > (900 seconds ahead) >[2007/12/14 15:53:05.475693, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 4 >[2007/12/14 15:53:05.475736, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.475769, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 3E 30 17 75 91 E8 34 6A >0.u.è4j >[2007/12/14 15:53:05.475819, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 5 mid = 5 >[2007/12/14 15:53:05.475851, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,104) >[2007/12/14 15:53:05.475935, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,104) wrote 104 >[2007/12/14 15:53:05.476773, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 103 >[2007/12/14 15:53:05.476842, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.476867, 5, pid=6050] lib/util.c:show_msg(582) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/12/14 15:53:05.477279, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 5 mid = 5 >[2007/12/14 15:53:05.477314, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 5 >[2007/12/14 15:53:05.477350, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 5: got good SMB signature of >[2007/12/14 15:53:05.477409, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 6D 3D C8 4E 49 B3 E7 31 m=ÈNI³ç1 >[2007/12/14 15:53:05.477462, 5, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) > Bind RPC Pipe[8000]: \lsarpc auth_type 0, auth_level 0 >[2007/12/14 15:53:05.477495, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1648) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4.Í« ï..#Eg.« > [010] 00 00 00 00 .... >[2007/12/14 15:53:05.477622, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1651) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2007/12/14 15:53:05.477765, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.477840, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.477879, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.477911, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2007/12/14 15:53:05.477965, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.477999, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.478031, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.478063, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.478096, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.478159, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2007/12/14 15:53:05.478195, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.478227, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2007/12/14 15:53:05.478289, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2007/12/14 15:53:05.478324, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.478357, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.478389, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.478421, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2007/12/14 15:53:05.478454, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2007/12/14 15:53:05.478487, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2007/12/14 15:53:05.478519, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2007/12/14 15:53:05.478551, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2007/12/14 15:53:05.478584, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2007/12/14 15:53:05.478644, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2007/12/14 15:53:05.478697, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2007/12/14 15:53:05.478736, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2007/12/14 15:53:05.478770, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2007/12/14 15:53:05.478806, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ab >[2007/12/14 15:53:05.478844, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000000 >[2007/12/14 15:53:05.478877, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2007/12/14 15:53:05.478909, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2007/12/14 15:53:05.478941, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2007/12/14 15:53:05.478973, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2007/12/14 15:53:05.479005, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2007/12/14 15:53:05.479037, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2007/12/14 15:53:05.479139, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.479181, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2007/12/14 15:53:05.479214, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 >[2007/12/14 15:53:05.479251, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.479274, 5, pid=6050] lib/util.c:show_msg(582) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=87 >[2007/12/14 15:53:05.479546, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/12/14 15:53:05.479700, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 6 >[2007/12/14 15:53:05.479743, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.479775, 10, pid=6050] lib/util.c:dump_data(2192) > [000] C7 29 2D 3A 28 7C 5B 89 Ç)-:(|[. >[2007/12/14 15:53:05.479824, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 7 mid = 6 >[2007/12/14 15:53:05.479855, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,158) >[2007/12/14 15:53:05.479941, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,158) wrote 158 >[2007/12/14 15:53:05.480767, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 124 >[2007/12/14 15:53:05.480857, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.480885, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.481071, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5F 98 00 00 0C 00 5C 70 69 70 65 .¸.¸._.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.481236, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 7 mid = 6 >[2007/12/14 15:53:05.481269, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 7 >[2007/12/14 15:53:05.481332, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 7: got good SMB signature of >[2007/12/14 15:53:05.481371, 10, pid=6050] lib/util.c:dump_data(2192) > [000] FC 4F 69 7C 04 C5 26 35 üOi|.Å&5 >[2007/12/14 15:53:05.481433, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.481456, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.481647, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... > [010] 00 B8 10 B8 10 5F 98 00 00 0C 00 5C 70 69 70 65 .¸.¸._.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.481871, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.481907, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.481939, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.481971, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.482139, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.482170, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.482202, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.482233, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.482298, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.482330, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.482362, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.482394, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2007/12/14 15:53:05.482427, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/12/14 15:53:05.482461, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 returned 68 bytes. >[2007/12/14 15:53:05.482494, 3, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) > rpc_pipe_bind: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 bind request returned ok. >[2007/12/14 15:53:05.482527, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.482558, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.482590, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.482621, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.482678, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.482712, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.482787, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.482823, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.482854, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.482886, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.482917, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.482949, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000008 >[2007/12/14 15:53:05.483025, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2007/12/14 15:53:05.483059, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.483090, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.483122, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.483154, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 0000985f >[2007/12/14 15:53:05.483185, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2007/12/14 15:53:05.483217, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2007/12/14 15:53:05.483282, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2007/12/14 15:53:05.483324, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2007/12/14 15:53:05.483356, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2007/12/14 15:53:05.483388, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2007/12/14 15:53:05.483420, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2007/12/14 15:53:05.483452, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2007/12/14 15:53:05.483484, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2007/12/14 15:53:05.483516, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2007/12/14 15:53:05.483547, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2007/12/14 15:53:05.483579, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2007/12/14 15:53:05.483611, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2007/12/14 15:53:05.483644, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.483699, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2007/12/14 15:53:05.483767, 5, pid=6050] rpc_client/cli_pipe.c:check_bind_response(1702) > check_bind_response: accepted! >[2007/12/14 15:53:05.483801, 10, pid=6050] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine WIN2008 and bound anonymously. >[2007/12/14 15:53:05.483835, 5, pid=6050] rpc_parse/parse_lsa.c:init_lsa_sec_qos(184) > init_lsa_sec_qos >[2007/12/14 15:53:05.483866, 5, pid=6050] rpc_parse/parse_lsa.c:init_q_open_pol(303) > init_open_pol: attr:0 da:33554432 >[2007/12/14 15:53:05.483898, 5, pid=6050] rpc_parse/parse_lsa.c:init_lsa_obj_attr(235) > init_lsa_obj_attr >[2007/12/14 15:53:05.483978, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_q_open_pol >[2007/12/14 15:53:05.484016, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 ptr : 00000001 >[2007/12/14 15:53:05.484049, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 system_name: 005c >[2007/12/14 15:53:05.484081, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 lsa_io_obj_attr >[2007/12/14 15:53:05.484114, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 len : 00000018 >[2007/12/14 15:53:05.484145, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c ptr_root_dir: 00000000 >[2007/12/14 15:53:05.484180, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 ptr_obj_name: 00000000 >[2007/12/14 15:53:05.484244, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 attributes : 00000000 >[2007/12/14 15:53:05.484279, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 ptr_sec_desc: 00000000 >[2007/12/14 15:53:05.484312, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c ptr_sec_qos : 00000001 >[2007/12/14 15:53:05.484380, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 lsa_io_obj_qos sec_qos >[2007/12/14 15:53:05.484414, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 len : 0000000c >[2007/12/14 15:53:05.484447, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 sec_imp_level : 0002 >[2007/12/14 15:53:05.484479, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0026 sec_ctxt_mode : 01 >[2007/12/14 15:53:05.484512, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0027 effective_only: 00 >[2007/12/14 15:53:05.484544, 3, pid=6050] rpc_parse/parse_lsa.c:lsa_io_sec_qos(223) > lsa_io_sec_qos: length c does not match size 8 >[2007/12/14 15:53:05.484576, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 des_access: 02000000 >[2007/12/14 15:53:05.484722, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.484764, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.484836, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.484871, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.484903, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.484935, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.484967, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.484999, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.485031, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.485063, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.485095, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.485127, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2007/12/14 15:53:05.485160, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.485225, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000002c >[2007/12/14 15:53:05.485260, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.485292, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0006 >[2007/12/14 15:53:05.485325, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 >[2007/12/14 15:53:05.485361, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.485384, 5, pid=6050] lib/util.c:show_msg(582) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=83 >[2007/12/14 15:53:05.485614, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 09 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2007/12/14 15:53:05.485874, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 8 >[2007/12/14 15:53:05.485950, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.486070, 10, pid=6050] lib/util.c:dump_data(2192) > [000] F1 DB DE 65 18 50 1A 49 ñÛÞe.P.I >[2007/12/14 15:53:05.486126, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 9 mid = 7 >[2007/12/14 15:53:05.486185, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,154) >[2007/12/14 15:53:05.486277, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,154) wrote 154 >[2007/12/14 15:53:05.486791, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.486894, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.486923, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.487108, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 D0 7F 9B ........ .....Ð.. > [020] C8 CF 7F EF 4D B5 E4 55 61 F0 91 F0 68 00 00 00 ÈÏ.ïMµäU að.ðh... > [030] 00 . >[2007/12/14 15:53:05.487241, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 9 mid = 7 >[2007/12/14 15:53:05.487273, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 9 >[2007/12/14 15:53:05.487309, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 9: got good SMB signature of >[2007/12/14 15:53:05.487371, 10, pid=6050] lib/util.c:dump_data(2192) > [000] D7 CE 26 B0 DB 47 04 46 ×Î&°ÛG.F >[2007/12/14 15:53:05.487426, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.487449, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.487638, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 D0 7F 9B ........ .....Ð.. > [020] C8 CF 7F EF 4D B5 E4 55 61 F0 91 F0 68 00 00 00 ÈÏ.ïMµäU að.ðh... > [030] 00 . >[2007/12/14 15:53:05.487702, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.487833, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.487868, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.487900, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.487932, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.487963, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.487995, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.488027, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.488073, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.488105, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.488137, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.488169, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000009 >[2007/12/14 15:53:05.488264, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.488299, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.488331, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.488363, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.488394, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.488427, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.488461, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.488495, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 returned 48 bytes. >[2007/12/14 15:53:05.488529, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_r_open_pol >[2007/12/14 15:53:05.488562, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd >[2007/12/14 15:53:05.488594, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.488626, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.488680, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : c89b7fd0 >[2007/12/14 15:53:05.488755, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 7fcf >[2007/12/14 15:53:05.488790, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 4def >[2007/12/14 15:53:05.488845, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : b5 e4 >[2007/12/14 15:53:05.488881, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 55 61 f0 91 f0 68 >[2007/12/14 15:53:05.488919, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:53:05.488953, 5, pid=6050] rpc_parse/parse_lsa.c:init_q_query(487) > init_q_query >[2007/12/14 15:53:05.488990, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_q_query >[2007/12/14 15:53:05.489022, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd >[2007/12/14 15:53:05.489055, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.489087, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.489723, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : c89b7fd0 >[2007/12/14 15:53:05.489763, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 7fcf >[2007/12/14 15:53:05.489795, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 4def >[2007/12/14 15:53:05.489827, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : b5 e4 >[2007/12/14 15:53:05.489861, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 55 61 f0 91 f0 68 >[2007/12/14 15:53:05.489898, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 info_class: 0005 >[2007/12/14 15:53:05.490006, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.490045, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.490115, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.490149, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.490181, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.490212, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.490244, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.490276, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.490307, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.490339, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002e >[2007/12/14 15:53:05.490371, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.490435, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2007/12/14 15:53:05.490469, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.490501, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000016 >[2007/12/14 15:53:05.490533, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.490565, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2007/12/14 15:53:05.490597, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 >[2007/12/14 15:53:05.490634, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.490677, 5, pid=6050] lib/util.c:show_msg(582) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=61 >[2007/12/14 15:53:05.490946, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 0A 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 D0 7F 9B C8 CF ........ ...Ð..ÈÏ > [030] 7F EF 4D B5 E4 55 61 F0 91 F0 68 05 00 .ïMµäUað .ðh.. >[2007/12/14 15:53:05.491096, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 10 >[2007/12/14 15:53:05.491131, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.491162, 10, pid=6050] lib/util.c:dump_data(2192) > [000] DA 88 14 57 EE B1 39 BF Ú..Wî±9¿ >[2007/12/14 15:53:05.491213, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 11 mid = 8 >[2007/12/14 15:53:05.491245, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,132) >[2007/12/14 15:53:05.491344, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,132) wrote 132 >[2007/12/14 15:53:05.491817, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 148 >[2007/12/14 15:53:05.491898, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.491924, 5, pid=6050] lib/util.c:show_msg(582) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 92 (0x5C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=93 >[2007/12/14 15:53:05.492253, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 0A 00 00 ........ .\...... > [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .D...... ........ > [020] 00 04 00 06 00 04 00 02 00 08 00 02 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 02 00 00 00 4D 00 4D 00 04 00 00 ........ .M.M.... > [040] 00 01 04 00 00 00 00 00 05 15 00 00 00 D0 C2 54 ........ .....ÐÂT > [050] 8B 0C F8 91 62 2F 75 AA ED 00 00 00 00 ..ø.b/uª í.... >[2007/12/14 15:53:05.492459, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 11 mid = 8 >[2007/12/14 15:53:05.492492, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 11 >[2007/12/14 15:53:05.492561, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 11: got good SMB signature of >[2007/12/14 15:53:05.492597, 10, pid=6050] lib/util.c:dump_data(2192) > [000] D4 EA 50 3F 6E 6C DE D9 ÔêP?nlÞÙ >[2007/12/14 15:53:05.492647, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.492689, 5, pid=6050] lib/util.c:show_msg(582) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 92 (0x5C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=93 >[2007/12/14 15:53:05.492886, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 5C 00 00 00 0A 00 00 ........ .\...... > [010] 00 44 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .D...... ........ > [020] 00 04 00 06 00 04 00 02 00 08 00 02 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 02 00 00 00 4D 00 4D 00 04 00 00 ........ .M.M.... > [040] 00 01 04 00 00 00 00 00 05 15 00 00 00 D0 C2 54 ........ .....ÐÂT > [050] 8B 0C F8 91 62 2F 75 AA ED 00 00 00 00 ..ø.b/uª í.... >[2007/12/14 15:53:05.493148, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.493185, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.493217, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.493249, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.493281, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.493313, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.493345, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.493377, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.493409, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.493441, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 005c >[2007/12/14 15:53:05.493473, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.493537, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000a >[2007/12/14 15:53:05.493573, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.493606, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000044 >[2007/12/14 15:53:05.493638, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.493688, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.493773, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.493809, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 92, data_len 68, ss_len 0 >[2007/12/14 15:53:05.493844, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 92 at offset 0 >[2007/12/14 15:53:05.493928, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 returned 136 bytes. >[2007/12/14 15:53:05.493965, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 lsa_io_r_query >[2007/12/14 15:53:05.494032, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 dom_ptr: 00020000 >[2007/12/14 15:53:05.494066, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 lsa_io_query_info_ctr >[2007/12/14 15:53:05.494098, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0004 info_class: 0005 >[2007/12/14 15:53:05.494131, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 lsa_io_dom_query_3 >[2007/12/14 15:53:05.494163, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 uni_dom_max_len: 0004 >[2007/12/14 15:53:05.494195, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a uni_dom_str_len: 0006 >[2007/12/14 15:53:05.494227, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c buffer_dom_name: 00020004 >[2007/12/14 15:53:05.494259, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 buffer_dom_sid : 00020008 >[2007/12/14 15:53:05.494291, 8, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000014 smb_io_unistr2 unistr2 >[2007/12/14 15:53:05.494324, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 uni_max_len: 00000003 >[2007/12/14 15:53:05.494356, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 offset : 00000000 >[2007/12/14 15:53:05.494387, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c uni_str_len: 00000002 >[2007/12/14 15:53:05.494421, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0020 buffer : M.M. >[2007/12/14 15:53:05.494458, 8, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_dom_sid2 >[2007/12/14 15:53:05.494522, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 num_auths: 00000004 >[2007/12/14 15:53:05.494555, 9, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000028 smb_io_dom_sid sid >[2007/12/14 15:53:05.494587, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 sid_rev_num: 01 >[2007/12/14 15:53:05.494620, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0029 num_auths : 04 >[2007/12/14 15:53:05.494674, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002a id_auth[0] : 00 >[2007/12/14 15:53:05.494709, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002b id_auth[1] : 00 >[2007/12/14 15:53:05.494748, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002c id_auth[2] : 00 >[2007/12/14 15:53:05.494780, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002d id_auth[3] : 00 >[2007/12/14 15:53:05.494813, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002e id_auth[4] : 00 >[2007/12/14 15:53:05.494845, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 002f id_auth[5] : 05 >[2007/12/14 15:53:05.494877, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0030 sub_auths : 00000015 8b54c2d0 6291f80c edaa752f >[2007/12/14 15:53:05.494915, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0040 status: NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : c89b7fd0-7fcf-4def-b5e4-5561f091f068 >[2007/12/14 15:53:05.495126, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.495163, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.495195, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.495227, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.495259, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.495291, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.495323, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.495354, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.495386, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.495418, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2007/12/14 15:53:05.495481, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.495517, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2007/12/14 15:53:05.495549, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.495623, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2007/12/14 15:53:05.495676, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.495710, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0000 >[2007/12/14 15:53:05.495773, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 >[2007/12/14 15:53:05.495811, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.495834, 5, pid=6050] lib/util.c:show_msg(582) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32768 (0x8000) > smb_bcc=59 >[2007/12/14 15:53:05.496228, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 D0 7F 9B C8 CF ........ ...Ð..ÈÏ > [030] 7F EF 4D B5 E4 55 61 F0 91 F0 68 .ïMµäUað .ðh >[2007/12/14 15:53:05.496376, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 12 >[2007/12/14 15:53:05.496412, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.496472, 10, pid=6050] lib/util.c:dump_data(2192) > [000] EB 60 4B 6E B5 1C F2 F4 ë`Knµ.òô >[2007/12/14 15:53:05.496523, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 13 mid = 9 >[2007/12/14 15:53:05.496554, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,130) >[2007/12/14 15:53:05.496673, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,130) wrote 130 >[2007/12/14 15:53:05.497485, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.497548, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.497707, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.497938, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:53:05.498074, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 13 mid = 9 >[2007/12/14 15:53:05.498106, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 13 >[2007/12/14 15:53:05.498142, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 13: got good SMB signature of >[2007/12/14 15:53:05.498174, 10, pid=6050] lib/util.c:dump_data(2192) > [000] FA 27 7D 90 B3 3F CA 38 ú'}.³?Ê8 >[2007/12/14 15:53:05.498224, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.498247, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.498468, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:53:05.498618, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.498652, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.498703, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.498742, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.498776, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.498807, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.498840, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.498903, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.498938, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.498969, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.499002, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.499034, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000b >[2007/12/14 15:53:05.499067, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.499100, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.499132, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.499164, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.499233, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.499267, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.499301, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.499335, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \lsarpc fnum 0x8000 returned 48 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2007/12/14 15:53:05.499500, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 14 >[2007/12/14 15:53:05.499536, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.499568, 10, pid=6050] lib/util.c:dump_data(2192) > [000] AC D2 8A 5C 3C 30 82 DE ¬Ò.\<0.Þ >[2007/12/14 15:53:05.499618, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 15 mid = 10 >[2007/12/14 15:53:05.499650, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,45) >[2007/12/14 15:53:05.499740, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,45) wrote 45 >[2007/12/14 15:53:05.500482, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:53:05.500542, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.500567, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:53:05.500693, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 15 mid = 10 >[2007/12/14 15:53:05.500732, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 15 >[2007/12/14 15:53:05.500768, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 15: got good SMB signature of >[2007/12/14 15:53:05.500834, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 44 22 E1 3B CA 7E FC 6F D"á;Ê~üo >[2007/12/14 15:53:05.500888, 10, pid=6050] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \lsarpc to machine WIN2008 >[2007/12/14 15:53:05.500931, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 16 >[2007/12/14 15:53:05.500965, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.500997, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 38 2A 06 58 8F 4D 73 61 8*.X.Msa >[2007/12/14 15:53:05.501046, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 17 mid = 11 >[2007/12/14 15:53:05.501079, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,100) >[2007/12/14 15:53:05.501159, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,100) wrote 100 >[2007/12/14 15:53:05.501774, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 103 >[2007/12/14 15:53:05.501838, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.501863, 5, pid=6050] lib/util.c:show_msg(582) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=11 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/12/14 15:53:05.502296, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 17 mid = 11 >[2007/12/14 15:53:05.502331, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 17 >[2007/12/14 15:53:05.502365, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 17: got good SMB signature of >[2007/12/14 15:53:05.502397, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 2E D2 C2 F7 7E 46 1F 3E .ÒÂ÷~F.> >[2007/12/14 15:53:05.502483, 5, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) > Bind RPC Pipe[8001]: \samr auth_type 0, auth_level 0 >[2007/12/14 15:53:05.502516, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1648) > Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC xW4.4.Í« ï..#Eg.¬ > [010] 01 00 00 00 .... >[2007/12/14 15:53:05.502593, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1651) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2007/12/14 15:53:05.502692, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.502871, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.502941, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.502975, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2007/12/14 15:53:05.503007, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.503038, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.503070, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.503102, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.503134, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.503166, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2007/12/14 15:53:05.503198, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.503230, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2007/12/14 15:53:05.503262, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2007/12/14 15:53:05.503295, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.503326, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.503359, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.503428, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2007/12/14 15:53:05.503460, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2007/12/14 15:53:05.503529, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2007/12/14 15:53:05.503563, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2007/12/14 15:53:05.503595, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2007/12/14 15:53:05.503627, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2007/12/14 15:53:05.503677, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345778 >[2007/12/14 15:53:05.503816, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2007/12/14 15:53:05.503849, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2007/12/14 15:53:05.503914, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2007/12/14 15:53:05.503951, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 89 ac >[2007/12/14 15:53:05.503988, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2007/12/14 15:53:05.504020, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2007/12/14 15:53:05.504052, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2007/12/14 15:53:05.504085, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2007/12/14 15:53:05.504117, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2007/12/14 15:53:05.504149, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2007/12/14 15:53:05.504181, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2007/12/14 15:53:05.504215, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.504253, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2007/12/14 15:53:05.504287, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.504323, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.504346, 5, pid=6050] lib/util.c:show_msg(582) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=87 >[2007/12/14 15:53:05.504609, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 0C 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/12/14 15:53:05.504726, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 18 >[2007/12/14 15:53:05.504768, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.504800, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 70 B0 D6 FA CB 15 07 11 p°ÖúË... >[2007/12/14 15:53:05.504854, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 19 mid = 12 >[2007/12/14 15:53:05.504921, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,158) >[2007/12/14 15:53:05.505012, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,158) wrote 158 >[2007/12/14 15:53:05.505803, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 124 >[2007/12/14 15:53:05.505888, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.505950, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.506138, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0C 00 00 ........ .D...... > [010] 00 B8 10 B8 10 60 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.`.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.506313, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 19 mid = 12 >[2007/12/14 15:53:05.506346, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 19 >[2007/12/14 15:53:05.506384, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 19: got good SMB signature of >[2007/12/14 15:53:05.506446, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 8E AB EB 3C 17 21 EF 60 .«ë<.!ï` >[2007/12/14 15:53:05.506519, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.506544, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.506693, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0C 00 00 ........ .D...... > [010] 00 B8 10 B8 10 60 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.`.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.506997, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.507034, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.507068, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.507100, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.507132, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.507164, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.507196, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.507229, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.507260, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.507293, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.507353, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.507412, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2007/12/14 15:53:05.507446, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/12/14 15:53:05.507481, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 68 bytes. >[2007/12/14 15:53:05.507514, 3, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) > rpc_pipe_bind: Remote machine WIN2008 pipe \samr fnum 0x8001 bind request returned ok. >[2007/12/14 15:53:05.507547, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.507580, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.507612, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.507643, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.507693, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.507731, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.507764, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.507826, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.507862, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.507893, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.507925, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.507957, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000c >[2007/12/14 15:53:05.507990, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2007/12/14 15:53:05.508022, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.508054, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.508086, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.508118, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00009860 >[2007/12/14 15:53:05.508150, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2007/12/14 15:53:05.508182, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2007/12/14 15:53:05.508215, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2007/12/14 15:53:05.508256, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2007/12/14 15:53:05.508320, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2007/12/14 15:53:05.508354, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2007/12/14 15:53:05.508386, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2007/12/14 15:53:05.508418, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2007/12/14 15:53:05.508451, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2007/12/14 15:53:05.508483, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2007/12/14 15:53:05.508515, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2007/12/14 15:53:05.508547, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2007/12/14 15:53:05.508579, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2007/12/14 15:53:05.508613, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.508674, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2007/12/14 15:53:05.508763, 5, pid=6050] rpc_client/cli_pipe.c:check_bind_response(1702) > check_bind_response: accepted! >[2007/12/14 15:53:05.508831, 10, pid=6050] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) > cli_rpc_pipe_open_noauth: opened pipe \samr to machine WIN2008 and bound anonymously. >[2007/12/14 15:53:05.508907, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_connect(35) > cli_samr_connect to WIN2008 >[2007/12/14 15:53:05.509000, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_connect(7029) > init_samr_q_connect >[2007/12/14 15:53:05.509204, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_connect >[2007/12/14 15:53:05.509243, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 ptr_srv_name: 00000001 >[2007/12/14 15:53:05.509308, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 >[2007/12/14 15:53:05.509342, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 00000008 >[2007/12/14 15:53:05.509375, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2007/12/14 15:53:05.509407, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 00000008 >[2007/12/14 15:53:05.509442, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : W.I.N.2.0.0.8... >[2007/12/14 15:53:05.509486, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 access_mask: 02000000 >[2007/12/14 15:53:05.509563, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.509601, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.509633, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.509684, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.509722, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.509795, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.509831, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.509863, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.509896, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.509928, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2007/12/14 15:53:05.509960, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.509992, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2007/12/14 15:53:05.510025, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.510058, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000024 >[2007/12/14 15:53:05.510090, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.510123, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0039 >[2007/12/14 15:53:05.510156, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.510192, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.510216, 5, pid=6050] lib/util.c:show_msg(582) > size=142 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=75 >[2007/12/14 15:53:05.510529, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 3C 00 00 00 0D 00 00 00 24 .......< .......$ > [020] 00 00 00 00 00 39 00 01 00 00 00 08 00 00 00 00 .....9.. ........ > [030] 00 00 00 08 00 00 00 57 00 49 00 4E 00 32 00 30 .......W .I.N.2.0 > [040] 00 30 00 38 00 00 00 00 00 00 02 .0.8.... ... >[2007/12/14 15:53:05.510767, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 20 >[2007/12/14 15:53:05.510810, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.510842, 10, pid=6050] lib/util.c:dump_data(2192) > [000] E8 EC 96 C1 30 B1 FD CC èì.Á0±ýÌ >[2007/12/14 15:53:05.510932, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 21 mid = 13 >[2007/12/14 15:53:05.510966, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,146) >[2007/12/14 15:53:05.511060, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,146) wrote 146 >[2007/12/14 15:53:05.511799, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.511876, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.511902, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.512122, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F6 22 84 ........ .....ö". > [020] 21 D7 08 AB 41 AB BE 75 BF 4C 18 BF C5 00 00 00 !×.«A«¾u ¿L.¿Å... > [030] 00 . >[2007/12/14 15:53:05.512260, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 21 mid = 13 >[2007/12/14 15:53:05.512293, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 21 >[2007/12/14 15:53:05.512329, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 21: got good SMB signature of >[2007/12/14 15:53:05.512362, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 1F 80 7D 7A B6 16 7F E7 ..}z¶..ç >[2007/12/14 15:53:05.512412, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.512435, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.512675, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 F6 22 84 ........ .....ö". > [020] 21 D7 08 AB 41 AB BE 75 BF 4C 18 BF C5 00 00 00 !×.«A«¾u ¿L.¿Å... > [030] 00 . >[2007/12/14 15:53:05.512834, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.512869, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.512917, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.512950, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.512982, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.513014, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.513046, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.513111, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.513143, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.513175, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.513207, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.513240, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000d >[2007/12/14 15:53:05.513273, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.513306, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.513361, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.513395, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.513427, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.513459, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.513494, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.513528, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 48 bytes. >[2007/12/14 15:53:05.513700, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_connect >[2007/12/14 15:53:05.513748, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd connect_pol >[2007/12/14 15:53:05.513781, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.513813, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.513845, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 218422f6 >[2007/12/14 15:53:05.513877, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 08d7 >[2007/12/14 15:53:05.513909, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 41ab >[2007/12/14 15:53:05.513941, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : ab be >[2007/12/14 15:53:05.514001, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 75 bf 4c 18 bf c5 >[2007/12/14 15:53:05.514044, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:53:05.514109, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_open_domain(148) > cli_samr_open_domain with sid S-1-5-21-2337587920-1653733388-3987371311 >[2007/12/14 15:53:05.514180, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_open_domain(247) > samr_init_samr_q_open_domain >[2007/12/14 15:53:05.514255, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_open_domain >[2007/12/14 15:53:05.514290, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.514354, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.514388, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.514420, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 218422f6 >[2007/12/14 15:53:05.514507, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 08d7 >[2007/12/14 15:53:05.514541, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 41ab >[2007/12/14 15:53:05.514573, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : ab be >[2007/12/14 15:53:05.514608, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 75 bf 4c 18 bf c5 >[2007/12/14 15:53:05.514646, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 flags: 02000000 >[2007/12/14 15:53:05.514691, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_dom_sid2 sid >[2007/12/14 15:53:05.514733, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 num_auths: 00000004 >[2007/12/14 15:53:05.514766, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001c smb_io_dom_sid sid >[2007/12/14 15:53:05.514799, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001c sid_rev_num: 01 >[2007/12/14 15:53:05.514831, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001d num_auths : 04 >[2007/12/14 15:53:05.514863, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e id_auth[0] : 00 >[2007/12/14 15:53:05.514896, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001f id_auth[1] : 00 >[2007/12/14 15:53:05.514961, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0020 id_auth[2] : 00 >[2007/12/14 15:53:05.514995, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0021 id_auth[3] : 00 >[2007/12/14 15:53:05.515028, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0022 id_auth[4] : 00 >[2007/12/14 15:53:05.515060, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0023 id_auth[5] : 05 >[2007/12/14 15:53:05.515092, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32s(1005) > 0024 sub_auths : 00000015 8b54c2d0 6291f80c edaa752f >[2007/12/14 15:53:05.515173, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.515210, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.515243, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.515274, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.515306, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.515338, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.515370, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.515429, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.515467, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.515500, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 004c >[2007/12/14 15:53:05.515531, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.515563, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2007/12/14 15:53:05.515595, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.515627, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000034 >[2007/12/14 15:53:05.515676, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.515714, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0007 >[2007/12/14 15:53:05.515748, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.515824, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.515849, 5, pid=6050] lib/util.c:show_msg(582) > size=158 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=91 >[2007/12/14 15:53:05.516139, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 4C 00 00 00 0E 00 00 00 34 .......L .......4 > [020] 00 00 00 00 00 07 00 00 00 00 00 F6 22 84 21 D7 ........ ...ö".!× > [030] 08 AB 41 AB BE 75 BF 4C 18 BF C5 00 00 00 02 04 .«A«¾u¿L .¿Å..... > [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 D0 ........ .......Ð > [050] C2 54 8B 0C F8 91 62 2F 75 AA ED ÂT..ø.b/ uªí >[2007/12/14 15:53:05.516346, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 22 >[2007/12/14 15:53:05.516408, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.516445, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 47 C0 C0 DA 7A 2F 47 9E GÀÀÚz/G. >[2007/12/14 15:53:05.516493, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 23 mid = 14 >[2007/12/14 15:53:05.516525, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,162) >[2007/12/14 15:53:05.516614, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,162) wrote 162 >[2007/12/14 15:53:05.517842, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.517942, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.517968, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.518190, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9A 3D 01 ........ ......=. > [020] 67 18 BE E6 42 A7 86 17 63 7D EE 70 6C 00 00 00 g.¾æB§.. c}îpl... > [030] 00 . >[2007/12/14 15:53:05.518330, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 23 mid = 14 >[2007/12/14 15:53:05.518362, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 23 >[2007/12/14 15:53:05.518400, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 23: got good SMB signature of >[2007/12/14 15:53:05.518431, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 3C 98 80 F2 D3 EF 4B D7 <..òÓïK× >[2007/12/14 15:53:05.518480, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.518502, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.518693, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 9A 3D 01 ........ ......=. > [020] 67 18 BE E6 42 A7 86 17 63 7D EE 70 6C 00 00 00 g.¾æB§.. c}îpl... > [030] 00 . >[2007/12/14 15:53:05.518892, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.518930, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.518993, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.519027, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.519058, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.519090, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.519121, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.519152, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.519183, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.519215, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.519247, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.519279, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000e >[2007/12/14 15:53:05.519311, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.519343, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.519374, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.519406, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.519458, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.519497, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.519532, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.519566, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 48 bytes. >[2007/12/14 15:53:05.519600, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_open_domain >[2007/12/14 15:53:05.519634, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd domain_pol >[2007/12/14 15:53:05.519683, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.519721, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.519755, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 67013d9a >[2007/12/14 15:53:05.519787, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : be18 >[2007/12/14 15:53:05.519819, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42e6 >[2007/12/14 15:53:05.519851, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a7 86 >[2007/12/14 15:53:05.519886, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 17 63 7d ee 70 6c >[2007/12/14 15:53:05.519974, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:53:05.520050, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_create_dom_user(1653) > cli_samr_create_dom_user sarge26$ >[2007/12/14 15:53:05.520088, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_create_user(5177) > samr_init_samr_q_create_user >[2007/12/14 15:53:05.520133, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_create_user >[2007/12/14 15:53:05.520206, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd domain_pol >[2007/12/14 15:53:05.520266, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.520299, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.520331, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 67013d9a >[2007/12/14 15:53:05.520363, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : be18 >[2007/12/14 15:53:05.520395, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42e6 >[2007/12/14 15:53:05.520455, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a7 86 >[2007/12/14 15:53:05.520491, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 17 63 7d ee 70 6c >[2007/12/14 15:53:05.520529, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000014 smb_io_unihdr hdr_name >[2007/12/14 15:53:05.520561, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 uni_str_len: 0010 >[2007/12/14 15:53:05.520594, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 uni_max_len: 0010 >[2007/12/14 15:53:05.520627, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 buffer : 00000001 >[2007/12/14 15:53:05.520677, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001c smb_io_unistr2 uni_name >[2007/12/14 15:53:05.520716, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c uni_max_len: 00000008 >[2007/12/14 15:53:05.520749, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 offset : 00000000 >[2007/12/14 15:53:05.520782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 uni_str_len: 00000008 >[2007/12/14 15:53:05.520815, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0028 buffer : s.a.r.g.e.2.6.$. >[2007/12/14 15:53:05.520858, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0038 acb_info : 00000080 >[2007/12/14 15:53:05.520891, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 003c access_mask: e005000b >[2007/12/14 15:53:05.521040, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.521079, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.521112, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.521144, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.521176, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.521208, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.521240, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.521272, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.521304, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.521337, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0058 >[2007/12/14 15:53:05.521369, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.521433, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2007/12/14 15:53:05.521468, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.521500, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000040 >[2007/12/14 15:53:05.521533, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.521565, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0032 >[2007/12/14 15:53:05.521598, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.521690, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.521721, 5, pid=6050] lib/util.c:show_msg(582) > size=170 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=103 >[2007/12/14 15:53:05.521987, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 58 00 00 00 0F 00 00 00 40 .......X .......@ > [020] 00 00 00 00 00 32 00 00 00 00 00 9A 3D 01 67 18 .....2.. ....=.g. > [030] BE E6 42 A7 86 17 63 7D EE 70 6C 10 00 10 00 01 ¾æB§..c} îpl..... > [040] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 73 ........ .......s > [050] 00 61 00 72 00 67 00 65 00 32 00 36 00 24 00 80 .a.r.g.e .2.6.$.. > [060] 00 00 00 0B 00 05 E0 ......à >[2007/12/14 15:53:05.522231, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 24 >[2007/12/14 15:53:05.522266, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.522299, 10, pid=6050] lib/util.c:dump_data(2192) > [000] DC FF CA 09 27 9C DA AD ÜÿÊ.'.Ú >[2007/12/14 15:53:05.522348, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 25 mid = 15 >[2007/12/14 15:53:05.522410, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,174) >[2007/12/14 15:53:05.522504, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,174) wrote 174 >[2007/12/14 15:53:05.522842, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 112 >[2007/12/14 15:53:05.522930, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.522956, 5, pid=6050] lib/util.c:show_msg(582) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/12/14 15:53:05.523140, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 0F 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/12/14 15:53:05.523347, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 25 mid = 15 >[2007/12/14 15:53:05.523382, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 25 >[2007/12/14 15:53:05.523419, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 25: got good SMB signature of >[2007/12/14 15:53:05.523451, 10, pid=6050] lib/util.c:dump_data(2192) > [000] B6 6A 0A AA 94 AE B8 5B ¶j.ª.®¸[ >[2007/12/14 15:53:05.523499, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.523521, 5, pid=6050] lib/util.c:show_msg(582) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2007/12/14 15:53:05.523718, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 0F 00 00 ........ .8...... > [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 00 00 00 00 63 00 00 C0 .....c.. À >[2007/12/14 15:53:05.523867, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.523901, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.523933, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.523964, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.523995, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.524026, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.524058, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.524089, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.524120, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.524184, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0038 >[2007/12/14 15:53:05.524218, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.524249, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 0000000f >[2007/12/14 15:53:05.524282, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.524315, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000020 >[2007/12/14 15:53:05.524346, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.524377, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.524409, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.524440, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 56, data_len 32, ss_len 0 >[2007/12/14 15:53:05.524474, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 56 at offset 0 >[2007/12/14 15:53:05.524508, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 64 bytes. >[2007/12/14 15:53:05.524581, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_create_user >[2007/12/14 15:53:05.524616, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd user_pol >[2007/12/14 15:53:05.524700, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.524734, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.524766, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 00000000 >[2007/12/14 15:53:05.524798, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 0000 >[2007/12/14 15:53:05.524830, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 0000 >[2007/12/14 15:53:05.524862, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 00 00 >[2007/12/14 15:53:05.524897, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 00 00 00 00 00 00 >[2007/12/14 15:53:05.524970, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 access_granted: 00000000 >[2007/12/14 15:53:05.525006, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 user_rid : 00000000 >[2007/12/14 15:53:05.525038, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 001c status: NT_STATUS_USER_EXISTS >[2007/12/14 15:53:05.525088, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_lookup_names(1593) > cli_samr_lookup_names >[2007/12/14 15:53:05.525180, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_lookup_names(4823) > init_samr_q_lookup_names >[2007/12/14 15:53:05.525235, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_lookup_names >[2007/12/14 15:53:05.525269, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.525301, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.525334, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.525365, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 67013d9a >[2007/12/14 15:53:05.525398, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : be18 >[2007/12/14 15:53:05.525430, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42e6 >[2007/12/14 15:53:05.525462, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a7 86 >[2007/12/14 15:53:05.525496, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 17 63 7d ee 70 6c >[2007/12/14 15:53:05.525533, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 num_names1: 00000001 >[2007/12/14 15:53:05.525565, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 flags : 000003e8 >[2007/12/14 15:53:05.525626, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c ptr : 00000000 >[2007/12/14 15:53:05.525682, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 num_names2: 00000001 >[2007/12/14 15:53:05.525720, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unihdr >[2007/12/14 15:53:05.525754, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 uni_str_len: 0010 >[2007/12/14 15:53:05.525806, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 uni_max_len: 0010 >[2007/12/14 15:53:05.525838, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 buffer : 00000001 >[2007/12/14 15:53:05.525870, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00002c smb_io_unistr2 >[2007/12/14 15:53:05.525902, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 002c uni_max_len: 00000008 >[2007/12/14 15:53:05.525934, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 offset : 00000000 >[2007/12/14 15:53:05.525966, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 uni_str_len: 00000008 >[2007/12/14 15:53:05.525999, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0038 buffer : s.a.r.g.e.2.6.$. >[2007/12/14 15:53:05.526048, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.526230, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.526266, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.526297, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.526329, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.526361, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.526393, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.526425, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.526457, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.526527, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2007/12/14 15:53:05.526563, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.526629, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2007/12/14 15:53:05.526681, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.526719, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000048 >[2007/12/14 15:53:05.526753, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.526785, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0011 >[2007/12/14 15:53:05.526818, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.526854, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.526877, 5, pid=6050] lib/util.c:show_msg(582) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=111 >[2007/12/14 15:53:05.527144, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 00 00 10 00 00 00 48 .......` .......H > [020] 00 00 00 00 00 11 00 00 00 00 00 9A 3D 01 67 18 ........ ....=.g. > [030] BE E6 42 A7 86 17 63 7D EE 70 6C 01 00 00 00 E8 ¾æB§..c} îpl....è > [040] 03 00 00 00 00 00 00 01 00 00 00 10 00 10 00 01 ........ ........ > [050] 00 00 00 08 00 00 00 00 00 00 00 08 00 00 00 73 ........ .......s > [060] 00 61 00 72 00 67 00 65 00 32 00 36 00 24 00 .a.r.g.e .2.6.$. >[2007/12/14 15:53:05.527431, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 26 >[2007/12/14 15:53:05.527468, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.527499, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 0D 9C 92 D1 5F A3 36 F8 ...Ñ_£6ø >[2007/12/14 15:53:05.527570, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 27 mid = 16 >[2007/12/14 15:53:05.527608, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,182) >[2007/12/14 15:53:05.527714, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,182) wrote 182 >[2007/12/14 15:53:05.528786, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 116 >[2007/12/14 15:53:05.528897, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.528922, 5, pid=6050] lib/util.c:show_msg(582) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/12/14 15:53:05.529105, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 10 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 4F 04 00 00 01 00 00 00 04 00 02 .....O.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.529263, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 27 mid = 16 >[2007/12/14 15:53:05.529328, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 27 >[2007/12/14 15:53:05.529366, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 27: got good SMB signature of >[2007/12/14 15:53:05.529398, 10, pid=6050] lib/util.c:dump_data(2192) > [000] A9 DF D3 92 3C 6B 47 5E ©ßÓ.<kG^ >[2007/12/14 15:53:05.529445, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.529468, 5, pid=6050] lib/util.c:show_msg(582) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2007/12/14 15:53:05.529694, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 10 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [020] 00 01 00 00 00 4F 04 00 00 01 00 00 00 04 00 02 .....O.. ........ > [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.529905, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.529941, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.529972, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.530003, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.530035, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.530126, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.530159, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.530191, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.530222, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.530277, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 003c >[2007/12/14 15:53:05.530315, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.530347, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000010 >[2007/12/14 15:53:05.530379, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.530411, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000024 >[2007/12/14 15:53:05.530442, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.530473, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.530504, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.530536, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 60, data_len 36, ss_len 0 >[2007/12/14 15:53:05.530569, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 60 at offset 0 >[2007/12/14 15:53:05.530602, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 72 bytes. >[2007/12/14 15:53:05.530684, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_lookup_names >[2007/12/14 15:53:05.530727, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 num_rids1: 00000001 >[2007/12/14 15:53:05.530826, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 ptr_rids : 00020000 >[2007/12/14 15:53:05.530862, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 num_rids2: 00000001 >[2007/12/14 15:53:05.530896, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c rid[00] : 0000044f >[2007/12/14 15:53:05.530928, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 num_types1: 00000001 >[2007/12/14 15:53:05.530960, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 ptr_types : 00020004 >[2007/12/14 15:53:05.530992, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 num_types2: 00000001 >[2007/12/14 15:53:05.531024, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 001c type[00] : 00000001 >[2007/12/14 15:53:05.531056, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0020 status: NT_STATUS_OK >[2007/12/14 15:53:05.531091, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_open_user(186) > cli_samr_open_user with rid 0x44f >[2007/12/14 15:53:05.531152, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_open_user(5108) > samr_init_samr_q_open_user >[2007/12/14 15:53:05.531198, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_open_user >[2007/12/14 15:53:05.531265, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd domain_pol >[2007/12/14 15:53:05.531301, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.531333, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.531365, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 67013d9a >[2007/12/14 15:53:05.531397, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : be18 >[2007/12/14 15:53:05.531429, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42e6 >[2007/12/14 15:53:05.531461, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a7 86 >[2007/12/14 15:53:05.531496, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 17 63 7d ee 70 6c >[2007/12/14 15:53:05.531533, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 access_mask: 02000000 >[2007/12/14 15:53:05.531565, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 user_rid : 0000044f >[2007/12/14 15:53:05.531603, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.531669, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.531708, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.531774, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.531807, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.531839, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.531870, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.531902, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.531933, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.531964, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0034 >[2007/12/14 15:53:05.531996, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.532027, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000011 >[2007/12/14 15:53:05.532059, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.532091, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000001c >[2007/12/14 15:53:05.532122, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.532154, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0022 >[2007/12/14 15:53:05.532255, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.532296, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.532319, 5, pid=6050] lib/util.c:show_msg(582) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=67 >[2007/12/14 15:53:05.532546, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 11 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 22 00 00 00 00 00 9A 3D 01 67 18 .....".. ....=.g. > [030] BE E6 42 A7 86 17 63 7D EE 70 6C 00 00 00 02 4F ¾æB§..c} îpl....O > [040] 04 00 00 ... >[2007/12/14 15:53:05.532749, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 28 >[2007/12/14 15:53:05.532787, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.532819, 10, pid=6050] lib/util.c:dump_data(2192) > [000] FF 71 C5 73 CF 24 E2 F8 ÿqÅsÏ$âø >[2007/12/14 15:53:05.532867, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 29 mid = 17 >[2007/12/14 15:53:05.532898, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,138) >[2007/12/14 15:53:05.532987, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,138) wrote 138 >[2007/12/14 15:53:05.533824, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.533920, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.533946, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.534167, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 11 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 B7 9C 52 ........ .....·.R > [020] B3 2E 4B FA 42 A1 98 13 90 77 0C D3 F3 00 00 00 ³.KúB¡.. .w.Óó... > [030] 00 . >[2007/12/14 15:53:05.534306, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 29 mid = 17 >[2007/12/14 15:53:05.534338, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 29 >[2007/12/14 15:53:05.534376, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 29: got good SMB signature of >[2007/12/14 15:53:05.534407, 10, pid=6050] lib/util.c:dump_data(2192) > [000] F2 1F C7 FB CF 15 0A 39 ò.ÇûÏ..9 >[2007/12/14 15:53:05.534455, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.534478, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.534692, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 11 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 B7 9C 52 ........ .....·.R > [020] B3 2E 4B FA 42 A1 98 13 90 77 0C D3 F3 00 00 00 ³.KúB¡.. .w.Óó... > [030] 00 . >[2007/12/14 15:53:05.534839, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.534874, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.534907, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.534938, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.535030, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.535096, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.535130, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.535161, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.535193, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.535224, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.535257, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.535288, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000011 >[2007/12/14 15:53:05.535321, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.535353, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.535384, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.535416, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.535448, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.535480, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.535514, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.535579, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 48 bytes. >[2007/12/14 15:53:05.535616, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_open_user >[2007/12/14 15:53:05.535673, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd user_pol >[2007/12/14 15:53:05.535712, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.535746, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.535778, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : b3529cb7 >[2007/12/14 15:53:05.535810, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 4b2e >[2007/12/14 15:53:05.535843, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42fa >[2007/12/14 15:53:05.535875, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a1 98 >[2007/12/14 15:53:05.535910, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 13 90 77 0c d3 f3 >[2007/12/14 15:53:05.535948, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:53:05.536694, 10, pid=6050] rpc_parse/parse_samr.c:init_sam_user_info24(5602) > init_sam_user_info24: >[2007/12/14 15:53:05.536739, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_set_userinfo(1697) > cli_samr_set_userinfo >[2007/12/14 15:53:05.536812, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6869) > init_samr_q_set_userinfo >[2007/12/14 15:53:05.536852, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6638) > init_samr_userinfo_ctr >[2007/12/14 15:53:05.536938, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_set_userinfo >[2007/12/14 15:53:05.537008, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.537043, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.537075, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.537107, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : b3529cb7 >[2007/12/14 15:53:05.537140, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 4b2e >[2007/12/14 15:53:05.537172, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42fa >[2007/12/14 15:53:05.537204, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a1 98 >[2007/12/14 15:53:05.537238, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 13 90 77 0c d3 f3 >[2007/12/14 15:53:05.537276, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 switch_value: 0018 >[2007/12/14 15:53:05.537335, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000016 samr_io_userinfo_ctr ctr >[2007/12/14 15:53:05.537406, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 switch_value: 0018 >[2007/12/14 15:53:05.537442, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 sam_io_user_info24 >[2007/12/14 15:53:05.537508, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0018 password: 10 f4 f3 f1 ba fd b3 db b1 64 58 28 4c c7 7a cc 4e d7 f0 41 a4 82 b1 31 de de 45 01 07 b4 5f 1a 65 d5 39 6a 53 b9 a8 06 07 48 4f de d0 78 9f fb cc 0b 9e d6 dd e2 3a ec 71 d2 78 02 10 ec a5 42 34 e9 07 6d ef 21 73 e1 da 31 17 ab bf cf 81 13 df 88 fc 02 51 b9 e9 2d 1c 37 ae b7 bc 04 e2 05 12 34 d1 85 b3 5c da 4b a2 5a c0 0c ba c3 29 3e f6 68 f5 a8 20 fe bc 32 e5 32 61 8a 81 b0 97 77 59 e9 7e 6b 11 74 de 98 88 97 6d 0e 45 bd d0 a5 9b 49 a2 94 37 1a 46 a7 12 ae 1c 7c a1 9c 40 28 d9 22 df b1 68 be 37 d3 01 cd ad 5b 23 24 66 e3 23 83 b3 80 2f a8 2c 6b 1e 03 bc 0e 51 84 b7 d2 3e d1 59 9d 96 90 a0 da 0a 37 4e 74 8e 94 2c 0f 18 c3 5c ff 3d 33 a1 2e 3b af 32 19 cd be 8c cf 4e f1 7a a9 d6 1c a4 7b fd f6 13 b5 34 2c cf 55 01 ee 9a ea 54 e8 27 16 32 b7 35 56 44 6b 3d 32 63 04 1a 11 ec 17 84 98 21 72 09 bc 39 f7 f3 e4 0c 7d 4a 26 02 b5 9b 2e 66 1d dd ef 04 41 6e 3b 09 78 0c af 12 05 ba 4b ce 8b f8 0f eb b9 4c 66 04 0e f0 ce 3b 05 47 ca 26 c3 95 56 55 a7 25 16 3e 4b b1 ca 73 27 a9 6b a7 5d 80 7 +> > 5 e0 82 bd 07 55 06 5f ff 7e 76 31 9f b6 42 e5 7f bb 9f 6f 6e 82 74 7a d6 bf f5 37 80 29 cd 2a 77 59 be fb e7 f3 01 2e 52 53 2c 6f ae e1 ad 97 2b 12 58 5e 58 e4 ef ab 58 cb b5 ae e1 71 0f 02 e1 9f 42 89 db 7f 3f 10 13 ad e4 91 0c 74 e7 16 e0 6f 5f b8 bb ab ba 32 99 9d 4f 1a 1b a8 b4 58 8d 70 62 66 eb 15 aa 59 4a 50 2f 1d 70 43 70 5e 1d 57 e7 c7 5a a1 c4 51 66 08 78 08 95 3a b7 25 5c f9 f7 cf 8b 6b d4 e9 46 ff 27 99 71 a2 48 a7 07 d5 8d ca 60 01 17 dd fa e6 66 ac d5 fb cd 2e c3 bf f2 3c d7 0f 51 42 53 9e cb 97 ed ae c1 b5 1b 1d 1f 32 4f 74 53 e5 82 >[2007/12/14 15:53:05.537736, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 021c pw_len: 18 >[2007/12/14 15:53:05.537777, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.537810, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.537843, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.537911, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.537944, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.537976, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.538008, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.538039, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.538071, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.538102, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0235 >[2007/12/14 15:53:05.538134, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.538196, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000012 >[2007/12/14 15:53:05.538228, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.538260, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000021d >[2007/12/14 15:53:05.538291, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.538323, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 003a >[2007/12/14 15:53:05.538397, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.538435, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.538458, 5, pid=6050] lib/util.c:show_msg(582) > size=647 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 565 (0x235) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 565 (0x235) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=580 >[2007/12/14 15:53:05.538741, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 35 02 00 00 12 00 00 00 1D .......5 ........ > [020] 02 00 00 00 00 3A 00 00 00 00 00 B7 9C 52 B3 2E .....:.. ...·.R³. > [030] 4B FA 42 A1 98 13 90 77 0C D3 F3 18 00 18 00 10 KúB¡...w .Óó..... > [040] F4 F3 F1 BA FD B3 DB B1 64 58 28 4C C7 7A CC 4E ôóñºý³Û± dX(LÇzÌN > [050] D7 F0 41 A4 82 B1 31 DE DE 45 01 07 B4 5F 1A 65 ×ðA¤.±1Þ ÞE..´_.e > [060] D5 39 6A 53 B9 A8 06 07 48 4F DE D0 78 9F FB CC Õ9jS¹¨.. HOÞÐx.ûÌ > [070] 0B 9E D6 DD E2 3A EC 71 D2 78 02 10 EC A5 42 34 ..ÖÝâ:ìq Òx..ì¥B4 > [080] E9 07 6D EF 21 73 E1 DA 31 17 AB BF CF 81 13 DF é.mï!sáÚ 1.«¿Ï..ß > [090] 88 FC 02 51 B9 E9 2D 1C 37 AE B7 BC 04 E2 05 12 .ü.Q¹é-. 7®·¼.â.. > [0A0] 34 D1 85 B3 5C DA 4B A2 5A C0 0C BA C3 29 3E F6 4Ñ.³\ÚK¢ ZÀ.ºÃ)>ö > [0B0] 68 F5 A8 20 FE BC 32 E5 32 61 8A 81 B0 97 77 59 hõ¨ þ¼2å 2a..°.wY > [0C0] E9 7E 6B 11 74 DE 98 88 97 6D 0E 45 BD D0 A5 9B é~k.tÞ.. .m.E½Ð¥. > [0D0] 49 A2 94 37 1A 46 A7 12 AE 1C 7C A1 9C 40 28 D9 I¢.7.F§. ®.|¡.@(Ù > [0E0] 22 DF B1 68 BE 37 D3 01 CD AD 5B 23 24 66 E3 23 "ß±h¾7Ó. Í[#$fã# > [0F0] 83 B3 80 2F A8 2C 6B 1E 03 BC 0E 51 84 B7 D2 3E .³./¨,k. .¼.Q.·Ò> > [100] D1 59 9D 96 90 A0 DA 0A 37 4E 74 8E 94 2C 0F 18 ÑY... Ú. 7Nt..,.. > [110] C3 5C FF 3D 33 A1 2E 3B AF 32 19 CD BE 8C CF 4E Ã\ÿ=3¡.; ¯2.;.ÏN > [120] F1 7A A9 D6 1C A4 7B FD F6 13 B5 34 2C CF 55 01 ñz©Ö.¤{ý ö.µ4,ÏU. > [130] EE 9A EA 54 E8 27 16 32 B7 35 56 44 6B 3D 32 63 î.êTè'.2 ·5VDk=2c > [140] 04 1A 11 EC 17 84 98 21 72 09 BC 39 F7 F3 E4 0C ...ì...! r.¼9÷óä. > [150] 7D 4A 26 02 B5 9B 2E 66 1D DD EF 04 41 6E 3B 09 }J&.µ..f .Ýï.An;. > [160] 78 0C AF 12 05 BA 4B CE 8B F8 0F EB B9 4C 66 04 x.¯..ºKÎ .ø.ë¹Lf. > [170] 0E F0 CE 3B 05 47 CA 26 C3 95 56 55 A7 25 16 3E .ðÎ;.GÊ& Ã.VU§%.> > [180] 4B B1 CA 73 27 A9 6B A7 5D 80 75 E0 82 BD 07 55 K±Ês'©k§ ].uà.½.U > [190] 06 5F FF 7E 76 31 9F B6 42 E5 7F BB 9F 6F 6E 82 ._ÿ~v1.¶ Bå.».on. > [1A0] 74 7A D6 BF F5 37 80 29 CD 2A 77 59 BE FB E7 F3 tzÖ¿õ7.) Í*wY¾ûçó > [1B0] 01 2E 52 53 2C 6F AE E1 AD 97 2B 12 58 5E 58 E4 ..RS,o®á .+.X^Xä > [1C0] EF AB 58 CB B5 AE E1 71 0F 02 E1 9F 42 89 DB 7F ï«X˵®áq ..á.B.Û. > [1D0] 3F 10 13 AD E4 91 0C 74 E7 16 E0 6F 5F B8 BB AB ?..ä..t ç.ào_¸»« > [1E0] BA 32 99 9D 4F 1A 1B A8 B4 58 8D 70 62 66 EB 15 º2..O..¨ ´X.pbfë. > [1F0] AA 59 4A 50 2F 1D 70 43 70 5E 1D 57 E7 C7 5A A1 ªYJP/.pC p^.WçÇZ¡ >[2007/12/14 15:53:05.539853, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 30 >[2007/12/14 15:53:05.539933, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.539989, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 57 EF CD 57 5F 03 B1 A9 WïÍW_.±© >[2007/12/14 15:53:05.540043, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 31 mid = 18 >[2007/12/14 15:53:05.540075, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,651) >[2007/12/14 15:53:05.540201, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,651) wrote 651 >[2007/12/14 15:53:05.620834, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 84 >[2007/12/14 15:53:05.620937, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.621688, 5, pid=6050] lib/util.c:show_msg(582) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/12/14 15:53:05.621910, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 12 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.622685, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 31 mid = 18 >[2007/12/14 15:53:05.622737, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 31 >[2007/12/14 15:53:05.622780, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 31: got good SMB signature of >[2007/12/14 15:53:05.622812, 10, pid=6050] lib/util.c:dump_data(2192) > [000] F3 BD 70 25 87 06 31 78 ó½p%..1x >[2007/12/14 15:53:05.622861, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.622884, 5, pid=6050] lib/util.c:show_msg(582) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/12/14 15:53:05.623811, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 12 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.623904, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.623938, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.623970, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.624692, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.624726, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.624758, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.624789, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.624821, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.624884, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.624918, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001c >[2007/12/14 15:53:05.624950, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.624982, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000012 >[2007/12/14 15:53:05.625691, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.625727, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000004 >[2007/12/14 15:53:05.625758, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.625790, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.625821, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.625853, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/12/14 15:53:05.625888, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/12/14 15:53:05.625954, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 8 bytes. >[2007/12/14 15:53:05.626696, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_set_userinfo >[2007/12/14 15:53:05.626736, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0000 status: NT_STATUS_OK >[2007/12/14 15:53:05.626780, 5, pid=6050] rpc_parse/parse_samr.c:init_sam_user_info16(5446) > init_sam_user_info16 >[2007/12/14 15:53:05.626813, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_set_userinfo2(1748) > cli_samr_set_userinfo2 >[2007/12/14 15:53:05.626845, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_set_userinfo2(6943) > init_samr_q_set_userinfo2 >[2007/12/14 15:53:05.626892, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_set_userinfo2 >[2007/12/14 15:53:05.626925, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.626959, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.626991, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.627691, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : b3529cb7 >[2007/12/14 15:53:05.627755, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 4b2e >[2007/12/14 15:53:05.627787, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42fa >[2007/12/14 15:53:05.627819, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a1 98 >[2007/12/14 15:53:05.627854, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 13 90 77 0c d3 f3 >[2007/12/14 15:53:05.627892, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 switch_value: 0010 >[2007/12/14 15:53:05.627924, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000016 samr_io_userinfo_ctr ctr >[2007/12/14 15:53:05.627957, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 switch_value: 0010 >[2007/12/14 15:53:05.627990, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 samr_io_r_user_info16 >[2007/12/14 15:53:05.628688, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0018 acb_info: 00000080 >[2007/12/14 15:53:05.628769, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.628837, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.628872, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.628904, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.628936, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.628967, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.629682, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.629716, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.629748, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.629780, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0034 >[2007/12/14 15:53:05.629812, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.629844, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000013 >[2007/12/14 15:53:05.629876, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.629908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000001c >[2007/12/14 15:53:05.629962, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.630681, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0025 >[2007/12/14 15:53:05.630716, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.630754, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.630777, 5, pid=6050] lib/util.c:show_msg(582) > size=134 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=67 >[2007/12/14 15:53:05.631682, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 34 00 00 00 13 00 00 00 1C .......4 ........ > [020] 00 00 00 00 00 25 00 00 00 00 00 B7 9C 52 B3 2E .....%.. ...·.R³. > [030] 4B FA 42 A1 98 13 90 77 0C D3 F3 10 00 10 00 80 KúB¡...w .Óó..... > [040] 00 00 00 ... >[2007/12/14 15:53:05.631891, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 32 >[2007/12/14 15:53:05.631928, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.631960, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 7F 51 19 F3 52 40 21 83 .Q.óR@!. >[2007/12/14 15:53:05.632683, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 33 mid = 19 >[2007/12/14 15:53:05.632718, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,138) >[2007/12/14 15:53:05.632787, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,138) wrote 138 >[2007/12/14 15:53:05.633822, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 84 >[2007/12/14 15:53:05.634698, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.634729, 5, pid=6050] lib/util.c:show_msg(582) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/12/14 15:53:05.634916, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 13 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.635679, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 33 mid = 19 >[2007/12/14 15:53:05.635714, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 33 >[2007/12/14 15:53:05.635752, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 33: got good SMB signature of >[2007/12/14 15:53:05.635817, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 8F 4D 6C B2 3B D1 25 1C .Ml²;Ñ%. >[2007/12/14 15:53:05.635871, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.635895, 5, pid=6050] lib/util.c:show_msg(582) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2007/12/14 15:53:05.636679, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 13 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2007/12/14 15:53:05.636771, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.636820, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.636890, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.636924, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.636955, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.637684, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.637718, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.637750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.637782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.637845, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 001c >[2007/12/14 15:53:05.637877, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.637908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000013 >[2007/12/14 15:53:05.637941, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.637973, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000004 >[2007/12/14 15:53:05.638709, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.638750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.638781, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.638813, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0 >[2007/12/14 15:53:05.638856, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 28 at offset 0 >[2007/12/14 15:53:05.638891, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 8 bytes. >[2007/12/14 15:53:05.638925, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_set_userinfo2 >[2007/12/14 15:53:05.638958, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0000 status: NT_STATUS_OK >[2007/12/14 15:53:05.638992, 10, pid=6050] rpc_client/cli_samr.c:rpccli_samr_close(108) > cli_samr_close >[2007/12/14 15:53:05.639688, 5, pid=6050] rpc_parse/parse_samr.c:init_samr_q_close_hnd(37) > init_samr_q_close_hnd >[2007/12/14 15:53:05.639735, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_q_close_hnd >[2007/12/14 15:53:05.639768, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.639800, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.639862, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.639894, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : b3529cb7 >[2007/12/14 15:53:05.639926, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 4b2e >[2007/12/14 15:53:05.639958, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 42fa >[2007/12/14 15:53:05.639990, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : a1 98 >[2007/12/14 15:53:05.640689, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 13 90 77 0c d3 f3 >[2007/12/14 15:53:05.640735, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.640768, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.640800, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.640831, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.640863, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.640895, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.640927, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.641681, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.641715, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.641747, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 002c >[2007/12/14 15:53:05.641779, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.641811, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000014 >[2007/12/14 15:53:05.641843, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.641875, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000014 >[2007/12/14 15:53:05.641906, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.641937, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0001 >[2007/12/14 15:53:05.641970, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 >[2007/12/14 15:53:05.642683, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.642709, 5, pid=6050] lib/util.c:show_msg(582) > size=126 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32769 (0x8001) > smb_bcc=59 >[2007/12/14 15:53:05.643684, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2C 00 00 00 14 00 00 00 14 ......., ........ > [020] 00 00 00 00 00 01 00 00 00 00 00 B7 9C 52 B3 2E ........ ...·.R³. > [030] 4B FA 42 A1 98 13 90 77 0C D3 F3 KúB¡...w .Óó >[2007/12/14 15:53:05.643833, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 34 >[2007/12/14 15:53:05.643867, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.643944, 10, pid=6050] lib/util.c:dump_data(2192) > [000] B6 0B 3E 62 73 46 34 08 ¶.>bsF4. >[2007/12/14 15:53:05.644687, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 35 mid = 20 >[2007/12/14 15:53:05.644723, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,130) >[2007/12/14 15:53:05.644816, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,130) wrote 130 >[2007/12/14 15:53:05.645751, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 104 >[2007/12/14 15:53:05.645810, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.645835, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.646686, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 14 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:53:05.646877, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 35 mid = 20 >[2007/12/14 15:53:05.646910, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 35 >[2007/12/14 15:53:05.646946, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 35: got good SMB signature of >[2007/12/14 15:53:05.646977, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 7E 91 63 E0 E9 D4 63 B3 ~.càéÔc³ >[2007/12/14 15:53:05.647688, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.647925, 5, pid=6050] lib/util.c:show_msg(582) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2007/12/14 15:53:05.648683, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 14 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2007/12/14 15:53:05.648836, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.648869, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.648930, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.648961, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.649680, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.649713, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.649744, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.649775, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.649806, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.649838, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0030 >[2007/12/14 15:53:05.649869, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.649908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000014 >[2007/12/14 15:53:05.649941, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.649973, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000018 >[2007/12/14 15:53:05.650709, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.650750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.650782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.650813, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 >[2007/12/14 15:53:05.650848, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 48 at offset 0 >[2007/12/14 15:53:05.650881, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \samr fnum 0x8001 returned 48 bytes. >[2007/12/14 15:53:05.650915, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 samr_io_r_close_hnd >[2007/12/14 15:53:05.650948, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_pol_hnd pol >[2007/12/14 15:53:05.650980, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 handle_type: 00000000 >[2007/12/14 15:53:05.651684, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_uuid uuid >[2007/12/14 15:53:05.651718, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 data : 00000000 >[2007/12/14 15:53:05.651750, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 data : 0000 >[2007/12/14 15:53:05.651782, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a data : 0000 >[2007/12/14 15:53:05.651814, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000c data : 00 00 >[2007/12/14 15:53:05.652724, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 000e data : 00 00 00 00 00 00 >[2007/12/14 15:53:05.652766, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0014 status: NT_STATUS_OK >[2007/12/14 15:53:05.652803, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 36 >[2007/12/14 15:53:05.652837, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.652869, 10, pid=6050] lib/util.c:dump_data(2192) > [000] D5 DD BC 27 72 B8 C5 C4 Õݼ'r¸ÅÄ >[2007/12/14 15:53:05.652919, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 37 mid = 21 >[2007/12/14 15:53:05.653689, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,45) >[2007/12/14 15:53:05.653745, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,45) wrote 45 >[2007/12/14 15:53:05.654752, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:53:05.654906, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.654935, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=21 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:53:05.655680, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 37 mid = 21 >[2007/12/14 15:53:05.655716, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 37 >[2007/12/14 15:53:05.655749, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 37: got good SMB signature of >[2007/12/14 15:53:05.655781, 10, pid=6050] lib/util.c:dump_data(2192) > [000] FF 61 3D C6 59 3A 16 CE ÿa=ÆY:.Î >[2007/12/14 15:53:05.655833, 10, pid=6050] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \samr to machine WIN2008 >[2007/12/14 15:53:05.656732, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 38 >[2007/12/14 15:53:05.656768, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.656800, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 6A 3A 70 86 0B 71 B9 39 j:p..q¹9 >[2007/12/14 15:53:05.656880, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 39 mid = 22 >[2007/12/14 15:53:05.656915, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,108) >[2007/12/14 15:53:05.657720, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,108) wrote 108 >[2007/12/14 15:53:05.657786, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 103 >[2007/12/14 15:53:05.657832, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.657857, 5, pid=6050] lib/util.c:show_msg(582) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=22 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 512 (0x200) > smb_vwv[ 3]= 384 (0x180) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2007/12/14 15:53:05.659678, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 39 mid = 22 >[2007/12/14 15:53:05.659714, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 39 >[2007/12/14 15:53:05.659783, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 39: got good SMB signature of >[2007/12/14 15:53:05.659816, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 5E E7 4A 2A 8B D6 0B BB ^çJ*.Ö.» >[2007/12/14 15:53:05.659894, 5, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2045) > Bind RPC Pipe[8002]: \NETLOGON auth_type 0, auth_level 0 >[2007/12/14 15:53:05.659929, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1648) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4.Í« ï..#EgÏû > [010] 01 00 00 00 .... >[2007/12/14 15:53:05.660682, 5, pid=6050] rpc_client/cli_pipe.c:valid_pipe_name(1651) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]..ë.É. .è..+.H` > [010] 02 00 00 00 .... >[2007/12/14 15:53:05.660764, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.660896, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.660936, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.660967, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0b >[2007/12/14 15:53:05.661682, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.661716, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.661748, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.661779, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.661811, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.661843, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0048 >[2007/12/14 15:53:05.661876, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.661908, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2007/12/14 15:53:05.661940, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_rb >[2007/12/14 15:53:05.661972, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.662764, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.662806, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.662838, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00000000 >[2007/12/14 15:53:05.662870, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0018 num_contexts: 01 >[2007/12/14 15:53:05.662903, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 001c context_id : 0000 >[2007/12/14 15:53:05.662935, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 001e num_transfer_syntaxes: 01 >[2007/12/14 15:53:05.662967, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 00001f smb_io_rpc_iface >[2007/12/14 15:53:05.662999, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000020 smb_io_uuid uuid >[2007/12/14 15:53:05.663031, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0020 data : 12345678 >[2007/12/14 15:53:05.663678, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0024 data : 1234 >[2007/12/14 15:53:05.663712, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0026 data : abcd >[2007/12/14 15:53:05.663745, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0028 data : ef 00 >[2007/12/14 15:53:05.663814, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 002a data : 01 23 45 67 cf fb >[2007/12/14 15:53:05.663852, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 version: 00000001 >[2007/12/14 15:53:05.663884, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_rpc_iface >[2007/12/14 15:53:05.663916, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000034 smb_io_uuid uuid >[2007/12/14 15:53:05.663948, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0034 data : 8a885d04 >[2007/12/14 15:53:05.664693, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0038 data : 1ceb >[2007/12/14 15:53:05.664730, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 003a data : 11c9 >[2007/12/14 15:53:05.664762, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003c data : 9f e8 >[2007/12/14 15:53:05.664796, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003e data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.664833, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 version: 00000002 >[2007/12/14 15:53:05.664867, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 >[2007/12/14 15:53:05.664936, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.665701, 5, pid=6050] lib/util.c:show_msg(582) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=23 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32770 (0x8002) > smb_bcc=87 >[2007/12/14 15:53:05.665940, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 15 00 00 00 B8 .......H .......¸ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.Í«ï ..#EgÏû. > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ > [050] 10 48 60 02 00 00 00 .H`.... >[2007/12/14 15:53:05.666830, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 40 >[2007/12/14 15:53:05.666869, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.666900, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 7E C5 F6 D9 DB B8 D6 95 ~ÅöÙÛ¸Ö. >[2007/12/14 15:53:05.666949, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 41 mid = 23 >[2007/12/14 15:53:05.666981, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,158) >[2007/12/14 15:53:05.667706, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,158) wrote 158 >[2007/12/14 15:53:05.668736, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 124 >[2007/12/14 15:53:05.668792, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.668817, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.669672, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... > [010] 00 B8 10 B8 10 61 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.a.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.669932, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 41 mid = 23 >[2007/12/14 15:53:05.669967, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 41 >[2007/12/14 15:53:05.670677, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 41: got good SMB signature of >[2007/12/14 15:53:05.670711, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 33 7D 25 38 6A 51 F4 63 3}%8jQôc >[2007/12/14 15:53:05.670761, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.670784, 5, pid=6050] lib/util.c:show_msg(582) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=23 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2007/12/14 15:53:05.671671, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 15 00 00 ........ .D...... > [010] 00 B8 10 B8 10 61 98 00 00 0C 00 5C 70 69 70 65 .¸.¸.a.. ...\pipe > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H > [040] 60 02 00 00 00 `.... >[2007/12/14 15:53:05.671861, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.671895, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.671927, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.671959, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.672670, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.672736, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.672770, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.672802, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.672834, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.672865, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.672898, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.672930, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2007/12/14 15:53:05.672963, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2007/12/14 15:53:05.673670, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 returned 68 bytes. >[2007/12/14 15:53:05.673706, 3, pid=6050] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) > rpc_pipe_bind: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 bind request returned ok. >[2007/12/14 15:53:05.673739, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.673771, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.673802, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.673922, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 0c >[2007/12/14 15:53:05.673960, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.674669, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.674702, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.674733, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.674765, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.674856, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0044 >[2007/12/14 15:53:05.674890, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.674922, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000015 >[2007/12/14 15:53:05.674954, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_ba >[2007/12/14 15:53:05.675686, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_bba >[2007/12/14 15:53:05.675720, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0010 max_tsize: 10b8 >[2007/12/14 15:53:05.675752, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0012 max_rsize: 10b8 >[2007/12/14 15:53:05.675885, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0014 assoc_gid: 00009861 >[2007/12/14 15:53:05.675920, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000018 smb_io_rpc_addr_str >[2007/12/14 15:53:05.675952, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0018 len: 000c >[2007/12/14 15:53:05.676670, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 001a str: \pipe\lsass. >[2007/12/14 15:53:05.676713, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000026 smb_io_rpc_results >[2007/12/14 15:53:05.676745, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0028 num_results: 01 >[2007/12/14 15:53:05.676778, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002c result : 0000 >[2007/12/14 15:53:05.676839, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 002e reason : 0000 >[2007/12/14 15:53:05.676871, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_rpc_iface >[2007/12/14 15:53:05.676903, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000030 smb_io_uuid uuid >[2007/12/14 15:53:05.676935, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0030 data : 8a885d04 >[2007/12/14 15:53:05.676967, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0034 data : 1ceb >[2007/12/14 15:53:05.677674, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0036 data : 11c9 >[2007/12/14 15:53:05.677707, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0038 data : 9f e8 >[2007/12/14 15:53:05.677741, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 003a data : 08 00 2b 10 48 60 >[2007/12/14 15:53:05.677779, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0040 version: 00000002 >[2007/12/14 15:53:05.677811, 5, pid=6050] rpc_client/cli_pipe.c:check_bind_response(1702) > check_bind_response: accepted! >[2007/12/14 15:53:05.677843, 10, pid=6050] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2278) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine WIN2008 and bound anonymously. >[2007/12/14 15:53:05.677901, 4, pid=6050] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from SARGE26 to \\WIN2008 >[2007/12/14 15:53:05.678699, 5, pid=6050] rpc_parse/parse_net.c:init_q_req_chal(762) > init_q_req_chal: 762 >[2007/12/14 15:53:05.678737, 5, pid=6050] rpc_parse/parse_net.c:init_q_req_chal(771) > init_q_req_chal: 771 >[2007/12/14 15:53:05.678813, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_q_req_chal >[2007/12/14 15:53:05.678851, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 undoc_buffer: 00000001 >[2007/12/14 15:53:05.678884, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 >[2007/12/14 15:53:05.678917, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 0000000a >[2007/12/14 15:53:05.678949, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2007/12/14 15:53:05.679676, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 0000000a >[2007/12/14 15:53:05.679711, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : \.\.W.I.N.2.0.0.8... >[2007/12/14 15:53:05.679824, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unistr2 >[2007/12/14 15:53:05.679859, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 uni_max_len: 00000008 >[2007/12/14 15:53:05.679891, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 offset : 00000000 >[2007/12/14 15:53:05.679923, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 002c uni_str_len: 00000008 >[2007/12/14 15:53:05.679955, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0030 buffer : S.A.R.G.E.2.6... >[2007/12/14 15:53:05.680678, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000040 smb_io_chal >[2007/12/14 15:53:05.680712, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0040 data: c3 90 15 15 a9 6b 24 4c >[2007/12/14 15:53:05.680793, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.680830, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.680862, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.680927, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.680961, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.681674, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.681707, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.681739, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.681771, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.681803, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0060 >[2007/12/14 15:53:05.681836, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.681907, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000016 >[2007/12/14 15:53:05.681942, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.681974, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000048 >[2007/12/14 15:53:05.682760, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.682803, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 0004 >[2007/12/14 15:53:05.682837, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 >[2007/12/14 15:53:05.682871, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.682895, 5, pid=6050] lib/util.c:show_msg(582) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=24 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32770 (0x8002) > smb_bcc=111 >[2007/12/14 15:53:05.683677, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 00 00 00 16 00 00 00 48 .......` .......H > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 57 00 49 00 4E .......\ .\.W.I.N > [040] 00 32 00 30 00 30 00 38 00 00 00 08 00 00 00 00 .2.0.0.8 ........ > [050] 00 00 00 08 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [060] 00 32 00 36 00 00 00 C3 90 15 15 A9 6B 24 4C .2.6...à ...©k$L >[2007/12/14 15:53:05.684671, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 42 >[2007/12/14 15:53:05.684713, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.684744, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 25 33 E7 10 FC D3 C5 33 %3ç.üÓÅ3 >[2007/12/14 15:53:05.684794, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 43 mid = 24 >[2007/12/14 15:53:05.684825, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,182) >[2007/12/14 15:53:05.685804, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,182) wrote 182 >[2007/12/14 15:53:05.685900, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 92 >[2007/12/14 15:53:05.685951, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.686696, 5, pid=6050] lib/util.c:show_msg(582) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/12/14 15:53:05.686915, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 A9 60 3C 9A 8B 95 D2 ........ .©`<...Ò > [020] AE 00 00 00 00 ®.... >[2007/12/14 15:53:05.687671, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 43 mid = 24 >[2007/12/14 15:53:05.687705, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 43 >[2007/12/14 15:53:05.687740, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 43: got good SMB signature of >[2007/12/14 15:53:05.687772, 10, pid=6050] lib/util.c:dump_data(2192) > [000] E4 39 48 DC 6E 20 39 F0 ä9HÜn 9ð >[2007/12/14 15:53:05.687822, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.687845, 5, pid=6050] lib/util.c:show_msg(582) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=24 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2007/12/14 15:53:05.688669, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 16 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 A9 60 3C 9A 8B 95 D2 ........ .©`<...Ò > [020] AE 00 00 00 00 ®.... >[2007/12/14 15:53:05.688790, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.688824, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.688856, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.688888, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.688920, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.688952, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.689690, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.689726, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.689779, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.689812, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0024 >[2007/12/14 15:53:05.689845, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.689877, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000016 >[2007/12/14 15:53:05.690671, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.690707, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000000c >[2007/12/14 15:53:05.690739, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.690771, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.690804, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.690836, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2007/12/14 15:53:05.690870, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2007/12/14 15:53:05.690905, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 returned 24 bytes. >[2007/12/14 15:53:05.691671, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_r_req_chal >[2007/12/14 15:53:05.691732, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_chal >[2007/12/14 15:53:05.691771, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0000 data: a9 60 3c 9a 8b 95 d2 ae >[2007/12/14 15:53:05.691811, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 0008 status: NT_STATUS_OK >[2007/12/14 15:53:05.691850, 10, pid=6050] libsmb/credentials.c:creds_client_init(289) > creds_client_init: neg_flags : 400701ff >[2007/12/14 15:53:05.691888, 10, pid=6050] libsmb/credentials.c:creds_client_init(290) > creds_client_init: client chal : C3901515A96B244C >[2007/12/14 15:53:05.691925, 10, pid=6050] libsmb/credentials.c:creds_client_init(291) > creds_client_init: server chal : A9603C9A8B95D2AE >[2007/12/14 15:53:05.692676, 5, pid=6050] libsmb/credentials.c:creds_init_64(120) > creds_init_64 >[2007/12/14 15:53:05.692710, 5, pid=6050] libsmb/credentials.c:creds_init_64(121) > clnt_chal_in: C3901515A96B244C >[2007/12/14 15:53:05.692746, 5, pid=6050] libsmb/credentials.c:creds_init_64(122) > srv_chal_in : A9603C9A8B95D2AE >[2007/12/14 15:53:05.692813, 5, pid=6050] libsmb/credentials.c:creds_init_64(123) > clnt+srv : 6CF151AF3401F7FA >[2007/12/14 15:53:05.692851, 5, pid=6050] libsmb/credentials.c:creds_init_64(124) > sess_key_out : E671BE17B8C7033E >[2007/12/14 15:53:05.693673, 10, pid=6050] libsmb/credentials.c:creds_client_init(309) > creds_client_init: clnt : 926D1E93CF5F1DE6 >[2007/12/14 15:53:05.693711, 10, pid=6050] libsmb/credentials.c:creds_client_init(310) > creds_client_init: server : D93E3E77131F181D >[2007/12/14 15:53:05.693747, 10, pid=6050] libsmb/credentials.c:creds_client_init(311) > creds_client_init: seed : 926D1E93CF5F1DE6 >[2007/12/14 15:53:05.693782, 4, pid=6050] rpc_client/cli_netlogon.c:rpccli_net_auth2(169) > cli_net_auth2: srv:\\WIN2008 acct:SARGE26$ sc:2 mc: SARGE26 neg: 400701ff >[2007/12/14 15:53:05.693893, 5, pid=6050] rpc_parse/parse_net.c:init_q_auth_2(883) > init_q_auth_2: 883 >[2007/12/14 15:53:05.693926, 5, pid=6050] rpc_parse/parse_misc.c:init_log_info(1383) > make_log_info 1383 >[2007/12/14 15:53:05.693961, 5, pid=6050] rpc_parse/parse_net.c:init_q_auth_2(889) > init_q_auth_2: 889 >[2007/12/14 15:53:05.694672, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_q_auth_2 >[2007/12/14 15:53:05.694706, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_log_info >[2007/12/14 15:53:05.694739, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0000 undoc_buffer: 00000001 >[2007/12/14 15:53:05.694808, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000004 smb_io_unistr2 unistr2 >[2007/12/14 15:53:05.694844, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0004 uni_max_len: 0000000a >[2007/12/14 15:53:05.694877, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 offset : 00000000 >[2007/12/14 15:53:05.694909, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c uni_str_len: 0000000a >[2007/12/14 15:53:05.695714, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0010 buffer : \.\.W.I.N.2.0.0.8... >[2007/12/14 15:53:05.695764, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000024 smb_io_unistr2 unistr2 >[2007/12/14 15:53:05.695796, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0024 uni_max_len: 00000009 >[2007/12/14 15:53:05.695828, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0028 offset : 00000000 >[2007/12/14 15:53:05.695860, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 002c uni_str_len: 00000009 >[2007/12/14 15:53:05.695893, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0030 buffer : S.A.R.G.E.2.6.$... >[2007/12/14 15:53:05.696691, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0042 sec_chan: 0002 >[2007/12/14 15:53:05.696730, 7, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000044 smb_io_unistr2 unistr2 >[2007/12/14 15:53:05.696763, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0044 uni_max_len: 00000008 >[2007/12/14 15:53:05.696795, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0048 offset : 00000000 >[2007/12/14 15:53:05.696827, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 004c uni_str_len: 00000008 >[2007/12/14 15:53:05.696860, 5, pid=6050] rpc_parse/parse_prs.c:dbg_rw_punival(950) > 0050 buffer : S.A.R.G.E.2.6... >[2007/12/14 15:53:05.696905, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000060 smb_io_chal >[2007/12/14 15:53:05.696938, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0060 data: 92 6d 1e 93 cf 5f 1d e6 >[2007/12/14 15:53:05.697689, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000068 net_io_neg_flags >[2007/12/14 15:53:05.697725, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0068 neg_flags: 400701ff >[2007/12/14 15:53:05.697800, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr hdr >[2007/12/14 15:53:05.697837, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.697870, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.697902, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 00 >[2007/12/14 15:53:05.697934, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.697966, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.698667, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.698701, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.698811, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.698847, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0084 >[2007/12/14 15:53:05.698880, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.698912, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000017 >[2007/12/14 15:53:05.698944, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_req hdr_req >[2007/12/14 15:53:05.699670, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 0000006c >[2007/12/14 15:53:05.699704, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.699737, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0016 opnum : 000f >[2007/12/14 15:53:05.699809, 5, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(769) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 >[2007/12/14 15:53:05.699847, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.699870, 5, pid=6050] lib/util.c:show_msg(582) > size=214 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=25 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 132 (0x84) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=32770 (0x8002) > smb_bcc=147 >[2007/12/14 15:53:05.700675, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 84 00 00 00 17 00 00 00 6C ........ .......l > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 57 00 49 00 4E .......\ .\.W.I.N > [040] 00 32 00 30 00 30 00 38 00 00 00 09 00 00 00 00 .2.0.0.8 ........ > [050] 00 00 00 09 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [060] 00 32 00 36 00 24 00 00 00 02 00 08 00 00 00 00 .2.6.$.. ........ > [070] 00 00 00 08 00 00 00 53 00 41 00 52 00 47 00 45 .......S .A.R.G.E > [080] 00 32 00 36 00 00 00 92 6D 1E 93 CF 5F 1D E6 FF .2.6.... m..Ï_.æÿ > [090] 01 07 40 ..@ >[2007/12/14 15:53:05.701672, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 44 >[2007/12/14 15:53:05.701713, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.701745, 10, pid=6050] lib/util.c:dump_data(2192) > [000] E0 F0 53 F2 86 94 9C 55 àðSò...U >[2007/12/14 15:53:05.701793, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 45 mid = 25 >[2007/12/14 15:53:05.701825, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,218) >[2007/12/14 15:53:05.701875, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,218) wrote 218 >[2007/12/14 15:53:05.702822, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 96 >[2007/12/14 15:53:05.702883, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.702907, 5, pid=6050] lib/util.c:show_msg(582) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/12/14 15:53:05.703672, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 FF 01 07 40 88 03 00 C0 .ÿ..@... À >[2007/12/14 15:53:05.703871, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 45 mid = 25 >[2007/12/14 15:53:05.703907, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 45 >[2007/12/14 15:53:05.703942, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 45: got good SMB signature of >[2007/12/14 15:53:05.703974, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 07 BE 39 E6 4C 39 35 3D .¾9æL95= >[2007/12/14 15:53:05.704671, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.704697, 5, pid=6050] lib/util.c:show_msg(582) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=25 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2007/12/14 15:53:05.705668, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 17 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 FF 01 07 40 88 03 00 C0 .ÿ..@... À >[2007/12/14 15:53:05.705794, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_rpc_hdr rpc_hdr >[2007/12/14 15:53:05.705828, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0000 major : 05 >[2007/12/14 15:53:05.705860, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0001 minor : 00 >[2007/12/14 15:53:05.705892, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0002 pkt_type : 02 >[2007/12/14 15:53:05.705924, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0003 flags : 03 >[2007/12/14 15:53:05.706665, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0004 pack_type0: 10 >[2007/12/14 15:53:05.706752, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0005 pack_type1: 00 >[2007/12/14 15:53:05.706785, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0006 pack_type2: 00 >[2007/12/14 15:53:05.706817, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0007 pack_type3: 00 >[2007/12/14 15:53:05.706849, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0008 frag_len : 0028 >[2007/12/14 15:53:05.706881, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 000a auth_len : 0000 >[2007/12/14 15:53:05.706913, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 000c call_id : 00000017 >[2007/12/14 15:53:05.706946, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2007/12/14 15:53:05.707666, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0010 alloc_hint: 00000010 >[2007/12/14 15:53:05.707701, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint16(689) > 0014 context_id: 0000 >[2007/12/14 15:53:05.707733, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0016 cancel_ct : 00 >[2007/12/14 15:53:05.707765, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8(624) > 0017 reserved : 00 >[2007/12/14 15:53:05.707874, 10, pid=6050] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2007/12/14 15:53:05.707911, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2007/12/14 15:53:05.707944, 10, pid=6050] rpc_client/cli_pipe.c:rpc_api_pipe(893) > rpc_api_pipe: Remote machine WIN2008 pipe \NETLOGON fnum 0x8002 returned 32 bytes. >[2007/12/14 15:53:05.707979, 5, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 net_io_r_auth_2 >[2007/12/14 15:53:05.708677, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000000 smb_io_chal >[2007/12/14 15:53:05.708711, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint8s(865) > 0000 data: 00 00 00 00 00 00 00 00 >[2007/12/14 15:53:05.708751, 6, pid=6050] rpc_parse/parse_prs.c:prs_debug(88) > 000008 net_io_neg_flags >[2007/12/14 15:53:05.708783, 5, pid=6050] rpc_parse/parse_prs.c:prs_uint32(718) > 0008 neg_flags: 400701ff >[2007/12/14 15:53:05.708815, 5, pid=6050] rpc_parse/parse_prs.c:prs_ntstatus(777) > 000c status: NT_STATUS_DOWNGRADE_DETECTED >[2007/12/14 15:53:05.708852, 0, pid=6050] utils/net_rpc_join.c:net_rpc_join_newstyle(370) > Error in domain join verification (credential setup failed): NT_STATUS_DOWNGRADE_DETECTED > >Unable to join domain MM. >[2007/12/14 15:53:05.709673, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 46 >[2007/12/14 15:53:05.709711, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.709743, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 8A 6A AF 24 75 2E F9 EA .j¯$u.ùê >[2007/12/14 15:53:05.709793, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 47 mid = 26 >[2007/12/14 15:53:05.709825, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,45) >[2007/12/14 15:53:05.710705, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,45) wrote 45 >[2007/12/14 15:53:05.710792, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:53:05.710842, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.710899, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=26 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:53:05.711674, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 47 mid = 26 >[2007/12/14 15:53:05.711709, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 47 >[2007/12/14 15:53:05.711742, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 47: got good SMB signature of >[2007/12/14 15:53:05.711774, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 67 7F 13 F3 77 75 3C 18 g..ówu<. >[2007/12/14 15:53:05.711825, 10, pid=6050] libsmb/clientgen.c:cli_rpc_pipe_close(553) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine WIN2008 >[2007/12/14 15:53:05.711861, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 48 >[2007/12/14 15:53:05.711894, 10, pid=6050] libsmb/smb_signing.c:client_sign_outgoing_message(336) > client_sign_outgoing_message: sent SMB signature of >[2007/12/14 15:53:05.711926, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 69 A2 02 51 06 84 3A F9 i¢.Q..:ù >[2007/12/14 15:53:05.711976, 10, pid=6050] libsmb/smb_signing.c:store_sequence_for_reply(67) > store_sequence_for_reply: stored seq = 49 mid = 27 >[2007/12/14 15:53:05.712693, 6, pid=6050] libsmb/clientgen.c:write_socket(255) > write_socket(4,39) >[2007/12/14 15:53:05.712736, 6, pid=6050] libsmb/clientgen.c:write_socket(258) > write_socket(4,39) wrote 39 >[2007/12/14 15:53:05.713782, 10, pid=6050] lib/util_sock.c:read_smb_length_return_keepalive(1161) > got smb length of 35 >[2007/12/14 15:53:05.713835, 5, pid=6050] lib/util.c:show_msg(572) >[2007/12/14 15:53:05.713859, 5, pid=6050] lib/util.c:show_msg(582) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51205 > smb_tid=2055 > smb_pid=6050 > smb_uid=6144 > smb_mid=27 > smt_wct=0 > smb_bcc=0 >[2007/12/14 15:53:05.714665, 10, pid=6050] libsmb/smb_signing.c:get_sequence_for_reply(80) > get_sequence_for_reply: found seq = 49 mid = 27 >[2007/12/14 15:53:05.714701, 10, pid=6050] libsmb/smb_signing.c:simple_packet_signature(270) > simple_packet_signature: sequence number 49 >[2007/12/14 15:53:05.714734, 10, pid=6050] libsmb/smb_signing.c:client_check_incoming_message(419) > client_check_incoming_message: seq 49: got good SMB signature of >[2007/12/14 15:53:05.714766, 10, pid=6050] lib/util.c:dump_data(2192) > [000] 4F 38 30 73 E5 CF DF 51 O80såÏßQ >[2007/12/14 15:53:05.715736, 2, pid=6050] utils/net.c:main(1124) > return code = 1
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4879
:
3051
|
3052
| 3053 |
3055
|
3056