Frame 42: Packet, 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:44:55.785967000 UTC UTC Arrival Time: Mar 19, 2019 01:44:55.785967000 UTC Epoch Arrival Time: 1552959895.785967000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 291.000 microseconds] [Time since reference or first frame: 149.201000 milliseconds] Frame Number: 42 Frame Length: 162 bytes (1296 bits) Capture Length: 162 bytes (1296 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb2] Character encoding: ASCII (0) Ethernet II, Src: Intel_57:2b:42 (64:32:a8:57:2b:42), Dst: Dell_c2:09:6a (a4:1f:72:c2:09:6a) Destination: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.215, Dst: 10.0.90.9 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 148 Identification: 0x001e (30) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0xbdb6 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.215 Destination Address: 10.0.90.9 [Stream index: 1] Transmission Control Protocol, Src Port: 49157, Dst Port: 445, Seq: 160, Ack: 253, Len: 108 Source Port: 49157 Destination Port: 445 [Stream index: 2] [Stream Packet Number: 6] [Conversation completeness: Incomplete, DATA (15)] ..0. .... = RST: Absent ...0 .... = FIN: Absent .... 1... = Data: Present .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: ··DASS] [TCP Segment Len: 108] Sequence Number: 160 (relative sequence number) Sequence Number (raw): 1248736186 [Next Sequence Number: 268 (relative sequence number)] Acknowledgment Number: 253 (relative ack number) Acknowledgment number (raw): 3641735728 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0xf7d6 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 13.137000 milliseconds] [Time since previous frame in this TCP stream: 1.291000 milliseconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 38] [The RTT to ACK the segment was: 1.291000 milliseconds] [iRTT: 1.068000 milliseconds] [Bytes in flight: 108] [Bytes sent since last PSH flag: 108] [Client Contiguous Streams: 1] [Server Contiguous Streams: 1] TCP payload (108 bytes) NetBIOS Session Service Message Type: Session message (0x00) Length: 104 SMB2 (Server Message Block Protocol version 2), Negotiate Protocol Request, MessageId 1 SMB2 Header ProtocolId: 0xfe534d42 Header Length: 64 Credit Charge: 0 Channel Sequence: 0 Reserved: 0000 Command: Negotiate Protocol (0) Credits requested: 0 Flags: 0x00000000 .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation Chain Offset: 0x00000000 Message ID: 1 Reserved: 0x0000feff Tree Id: 0x00000000 Session Id: 0x0000000000000000 Signature: 00000000000000000000000000000000 Negotiate Protocol Request (0x00) [Preauth Hash: e00be6fb059150987044a983bf6777e41b12d3aa1ea74ebf32bd4f6e8299cc0037297562fee3412891b28a40f4069ab3fac5e7c3550d8ae5743ed77a881c6a9e] StructureSize: 0x0024 0000 0000 0010 010. = Fixed Part Length: 18 .... .... .... ...0 = Dynamic Part: False Dialect count: 2 Security mode: 0x01, Signing enabled .... ...1 = Signing enabled: True .... ..0. = Signing required: False Reserved: 0000 Capabilities: 0x00000000 .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING .... .... .... .... .... .... .... .0.. = LARGE MTU: This host does NOT support LARGE_MTU .... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS Client Guid: 90e4aab9-49e8-11e9-9794-6432a8572b42 NegotiateContextOffset: 0x00000000 NegotiateContextCount: 0 Reserved: 0000 Dialect: SMB 2.0.2 (0x0202) Dialect: SMB 2.1 (0x0210)