Frame 590: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:46:20.792126000 UTC UTC Arrival Time: Mar 19, 2019 01:46:20.792126000 UTC Epoch Arrival Time: 1552959980.792126000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 85.155360000 seconds] Frame Number: 590 Frame Length: 213 bytes (1704 bits) Capture Length: 213 bytes (1704 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb] Ethernet II, Src: Intel_57:2b:42 (64:32:a8:57:2b:42), Dst: Dell_c2:09:6a (a4:1f:72:c2:09:6a) Destination: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.215, Dst: 10.0.90.9 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 199 Identification: 0x0143 (323) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0xbc5e [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.215 Destination Address: 10.0.90.9 [Stream index: 1] Transmission Control Protocol, Src Port: 49196, Dst Port: 445, Seq: 1, Ack: 1, Len: 159 Source Port: 49196 Destination Port: 445 [Stream index: 40] [Stream Packet Number: 4] [Conversation completeness: Incomplete, ESTABLISHED (7)] ..0. .... = RST: Absent ...0 .... = FIN: Absent .... 0... = Data: Absent .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: ···ASS] [TCP Segment Len: 159] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 1487963547 [Next Sequence Number: 160 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 482521990 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x31a9 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000530000 seconds] [Time since previous frame in this TCP stream: 0.000043000 seconds] [SEQ/ACK analysis] [iRTT: 0.000487000 seconds] [Bytes in flight: 159] [Bytes sent since last PSH flag: 159] TCP payload (159 bytes) NetBIOS Session Service Message Type: Session message (0x00) Length: 155 SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Negotiate Protocol (0x72) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x18, Canonicalized Pathnames, Case Sensitivity 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 1... = Case Sensitivity: Path names are caseless .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc853, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Used, Security Signatures Required, Extended Attributes, Long Names Allowed 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path .... .... .1.. .... = Long Names Used: Path names in request are long file names .... .... ...1 .... = Security Signatures Required: Security signatures are required .... .... .... 0... = Compressed: Compression is not requested .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..1. = Extended Attributes: Extended attributes are supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 65535 Process ID: 65279 User ID: 0 Multiplex ID: 0 Negotiate Protocol Request (0x72) Word Count (WCT): 0 Byte Count (BCC): 120 Requested Dialects Dialect: PC NETWORK PROGRAM 1.0 Buffer Format: Dialect (2) Name: PC NETWORK PROGRAM 1.0 Dialect: LANMAN1.0 Buffer Format: Dialect (2) Name: LANMAN1.0 Dialect: Windows for Workgroups 3.1a Buffer Format: Dialect (2) Name: Windows for Workgroups 3.1a Dialect: LM1.2X002 Buffer Format: Dialect (2) Name: LM1.2X002 Dialect: LANMAN2.1 Buffer Format: Dialect (2) Name: LANMAN2.1 Dialect: NT LM 0.12 Buffer Format: Dialect (2) Name: NT LM 0.12 Dialect: SMB 2.002 Buffer Format: Dialect (2) Name: SMB 2.002 Dialect: SMB 2.??? Buffer Format: Dialect (2) Name: SMB 2.???