No. Time Source Destination Protocol Length Info 1 0.000000 172.30.107.171 10.42.0.9 SMB2 518 Create Request File: wes\notes\Codebooks\PracticalBinaryAnalysis\code\inc;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request Frame 1: 518 bytes on wire (4144 bits), 518 bytes captured (4144 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 1, Ack: 1, Len: 452 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2 0.000608 10.42.0.9 172.30.107.171 SMB2 686 Create Response File: wes\notes\Codebooks\PracticalBinaryAnalysis\code\inc;GetInfo Response;Close Response Frame 2: 686 bytes on wire (5488 bits), 686 bytes captured (5488 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 55442, Seq: 1, Ack: 453, Len: 620 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3 0.000722 172.30.107.171 10.42.0.9 SMB2 534 Create Request File: wes\notes\Codebooks\PracticalBinaryAnalysis\code\inc\loader.cc;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request Frame 3: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4 0.214436 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592551089 TSecr=462699004 Frame 4: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 5 0.245832 10.42.0.9 172.30.107.171 SMB2 686 [TCP Spurious Retransmission] Create Response File: wes\notes\Codebooks\PracticalBinaryAnalysis\code\inc;GetInfo Response;Close Response Frame 5: 686 bytes on wire (5488 bits), 686 bytes captured (5488 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 55442, Seq: 1, Ack: 453, Len: 620 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6 0.245953 172.30.107.171 10.42.0.9 TCP 78 [TCP Dup ACK 3#1] 55442 → 445 [ACK] Seq=921 Ack=621 Win=4775 Len=0 TSval=2592551120 TSecr=462699250 SLE=1 SRE=621 Frame 6: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 921, Ack: 621, Len: 0 No. Time Source Destination Protocol Length Info 7 0.434465 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592551309 TSecr=462699250 Frame 7: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 8 0.864428 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592551739 TSecr=462699250 Frame 8: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 9 1.754437 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592552629 TSecr=462699250 Frame 9: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 10 3.514451 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592554389 TSecr=462699250 Frame 10: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 11 4.473717 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 Who has 172.30.107.171? Tell 172.30.96.1 Frame 11: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 12 4.473828 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 172.30.107.171 is at 00:15:5d:1b:5b:d0 Frame 12: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 13 6.954445 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592557829 TSecr=462699250 Frame 13: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 14 13.754459 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592564629 TSecr=462699250 Frame 14: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 15 20.345888 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 15: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 16 21.359177 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 16: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 17 22.367920 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 17: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 18 23.377860 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 18: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 19 27.844431 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592578719 TSecr=462699250 Frame 19: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 20 32.874417 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 Who has 172.30.96.1? Tell 172.30.107.171 Frame 20: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 21 32.874430 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 172.30.96.1 is at 00:15:5d:b3:3a:e4 Frame 21: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 22 39.599242 10.42.0.9 172.30.107.171 TCP 66 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370860752 TSecr=2592366949 Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 23 39.599456 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 23: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 24 39.837220 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370860991 TSecr=2592366949 Frame 24: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 25 39.837367 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 25: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 26 40.449221 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370861603 TSecr=2592366949 Frame 26: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 27 40.449378 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 27: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 28 40.897462 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370862051 TSecr=2592366949 Frame 28: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 29 40.897626 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 29: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 30 41.610801 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370862764 TSecr=2592366949 Frame 30: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 31 41.610954 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 31: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 32 42.779311 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370863933 TSecr=2592366949 Frame 32: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 33 42.779435 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 33: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 34 44.476233 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 Who has 172.30.107.171? Tell 172.30.96.1 Frame 34: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 35 44.476367 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 172.30.107.171 is at 00:15:5d:1b:5b:d0 Frame 35: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 36 44.899441 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370866053 TSecr=2592366949 Frame 36: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 37 44.899614 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 37: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 38 48.941184 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370870095 TSecr=2592366949 Frame 38: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 39 48.941318 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 39: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 40 55.354422 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592606229 TSecr=462699250 Frame 40: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 41 56.857060 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370878011 TSecr=2592366949 Frame 41: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 42 56.857197 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 42: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 43 72.430898 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370893585 TSecr=2592366949 Frame 43: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 44 72.431051 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 44: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 45 76.972107 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 Who has 172.30.107.171? Tell 172.30.96.1 Frame 45: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 46 76.972229 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 172.30.107.171 is at 00:15:5d:1b:5b:d0 Frame 46: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 47 77.444422 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 Who has 172.30.96.1? Tell 172.30.107.171 Frame 47: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 48 77.444432 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 172.30.96.1 is at 00:15:5d:b3:3a:e4 Frame 48: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 49 88.005452 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370909159 TSecr=2592366949 Frame 49: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 50 88.005600 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 50: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 51 103.621738 10.42.0.9 172.30.107.171 TCP 66 [TCP Retransmission] 445 → 53910 [FIN, ACK] Seq=1 Ack=1 Win=1027 Len=0 TSval=1370924776 TSecr=2592366949 Frame 51: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 52 103.621911 172.30.107.171 10.42.0.9 TCP 54 53910 → 445 [RST] Seq=1 Win=0 Len=0 Frame 52: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 53910, Dst Port: 445, Seq: 1, Len: 0 No. Time Source Destination Protocol Length Info 53 108.469033 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 Who has 172.30.107.171? Tell 172.30.96.1 Frame 53: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 54 108.469154 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 172.30.107.171 is at 00:15:5d:1b:5b:d0 Frame 54: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 55 111.034409 172.30.107.171 10.42.0.9 TCP 534 [TCP Retransmission] 55442 → 445 [PSH, ACK] Seq=453 Ack=621 Win=4775 Len=468 TSval=2592661909 TSecr=462699250 Frame 55: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 453, Ack: 621, Len: 468 No. Time Source Destination Protocol Length Info 56 116.074410 Microsof_1b:5b:d0 Microsof_b3:3a:e4 ARP 42 Who has 172.30.96.1? Tell 172.30.107.171 Frame 56: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 57 116.074423 Microsof_b3:3a:e4 Microsof_1b:5b:d0 ARP 42 172.30.96.1 is at 00:15:5d:b3:3a:e4 Frame 57: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Address Resolution Protocol (reply) No. Time Source Destination Protocol Length Info 58 119.197227 10.42.0.9 172.30.107.171 TCP 66 445 → 53910 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0 TSval=1370940349 TSecr=2592366949 Frame 58: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 53910, Seq: 2, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 59 140.359557 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 59: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 60 141.368245 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 60: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 61 142.376505 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 61: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 62 143.378035 172.30.96.1 239.255.255.250 SSDP 215 M-SEARCH * HTTP/1.1 Frame 62: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa) Internet Protocol Version 4, Src: 172.30.96.1, Dst: 239.255.255.250 User Datagram Protocol, Src Port: 61884, Dst Port: 1900 Simple Service Discovery Protocol No. Time Source Destination Protocol Length Info 63 183.356469 172.30.107.171 10.42.0.9 SMB2 138 KeepAlive Request Frame 63: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 55442, Dst Port: 445, Seq: 921, Ack: 621, Len: 72 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 64 183.356517 172.30.107.171 10.42.0.9 TCP 74 56854 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2592734231 TSecr=0 WS=128 Frame 64: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 65 183.357059 10.42.0.9 172.30.107.171 TCP 74 445 → 56854 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 TSval=3018756303 TSecr=2592734231 Frame 65: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 56854, Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 66 183.357162 172.30.107.171 10.42.0.9 TCP 66 56854 → 445 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2592734232 TSecr=3018756303 Frame 66: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 67 183.357184 172.30.107.171 10.42.0.9 SMB2 294 Negotiate Protocol Request Frame 67: 294 bytes on wire (2352 bits), 294 bytes captured (2352 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 1, Ack: 1, Len: 228 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 68 183.371950 10.42.0.9 172.30.107.171 SMB2 338 Negotiate Protocol Response Frame 68: 338 bytes on wire (2704 bits), 338 bytes captured (2704 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 56854, Seq: 1, Ack: 229, Len: 272 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 69 183.372049 172.30.107.171 10.42.0.9 TCP 66 56854 → 445 [ACK] Seq=229 Ack=273 Win=64128 Len=0 TSval=2592734247 TSecr=3018756317 Frame 69: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 229, Ack: 273, Len: 0 No. Time Source Destination Protocol Length Info 70 183.372069 172.30.107.171 10.42.0.9 SMB2 190 Session Setup Request, NTLMSSP_NEGOTIATE Frame 70: 190 bytes on wire (1520 bits), 190 bytes captured (1520 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 229, Ack: 273, Len: 124 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 71 183.372600 10.42.0.9 172.30.107.171 SMB2 320 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 71: 320 bytes on wire (2560 bits), 320 bytes captured (2560 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 56854, Seq: 273, Ack: 353, Len: 254 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 72 183.372694 172.30.107.171 10.42.0.9 TCP 66 56854 → 445 [ACK] Seq=353 Ack=527 Win=64128 Len=0 TSval=2592734247 TSecr=3018756318 Frame 72: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 353, Ack: 527, Len: 0 No. Time Source Destination Protocol Length Info 73 183.372724 172.30.107.171 10.42.0.9 SMB2 398 Session Setup Request, NTLMSSP_AUTH, User: \wes Frame 73: 398 bytes on wire (3184 bits), 398 bytes captured (3184 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0), Dst: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4) Internet Protocol Version 4, Src: 172.30.107.171, Dst: 10.42.0.9 Transmission Control Protocol, Src Port: 56854, Dst Port: 445, Seq: 353, Ack: 527, Len: 332 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 74 183.377077 10.42.0.9 172.30.107.171 SMB2 142 Session Setup Response Frame 74: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits) on interface \Device\NPF_{FB3D0926-9485-4A40-B2DE-36C19CCA420F}, id 0 Ethernet II, Src: Microsof_b3:3a:e4 (00:15:5d:b3:3a:e4), Dst: Microsof_1b:5b:d0 (00:15:5d:1b:5b:d0) Internet Protocol Version 4, Src: 10.42.0.9, Dst: 172.30.107.171 Transmission Control Protocol, Src Port: 445, Dst Port: 56854, Seq: 527, Ack: 685, Len: 76 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2)