Paste2.org - Viewing Paste 4ebkYg0g

root@zalupa:~# tcpdump -s 0 -A -vvv port 445 and host 192.168.1.10
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:37:45.679951 IP (tos 0x0, ttl 64, id 17869, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.10.33688 > 192.168.1.250.445: Flags [S], cksum 0x7f17 (correct), seq 2061363137, win 64240, options [mss 1460,sackOK,TS val 3986125846 ecr 0,nop,wscale 7], length 0
E..<E.@[email protected]....
........z......................
..t.........
06:37:45.680150 IP (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.250.445 > 192.168.1.10.33688: Flags [S.], cksum 0x8483 (incorrect -> 0x0f03), seq 2742049716, ack 2061363138, win 65160, options [mss 1460,sackOK,TS val 1106324312 ecr 3986125846,nop,wscale 4], length 0
E..<..@[email protected].......
.....p[.z..................
A.+X..t.....
06:37:45.695177 IP (tos 0x0, ttl 64, id 17870, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [.], cksum 0x3a50 (correct), seq 1, ack 1, win 502, options [nop,nop,TS val 3986125861 ecr 1106324312], length 0
E..4E.@[email protected]....
........z....p[.....:P.....
..t%A.+X
06:37:45.695615 IP (tos 0x0, ttl 64, id 17871, offset 0, flags [DF], proto TCP (6), length 222)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xaccf (correct), seq 1:171, ack 1, win 502, options [nop,nop,TS val 3986125862 ecr 1106324312], length 170
E...E.@[email protected]....
........z....p[............
..t&A.+X.....SMB@...........................................................$............@x.?*.I.../P$.gh.............&....... ......=N..U2...e.A..Du.D.....S.' .m................
06:37:45.695710 IP (tos 0x10, ttl 64, id 9788, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x2bae), seq 1, ack 171, win 4062, options [nop,nop,TS val 1106324327 ecr 3986125862], length 0
E..4&<@.@..#.......
.....p[.z..l.....{.....
A.+g..t&
06:37:45.717875 IP (tos 0x10, ttl 64, id 9789, offset 0, flags [DF], proto TCP (6), length 324)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x858b (incorrect -> 0xe8ef), seq 1:273, ack 171, win 4062, options [nop,nop,TS val 1106324349 ecr 3986125862], length 272
E..D&=@.@..........
.....p[.z..l...........
A.+}..t&.....SMB@...........................................................A.......zalupa...........................3................J.....`H..+......>0<..0..
+.....7..
.*0(.&.$not_defined_in_RFC4178@please_ignore........&....... ......J+.t....<E/P .ce6-y8.....~.................
06:37:45.725104 IP (tos 0x0, ttl 64, id 17872, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [.], cksum 0x3854 (correct), seq 171, ack 273, win 501, options [nop,nop,TS val 3986125891 ecr 1106324349], length 0
E..4E.@[email protected]....
........z..l.p\.....8T.....
..tCA.+}
06:37:45.727474 IP (tos 0x0, ttl 64, id 17873, offset 0, flags [DF], proto TCP (6), length 218)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xde78 (correct), seq 171:337, ack 273, win 501, options [nop,nop,TS val 3986125894 ecr 1106324349], length 166
E...E.@[email protected]....
........z..l.p\......x.....
..tFA.+}.....SMB@.......... ............................................................X.J.........`H..+......>0<..0..
+.....7..
.*.(NTLMSSP........b....(.......(...........
06:37:45.727583 IP (tos 0x10, ttl 64, id 9790, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x29c2), seq 273, ack 337, win 4052, options [nop,nop,TS val 1106324359 ecr 3986125894], length 0
E..4&>@.@..!.......
.....p\.z........{.....
A.+...tF
06:37:45.735807 IP (tos 0x10, ttl 64, id 9791, offset 0, flags [DF], proto TCP (6), length 303)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x8576 (incorrect -> 0xd11f), seq 273:524, ack 337, win 4052, options [nop,nop,TS val 1106324367 ecr 3986125894], length 251
E../&?@.@..%.......
.....p\.z........v.....
A.+...tF.....SMB@...................................>....................... ...H......0....
.....
+.....7..
......NTLMSSP.........8......b[z...j".........L.L.D...........Z.A.L.U.P.A.....Z.A.L.U.P.A.....Z.A.L.U.P.A...........l.o.c.a.l.h.o.s.t......v..........
06:37:45.751245 IP (tos 0x0, ttl 64, id 17874, offset 0, flags [DF], proto TCP (6), length 594)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x90a8 (correct), seq 337:879, ack 524, win 501, options [nop,nop,TS val 3986125918 ecr 1106324367], length 542
E..RE.@[email protected]....
........z....p]............
..t^A.+......SMB@.......... ........................>...................................X...............0...........NTLMSSP.........X.......p.......`.......r......................b..........+:D....,.H..^.....................................AQ...........v......H~.'............Z.A.L.U.P.A.....Z.A.L.U.P.A...........l.o.c.a.l.h.o.s.t......v................0.0....................+.vHL....d.7T..$;n.....x .a
................... .$.c.i.f.s./.1.9.2...1.6.8...1...2.5.0.....W.O.R.K.G.R.O.U.P.u.s.e.r.u.s.e.r.L.I.N.U.P.S....`}..V.l.....m.........C..gX._....
06:37:45.751360 IP (tos 0x10, ttl 64, id 9792, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x269a), seq 524, ack 879, win 4019, options [nop,nop,TS val 1106324383 ecr 3986125918], length 0
E..4&@@.@..........
.....p].z..0.....{.....
A.+...t^
06:37:45.779011 IP (tos 0x10, ttl 64, id 9793, offset 0, flags [DF], proto TCP (6), length 157)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84e4 (incorrect -> 0x8769), seq 524:629, ack 879, win 4019, options [nop,nop,TS val 1106324411 ecr 3986125918], length 105
E...&A@.@..........
.....p].z..0...........
A.+...t^...e.SMB@.......... ........................>...........ug..{.
Q.C.. ...H.....0...
..............q.%.....
06:37:45.780662 IP (tos 0x0, ttl 64, id 17875, offset 0, flags [DF], proto TCP (6), length 168)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x11ec (correct), seq 879:995, ack 629, win 501, options [nop,nop,TS val 3986125947 ecr 1106324411], length 116
E...E.@[email protected](...
........z..0.p^)...........
..t{A.+....p.SMB@...................................>.......k]....b....g...K ...H.(.\.\.1.9.2...1.6.8...1...2.5.0.\.I.P.C.$.
06:37:45.780827 IP (tos 0x10, ttl 64, id 9794, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x258a), seq 629, ack 995, win 4012, options [nop,nop,TS val 1106324412 ecr 3986125947], length 0
E..4&B@.@..........
.....p^)z........{.....
A.+...t{
06:37:45.787995 IP (tos 0x10, ttl 64, id 9795, offset 0, flags [DF], proto TCP (6), length 136)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84cf (incorrect -> 0xf050), seq 629:713, ack 995, win 4012, options [nop,nop,TS val 1106324420 ecr 3986125947], length 84
E...&C@.@..........
.....p^)z..............
A.+...t{[email protected]>..........\....^....S%_................
06:37:45.788688 IP (tos 0x0, ttl 64, id 17876, offset 0, flags [DF], proto TCP (6), length 216)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x8697 (correct), seq 995:1159, ack 713, win 501, options [nop,nop,TS val 3986125955 ecr 1106324420], length 164
E...E.@[email protected]....
........z....p^}...........
[email protected]>.......................9.......................x...(.......x.....................\.1.9.2...1.6.8...1...2.5.0.\.s.h.r...
06:37:45.788847 IP (tos 0x10, ttl 64, id 9796, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x2489), seq 713, ack 1159, win 4005, options [nop,nop,TS val 1106324420 ecr 3986125955], length 0
E..4&D@.@..........
.....p^}z..H.....{.....
A.+...t.
06:37:45.792236 IP (tos 0x10, ttl 64, id 9797, offset 0, flags [DF], proto TCP (6), length 129)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84c8 (incorrect -> 0xca32), seq 713:790, ack 1159, win 4005, options [nop,nop,TS val 1106324424 ecr 3986125955], length 77
E...&E@.@..........
.....p^}z..H...........
A.+...t....I.SMB@...%..............................W>....................... ........
06:37:45.792904 IP (tos 0x0, ttl 64, id 17877, offset 0, flags [DF], proto TCP (6), length 124)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x095e (correct), seq 1159:1231, ack 790, win 501, options [nop,nop,TS val 3986125959 ecr 1106324424], length 72
E..|E.@[email protected]...
........z..H.p^..... ^.....
[email protected]>...........................
06:37:45.793047 IP (tos 0x10, ttl 64, id 9798, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0x23eb), seq 790, ack 1231, win 4005, options [nop,nop,TS val 1106324425 ecr 3986125959], length 0
E..4&F@.@..........
.....p^.z........{.....
A.+...t.
06:37:45.796421 IP (tos 0x10, ttl 64, id 9799, offset 0, flags [DF], proto TCP (6), length 124)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84c3 (incorrect -> 0xfa61), seq 790:862, ack 1231, win 4005, options [nop,nop,TS val 1106324428 ecr 3986125959], length 72
E..|&G@.@..........
.....p^.z..............
[email protected]>...........................
06:37:45.797726 IP (tos 0x0, ttl 64, id 17878, offset 0, flags [DF], proto TCP (6), length 166)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x2549 (correct), seq 1231:1345, ack 862, win 501, options [nop,nop,TS val 3986125964 ecr 1106324428], length 114
E...E.@[email protected]'...
........z....p_.....%I.....
..t.A.+....n.SMB@...................................>........q-...|w...[.... ...H.&.\.\.1.9.2...1.6.8...1...2.5.0.\.s.h.r.
06:37:45.810203 IP (tos 0x10, ttl 64, id 9800, offset 0, flags [DF], proto TCP (6), length 136)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84cf (incorrect -> 0x1ce5), seq 862:946, ack 1345, win 4005, options [nop,nop,TS val 1106324442 ecr 3986125964], length 84
E...&H@.@..........
.....p_.z..............
[email protected]..>.......q.P......u.....j................
06:37:45.810890 IP (tos 0x0, ttl 64, id 17879, offset 0, flags [DF], proto TCP (6), length 177)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xc28f (correct), seq 1345:1470, ack 946, win 501, options [nop,nop,TS val 3986125977 ecr 1106324442], length 125
E...E.@[email protected]....
........z....p_f...........
[email protected]..>.......................9...........................................x............
06:37:45.817544 IP (tos 0x10, ttl 64, id 9801, offset 0, flags [DF], proto TCP (6), length 208)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x8517 (incorrect -> 0x6353), seq 946:1102, ack 1470, win 4005, options [nop,nop,TS val 1106324449 ecr 3986125977], length 156
E...&I@[email protected].......
.....p_fz..............
[email protected]..>.......................Y........n.......n..............................................I~2.....s...............
06:37:45.818417 IP (tos 0x0, ttl 64, id 17880, offset 0, flags [DF], proto TCP (6), length 161)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xef45 (correct), seq 1470:1579, ack 1102, win 501, options [nop,nop,TS val 3986125985 ecr 1106324449], length 109
E...E.@[email protected]*...
........z....p`......E.....
[email protected]..>.......................).......................I~2.....s........
06:37:45.822767 IP (tos 0x10, ttl 64, id 9802, offset 0, flags [DF], proto TCP (6), length 148)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84db (incorrect -> 0xfb7d), seq 1102:1198, ack 1579, win 4005, options [nop,nop,TS val 1106324454 ecr 3986125985], length 96
E...&J@.@..........
.....p`.z..............
A.+...t....\[email protected]..>....................... .H.....O...........N.T.F.S.
06:37:45.823239 IP (tos 0x0, ttl 64, id 17881, offset 0, flags [DF], proto TCP (6), length 144)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x0a96 (correct), seq 1579:1671, ack 1198, win 501, options [nop,nop,TS val 3986125990 ecr 1106324454], length 92
E...E.@[email protected]:...
........z....p`b....
......
..t.A.+....X.SMB@................... ............N..>...............................I~2.....s.......
06:37:45.826080 IP (tos 0x10, ttl 64, id 9803, offset 0, flags [DF], proto TCP (6), length 180)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84fb (incorrect -> 0xbe7b), seq 1198:1326, ack 1671, win 4005, options [nop,nop,TS val 1106324458 ecr 3986125990], length 128
E...&K@.@..........
.....p`bz..H...........
A.+...t....|.SMB@................... ............N..>.......................<...........................................................
06:37:45.826767 IP (tos 0x0, ttl 64, id 17882, offset 0, flags [DF], proto TCP (6), length 184)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x239e (correct), seq 1671:1803, ack 1326, win 501, options [nop,nop,TS val 3986125993 ecr 1106324458], length 132
E...E.@[email protected]....
........z..H.p`.....#......
..t.A.+......SMB@...................
............N..>.......................9.......................................@...x...........q.w.e...
06:37:45.832372 IP (tos 0x10, ttl 64, id 9804, offset 0, flags [DF], proto TCP (6), length 208)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x8517 (incorrect -> 0x34b7), seq 1326:1482, ack 1803, win 4005, options [nop,nop,TS val 1106324464 ecr 3986125993], length 156
E...&L@[email protected].......
.....p`.z..............
A.+...t......SMB@...................
............N..>.......................Y...............................................S................]d.....................
06:37:45.833456 IP (tos 0x0, ttl 64, id 17883, offset 0, flags [DF], proto TCP (6), length 161)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xb585 (correct), seq 1803:1912, ack 1482, win 501, options [nop,nop,TS val 3986126000 ecr 1106324464], length 109
E...E.@[email protected]'...
........z....pa~...........
[email protected]..>.......................)........................]d..............
06:37:45.836441 IP (tos 0x10, ttl 64, id 9805, offset 0, flags [DF], proto TCP (6), length 236)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x8533 (incorrect -> 0x3f71), seq 1482:1666, ack 1912, win 4005, options [nop,nop,TS val 1106324468 ecr 3986126000], length 184
E...&M@[email protected].......
.....pa~z..9.....3.....
[email protected]..>....................... .H.l...................................................S...................................................\.q.w.e.
06:37:45.836938 IP (tos 0x0, ttl 64, id 17884, offset 0, flags [DF], proto TCP (6), length 169)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0xb361 (correct), seq 1912:2029, ack 1666, win 501, options [nop,nop,TS val 3986126003 ecr 1106324468], length 117
E...E.@[email protected]....
........z..9.pb6.....a.....
[email protected]..>.......................1................]d..............................
06:37:45.840556 IP (tos 0x10, ttl 64, id 9806, offset 0, flags [DF], proto TCP (6), length 129)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84c8 (incorrect -> 0x3f9e), seq 1666:1743, ack 2029, win 4005, options [nop,nop,TS val 1106324472 ecr 3986126003], length 77
E...&N@.@..........
.....pb6z..............
A.+...t....I.SMB@...................................>....................... .......!
06:37:45.894176 IP (tos 0x0, ttl 64, id 17885, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [.], cksum 0x2a30 (correct), seq 2029, ack 1743, win 501, options [nop,nop,TS val 3986126060 ecr 1106324472], length 0
E..4E.@[email protected]....
........z....pb.....*0.....
..t.A.+.
06:38:05.858165 IP (tos 0x0, ttl 64, id 17886, offset 0, flags [DF], proto TCP (6), length 144)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x7f92 (correct), seq 2029:2121, ack 1743, win 501, options [nop,nop,TS val 3986146024 ecr 1106324472], length 92
E...E.@[email protected]...
........z....pb............
[email protected]..>................................]d.............
06:38:05.860044 IP (tos 0x10, ttl 64, id 9807, offset 0, flags [DF], proto TCP (6), length 129)
192.168.1.250.445 > 192.168.1.10.33688: Flags [P.], cksum 0x84c8 (incorrect -> 0xa28b), seq 1743:1820, ack 2121, win 4005, options [nop,nop,TS val 1106344492 ecr 3986146024], length 77
E...&O@.@..........
.....pb.z..
...........
A.z,.......I.SMB@...................................>....................... .......!
06:38:05.860444 IP (tos 0x0, ttl 64, id 17887, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [.], cksum 0x8d53 (correct), seq 2121, ack 1820, win 501, options [nop,nop,TS val 3986146027 ecr 1106344492], length 0
E..4E.@[email protected]....
........z..
.pb......S.....
....A.z,
06:38:25.878802 IP (tos 0x0, ttl 64, id 17888, offset 0, flags [DF], proto TCP (6), length 124)
192.168.1.10.33688 > 192.168.1.250.445: Flags [P.], cksum 0x13b2 (correct), seq 2121:2193, ack 1820, win 501, options [nop,nop,TS val 3986166045 ecr 1106344492], length 72
E..|E.@[email protected]...
........z..
.pb............
....A.z,[email protected]..>...........................
06:38:25.922929 IP (tos 0x10, ttl 64, id 9808, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [.], cksum 0x847b (incorrect -> 0xe2c9), seq 1820, ack 2193, win 4005, options [nop,nop,TS val 1106364555 ecr 3986166045], length 0
E..4&P@.@..........
.....pb.z..R.....{.....
A.......
06:38:45.899095 IP (tos 0x0, ttl 64, id 17889, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [F.], cksum 0xa244 (correct), seq 2193, ack 1820, win 501, options [nop,nop,TS val 3986186065 ecr 1106364555], length 0
E..4E.@[email protected]....
........z..R.pb......D.....
.._QA...
06:38:45.899351 IP (tos 0x10, ttl 64, id 9809, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.250.445 > 192.168.1.10.33688: Flags [F.], cksum 0x847b (incorrect -> 0x468b), seq 1820, ack 2194, win 4005, options [nop,nop,TS val 1106384531 ecr 3986186065], length 0
E..4&Q@.@..........
.....pb.z..S.....{.....
A....._Q
06:38:45.899690 IP (tos 0x0, ttl 64, id 17890, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.10.33688 > 192.168.1.250.445: Flags [.], cksum 0x543a (correct), seq 2194, ack 1821, win 501, options [nop,nop,TS val 3986186066 ecr 1106384531], length 0
E..4E.@[email protected]....
........z..S.pb.....T:.....
.._RA...
^C
45 packets captured
45 packets received by filter
0 packets dropped by kernel
root@zalupa:~#