Wireshark-users: Re: [Wireshark-users] Unexplained Netbios Traffic
From: "Jon Ziminsky" <ziminskyj@xxxxxxxxx>
Date: Wed, 1 Oct 2008 13:13:06 -0600
I understand how NetBIOS works... This server has tried to contact 350 hosts since this morning... All completely random.
The two I posted were examples of the 1000+ packets it has generated thus far today.
I have used Arin to lookup about 20 of the IPs and they are all over the board... From China to Amsterdam to the US...
The server in question is behind the corporate firewall, and has no outward facing ports. The firewall is blocking these packets before they leave the network.
Attached is a snippet of the capture files, as i tried to post the entire file and was told by the bot that my message was too big.
The two I posted were examples of the 1000+ packets it has generated thus far today.
I have used Arin to lookup about 20 of the IPs and they are all over the board... From China to Amsterdam to the US...
The server in question is behind the corporate firewall, and has no outward facing ports. The firewall is blocking these packets before they leave the network.
Attached is a snippet of the capture files, as i tried to post the entire file and was told by the bot that my message was too big.
No. Time Source Destination Protocol Info
1 0.000000 <Private IP> 89.202.193.168 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 1 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:04.920254000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 89.202.193.168 (89.202.193.168)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf52d (62765)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1ee7 [correct]
Source: <Private IP> (<Private IP>)
Destination: 89.202.193.168 (89.202.193.168)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1a6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
2 1.502120 <Private IP> 89.202.193.168 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 2 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:06.422374000
[Time delta from previous captured frame: 1.502120000 seconds]
[Time delta from previous displayed frame: 1.502120000 seconds]
[Time since reference or first frame: 1.502120000 seconds]
Frame Number: 2
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 89.202.193.168 (89.202.193.168)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf52f (62767)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1ee5 [correct]
Source: <Private IP> (<Private IP>)
Destination: 89.202.193.168 (89.202.193.168)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1a8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
3 1.498831 <Private IP> 89.202.193.168 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 3 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:07.921205000
[Time delta from previous captured frame: 1.498831000 seconds]
[Time delta from previous displayed frame: 1.498831000 seconds]
[Time since reference or first frame: 3.000951000 seconds]
Frame Number: 3
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 89.202.193.168 (89.202.193.168)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf561 (62817)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1eb3 [correct]
Source: <Private IP> (<Private IP>)
Destination: 89.202.193.168 (89.202.193.168)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1aa
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
4 1.676497 <Private IP> 93.188.128.50 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 4 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:09.597702000
[Time delta from previous captured frame: 1.676497000 seconds]
[Time delta from previous displayed frame: 1.676497000 seconds]
[Time since reference or first frame: 4.677448000 seconds]
Frame Number: 4
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 93.188.128.50 (93.188.128.50)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf5c8 (62920)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5bd0 [correct]
Source: <Private IP> (<Private IP>)
Destination: 93.188.128.50 (93.188.128.50)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ac
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
5 1.493526 <Private IP> 93.188.128.50 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 5 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:11.091228000
[Time delta from previous captured frame: 1.493526000 seconds]
[Time delta from previous displayed frame: 1.493526000 seconds]
[Time since reference or first frame: 6.170974000 seconds]
Frame Number: 5
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 93.188.128.50 (93.188.128.50)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf605 (62981)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5b93 [correct]
Source: <Private IP> (<Private IP>)
Destination: 93.188.128.50 (93.188.128.50)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ae
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
6 1.507879 <Private IP> 93.188.128.50 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 6 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:12.599107000
[Time delta from previous captured frame: 1.507879000 seconds]
[Time delta from previous displayed frame: 1.507879000 seconds]
[Time since reference or first frame: 7.678853000 seconds]
Frame Number: 6
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 93.188.128.50 (93.188.128.50)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf628 (63016)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5b70 [correct]
Source: <Private IP> (<Private IP>)
Destination: 93.188.128.50 (93.188.128.50)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1b0
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
7 2.172017 <Private IP> 77.67.3.9 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 7 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:14.771124000
[Time delta from previous captured frame: 2.172017000 seconds]
[Time delta from previous displayed frame: 2.172017000 seconds]
[Time since reference or first frame: 9.850870000 seconds]
Frame Number: 7
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.3.9 (77.67.3.9)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf68c (63116)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xe8ae [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.3.9 (77.67.3.9)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1b2
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
8 1.492804 <Private IP> 77.67.3.9 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 8 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:16.263928000
[Time delta from previous captured frame: 1.492804000 seconds]
[Time delta from previous displayed frame: 1.492804000 seconds]
[Time since reference or first frame: 11.343674000 seconds]
Frame Number: 8
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.3.9 (77.67.3.9)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf68d (63117)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xe8ad [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.3.9 (77.67.3.9)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1b4
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
9 1.498853 <Private IP> 77.67.3.9 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 9 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:17.762781000
[Time delta from previous captured frame: 1.498853000 seconds]
[Time delta from previous displayed frame: 1.498853000 seconds]
[Time since reference or first frame: 12.842527000 seconds]
Frame Number: 9
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.3.9 (77.67.3.9)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf69c (63132)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xe89e [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.3.9 (77.67.3.9)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1b6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
10 2.014895 <Private IP> 202.88.80.254 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 10 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:19.777676000
[Time delta from previous captured frame: 2.014895000 seconds]
[Time delta from previous displayed frame: 2.014895000 seconds]
[Time since reference or first frame: 14.857422000 seconds]
Frame Number: 10
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 202.88.80.254 (202.88.80.254)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf6b8 (63160)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1d78 [correct]
Source: <Private IP> (<Private IP>)
Destination: 202.88.80.254 (202.88.80.254)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1b8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
11 1.485731 <Private IP> 202.88.80.254 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 11 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:21.263407000
[Time delta from previous captured frame: 1.485731000 seconds]
[Time delta from previous displayed frame: 1.485731000 seconds]
[Time since reference or first frame: 16.343153000 seconds]
Frame Number: 11
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 202.88.80.254 (202.88.80.254)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf6c7 (63175)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1d69 [correct]
Source: <Private IP> (<Private IP>)
Destination: 202.88.80.254 (202.88.80.254)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ba
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
12 1.499455 <Private IP> 202.88.80.254 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 12 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:22.762862000
[Time delta from previous captured frame: 1.499455000 seconds]
[Time delta from previous displayed frame: 1.499455000 seconds]
[Time since reference or first frame: 17.842608000 seconds]
Frame Number: 12
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 202.88.80.254 (202.88.80.254)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xf6de (63198)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1d52 [correct]
Source: <Private IP> (<Private IP>)
Destination: 202.88.80.254 (202.88.80.254)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1bc
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
13 25.332857 <Private IP> 222.36.40.139 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 13 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:48.095719000
[Time delta from previous captured frame: 25.332857000 seconds]
[Time delta from previous displayed frame: 25.332857000 seconds]
[Time since reference or first frame: 43.175465000 seconds]
Frame Number: 13
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 222.36.40.139 (222.36.40.139)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfac5 (64197)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x2e12 [correct]
Source: <Private IP> (<Private IP>)
Destination: 222.36.40.139 (222.36.40.139)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1c0
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
14 1.497099 <Private IP> 222.36.40.139 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 14 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:49.592818000
[Time delta from previous captured frame: 1.497099000 seconds]
[Time delta from previous displayed frame: 1.497099000 seconds]
[Time since reference or first frame: 44.672564000 seconds]
Frame Number: 14
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 222.36.40.139 (222.36.40.139)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfadd (64221)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x2dfa [correct]
Source: <Private IP> (<Private IP>)
Destination: 222.36.40.139 (222.36.40.139)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1c2
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
15 1.500763 <Private IP> 222.36.40.139 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 15 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:51.093581000
[Time delta from previous captured frame: 1.500763000 seconds]
[Time delta from previous displayed frame: 1.500763000 seconds]
[Time since reference or first frame: 46.173327000 seconds]
Frame Number: 15
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 222.36.40.139 (222.36.40.139)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfae1 (64225)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x2df6 [correct]
Source: <Private IP> (<Private IP>)
Destination: 222.36.40.139 (222.36.40.139)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1c4
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
16 2.051980 <Private IP> 124.50.74.62 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 16 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:53.145561000
[Time delta from previous captured frame: 2.051980000 seconds]
[Time delta from previous displayed frame: 2.051980000 seconds]
[Time since reference or first frame: 48.225307000 seconds]
Frame Number: 16
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 124.50.74.62 (124.50.74.62)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfb49 (64329)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x6dcd [correct]
Source: <Private IP> (<Private IP>)
Destination: 124.50.74.62 (124.50.74.62)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1c6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
17 1.495062 <Private IP> 124.50.74.62 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 17 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:54.640623000
[Time delta from previous captured frame: 1.495062000 seconds]
[Time delta from previous displayed frame: 1.495062000 seconds]
[Time since reference or first frame: 49.720369000 seconds]
Frame Number: 17
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 124.50.74.62 (124.50.74.62)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfb58 (64344)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x6dbe [correct]
Source: <Private IP> (<Private IP>)
Destination: 124.50.74.62 (124.50.74.62)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1c8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
18 1.502836 <Private IP> 124.50.74.62 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 18 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:56.143459000
[Time delta from previous captured frame: 1.502836000 seconds]
[Time delta from previous displayed frame: 1.502836000 seconds]
[Time since reference or first frame: 51.223205000 seconds]
Frame Number: 18
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 124.50.74.62 (124.50.74.62)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfb75 (64373)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x6da1 [correct]
Source: <Private IP> (<Private IP>)
Destination: 124.50.74.62 (124.50.74.62)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ca
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
19 2.806022 <Private IP> 58.222.12.231 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 19 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:30:58.949481000
[Time delta from previous captured frame: 2.806022000 seconds]
[Time delta from previous displayed frame: 2.806022000 seconds]
[Time since reference or first frame: 54.029227000 seconds]
Frame Number: 19
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.222.12.231 (58.222.12.231)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfc1d (64541)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xeba4 [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.222.12.231 (58.222.12.231)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1cc
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
20 1.486422 <Private IP> 58.222.12.231 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 20 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:00.435903000
[Time delta from previous captured frame: 1.486422000 seconds]
[Time delta from previous displayed frame: 1.486422000 seconds]
[Time since reference or first frame: 55.515649000 seconds]
Frame Number: 20
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.222.12.231 (58.222.12.231)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfc51 (64593)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xeb70 [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.222.12.231 (58.222.12.231)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ce
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
21 1.499357 <Private IP> 58.222.12.231 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 21 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:01.935260000
[Time delta from previous captured frame: 1.499357000 seconds]
[Time delta from previous displayed frame: 1.499357000 seconds]
[Time since reference or first frame: 57.015006000 seconds]
Frame Number: 21
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.222.12.231 (58.222.12.231)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfc6b (64619)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xeb56 [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.222.12.231 (58.222.12.231)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1d0
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
22 2.137170 <Private IP> 116.242.134.95 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 22 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:04.072430000
[Time delta from previous captured frame: 2.137170000 seconds]
[Time delta from previous displayed frame: 2.137170000 seconds]
[Time since reference or first frame: 59.152176000 seconds]
Frame Number: 22
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.242.134.95 (116.242.134.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfca6 (64678)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x378f [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.242.134.95 (116.242.134.95)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1d2
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
23 1.489162 <Private IP> 116.242.134.95 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 23 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:05.561592000
[Time delta from previous captured frame: 1.489162000 seconds]
[Time delta from previous displayed frame: 1.489162000 seconds]
[Time since reference or first frame: 60.641338000 seconds]
Frame Number: 23
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.242.134.95 (116.242.134.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfca7 (64679)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x378e [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.242.134.95 (116.242.134.95)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1d4
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
24 1.499315 <Private IP> 116.242.134.95 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 24 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:07.060907000
[Time delta from previous captured frame: 1.499315000 seconds]
[Time delta from previous displayed frame: 1.499315000 seconds]
[Time since reference or first frame: 62.140653000 seconds]
Frame Number: 24
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.242.134.95 (116.242.134.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfca8 (64680)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x378d [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.242.134.95 (116.242.134.95)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1d6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
25 2.332726 <Private IP> 218.97.254.203 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 25 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:09.393633000
[Time delta from previous captured frame: 2.332726000 seconds]
[Time delta from previous displayed frame: 2.332726000 seconds]
[Time since reference or first frame: 64.473379000 seconds]
Frame Number: 25
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 218.97.254.203 (218.97.254.203)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfd71 (64881)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x58e8 [correct]
Source: <Private IP> (<Private IP>)
Destination: 218.97.254.203 (218.97.254.203)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1d8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
26 1.494286 <Private IP> 218.97.254.203 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 26 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:10.887919000
[Time delta from previous captured frame: 1.494286000 seconds]
[Time delta from previous displayed frame: 1.494286000 seconds]
[Time since reference or first frame: 65.967665000 seconds]
Frame Number: 26
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 218.97.254.203 (218.97.254.203)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfd89 (64905)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x58d0 [correct]
Source: <Private IP> (<Private IP>)
Destination: 218.97.254.203 (218.97.254.203)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1da
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
27 1.501166 <Private IP> 218.97.254.203 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 27 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:12.389085000
[Time delta from previous captured frame: 1.501166000 seconds]
[Time delta from previous displayed frame: 1.501166000 seconds]
[Time since reference or first frame: 67.468831000 seconds]
Frame Number: 27
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 218.97.254.203 (218.97.254.203)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfdb1 (64945)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x58a8 [correct]
Source: <Private IP> (<Private IP>)
Destination: 218.97.254.203 (218.97.254.203)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1dc
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
28 2.659947 <Private IP> 58.83.130.82 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 28 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:15.049032000
[Time delta from previous captured frame: 2.659947000 seconds]
[Time delta from previous displayed frame: 2.659947000 seconds]
[Time since reference or first frame: 70.128778000 seconds]
Frame Number: 28
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.83.130.82 (58.83.130.82)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xfe55 (65109)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x748c [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.83.130.82 (58.83.130.82)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1de
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
29 1.497470 <Private IP> 58.83.130.82 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 29 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:16.546502000
[Time delta from previous captured frame: 1.497470000 seconds]
[Time delta from previous displayed frame: 1.497470000 seconds]
[Time since reference or first frame: 71.626248000 seconds]
Frame Number: 29
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.83.130.82 (58.83.130.82)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xffd8 (65496)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x7309 [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.83.130.82 (58.83.130.82)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1e0
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
30 1.499911 <Private IP> 58.83.130.82 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 30 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:18.046413000
[Time delta from previous captured frame: 1.499911000 seconds]
[Time delta from previous displayed frame: 1.499911000 seconds]
[Time since reference or first frame: 73.126159000 seconds]
Frame Number: 30
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 58.83.130.82 (58.83.130.82)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0007 (7)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x72db [correct]
Source: <Private IP> (<Private IP>)
Destination: 58.83.130.82 (58.83.130.82)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1e2
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
31 2.953431 <Private IP> 211.211.75.247 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 31 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:20.999844000
[Time delta from previous captured frame: 2.953431000 seconds]
[Time delta from previous displayed frame: 2.953431000 seconds]
[Time since reference or first frame: 76.079590000 seconds]
Frame Number: 31
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.211.75.247 (211.211.75.247)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0124 (292)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0e99 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.211.75.247 (211.211.75.247)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1e4
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
32 1.497608 <Private IP> 211.211.75.247 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 32 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:22.497452000
[Time delta from previous captured frame: 1.497608000 seconds]
[Time delta from previous displayed frame: 1.497608000 seconds]
[Time since reference or first frame: 77.577198000 seconds]
Frame Number: 32
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.211.75.247 (211.211.75.247)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0177 (375)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0e46 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.211.75.247 (211.211.75.247)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1e6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
33 1.503169 <Private IP> 211.211.75.247 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 33 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:24.000621000
[Time delta from previous captured frame: 1.503169000 seconds]
[Time delta from previous displayed frame: 1.503169000 seconds]
[Time since reference or first frame: 79.080367000 seconds]
Frame Number: 33
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.211.75.247 (211.211.75.247)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x019d (413)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0e20 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.211.75.247 (211.211.75.247)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1e8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
34 1.770286 <Private IP> 24.64.129.20 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 34 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:25.770907000
[Time delta from previous captured frame: 1.770286000 seconds]
[Time delta from previous displayed frame: 1.770286000 seconds]
[Time since reference or first frame: 80.850653000 seconds]
Frame Number: 34
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.129.20 (24.64.129.20)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x01c1 (449)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9472 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.129.20 (24.64.129.20)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ea
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
35 1.492299 <Private IP> 24.64.129.20 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 35 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:27.263206000
[Time delta from previous captured frame: 1.492299000 seconds]
[Time delta from previous displayed frame: 1.492299000 seconds]
[Time since reference or first frame: 82.342952000 seconds]
Frame Number: 35
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.129.20 (24.64.129.20)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x01c2 (450)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9471 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.129.20 (24.64.129.20)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ec
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
36 1.499733 <Private IP> 24.64.129.20 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 36 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:28.762939000
[Time delta from previous captured frame: 1.499733000 seconds]
[Time delta from previous displayed frame: 1.499733000 seconds]
[Time since reference or first frame: 83.842685000 seconds]
Frame Number: 36
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.129.20 (24.64.129.20)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x01c3 (451)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9470 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.129.20 (24.64.129.20)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1ee
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
37 2.019457 <Private IP> 200.149.169.173 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 37 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:30.782396000
[Time delta from previous captured frame: 2.019457000 seconds]
[Time delta from previous displayed frame: 2.019457000 seconds]
[Time since reference or first frame: 85.862142000 seconds]
Frame Number: 37
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.149.169.173 (200.149.169.173)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x025a (602)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xbaea [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.149.169.173 (200.149.169.173)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1f0
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
38 1.496352 <Private IP> 200.149.169.173 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 38 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:32.278748000
[Time delta from previous captured frame: 1.496352000 seconds]
[Time delta from previous displayed frame: 1.496352000 seconds]
[Time since reference or first frame: 87.358494000 seconds]
Frame Number: 38
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.149.169.173 (200.149.169.173)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0276 (630)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xbace [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.149.169.173 (200.149.169.173)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1f2
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
39 1.499806 <Private IP> 200.149.169.173 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 39 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:33.778554000
[Time delta from previous captured frame: 1.499806000 seconds]
[Time delta from previous displayed frame: 1.499806000 seconds]
[Time since reference or first frame: 88.858300000 seconds]
Frame Number: 39
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.149.169.173 (200.149.169.173)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0277 (631)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xbacd [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.149.169.173 (200.149.169.173)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1f4
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
40 1.767814 <Private IP> 24.64.61.65 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 40 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:35.546368000
[Time delta from previous captured frame: 1.767814000 seconds]
[Time delta from previous displayed frame: 1.767814000 seconds]
[Time since reference or first frame: 90.626114000 seconds]
Frame Number: 40
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.61.65 (24.64.61.65)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x02cb (715)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xd73b [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.61.65 (24.64.61.65)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1f6
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
41 1.498369 <Private IP> 24.64.61.65 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 41 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:37.044737000
[Time delta from previous captured frame: 1.498369000 seconds]
[Time delta from previous displayed frame: 1.498369000 seconds]
[Time since reference or first frame: 92.124483000 seconds]
Frame Number: 41
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.61.65 (24.64.61.65)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x02cc (716)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xd73a [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.61.65 (24.64.61.65)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1f8
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
42 1.499382 <Private IP> 24.64.61.65 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 42 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:38.544119000
[Time delta from previous captured frame: 1.499382000 seconds]
[Time delta from previous displayed frame: 1.499382000 seconds]
[Time since reference or first frame: 93.623865000 seconds]
Frame Number: 42
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.61.65 (24.64.61.65)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x031f (799)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xd6e7 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.61.65 (24.64.61.65)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1fa
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
43 2.997339 <Private IP> 24.64.24.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 43 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:41.541458000
[Time delta from previous captured frame: 2.997339000 seconds]
[Time delta from previous displayed frame: 2.997339000 seconds]
[Time since reference or first frame: 96.621204000 seconds]
Frame Number: 43
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.24.157 (24.64.24.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0389 (905)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xfb21 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.24.157 (24.64.24.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1fc
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
44 1.488171 <Private IP> 24.64.24.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 44 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:43.029629000
[Time delta from previous captured frame: 1.488171000 seconds]
[Time delta from previous displayed frame: 1.488171000 seconds]
[Time since reference or first frame: 98.109375000 seconds]
Frame Number: 44
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.24.157 (24.64.24.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0398 (920)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xfb12 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.24.157 (24.64.24.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb1fe
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
45 1.499269 <Private IP> 24.64.24.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 45 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:44.528898000
[Time delta from previous captured frame: 1.499269000 seconds]
[Time delta from previous displayed frame: 1.499269000 seconds]
[Time since reference or first frame: 99.608644000 seconds]
Frame Number: 45
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.24.157 (24.64.24.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x03a7 (935)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xfb03 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.24.157 (24.64.24.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb200
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
46 2.215725 <Private IP> 72.249.6.40 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 46 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:46.744623000
[Time delta from previous captured frame: 2.215725000 seconds]
[Time delta from previous displayed frame: 2.215725000 seconds]
[Time since reference or first frame: 101.824369000 seconds]
Frame Number: 46
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 72.249.6.40 (72.249.6.40)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0552 (1362)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xdb14 [correct]
Source: <Private IP> (<Private IP>)
Destination: 72.249.6.40 (72.249.6.40)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb202
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
47 1.488338 <Private IP> 72.249.6.40 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 47 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:48.232961000
[Time delta from previous captured frame: 1.488338000 seconds]
[Time delta from previous displayed frame: 1.488338000 seconds]
[Time since reference or first frame: 103.312707000 seconds]
Frame Number: 47
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 72.249.6.40 (72.249.6.40)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0578 (1400)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xdaee [correct]
Source: <Private IP> (<Private IP>)
Destination: 72.249.6.40 (72.249.6.40)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb204
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
48 1.499737 <Private IP> 72.249.6.40 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 48 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:49.732698000
[Time delta from previous captured frame: 1.499737000 seconds]
[Time delta from previous displayed frame: 1.499737000 seconds]
[Time since reference or first frame: 104.812444000 seconds]
Frame Number: 48
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 72.249.6.40 (72.249.6.40)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0589 (1417)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xdadd [correct]
Source: <Private IP> (<Private IP>)
Destination: 72.249.6.40 (72.249.6.40)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb206
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
49 1.818319 <Private IP> 60.172.219.2 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 49 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:51.551017000
[Time delta from previous captured frame: 1.818319000 seconds]
[Time delta from previous displayed frame: 1.818319000 seconds]
[Time since reference or first frame: 106.630763000 seconds]
Frame Number: 49
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 60.172.219.2 (60.172.219.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x05a7 (1447)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1232 [correct]
Source: <Private IP> (<Private IP>)
Destination: 60.172.219.2 (60.172.219.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb208
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
50 1.493055 <Private IP> 60.172.219.2 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 50 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:53.044072000
[Time delta from previous captured frame: 1.493055000 seconds]
[Time delta from previous displayed frame: 1.493055000 seconds]
[Time since reference or first frame: 108.123818000 seconds]
Frame Number: 50
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 60.172.219.2 (60.172.219.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x05d8 (1496)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1201 [correct]
Source: <Private IP> (<Private IP>)
Destination: 60.172.219.2 (60.172.219.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb20a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
51 1.502988 <Private IP> 60.172.219.2 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 51 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:54.547060000
[Time delta from previous captured frame: 1.502988000 seconds]
[Time delta from previous displayed frame: 1.502988000 seconds]
[Time since reference or first frame: 109.626806000 seconds]
Frame Number: 51
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 60.172.219.2 (60.172.219.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x060d (1549)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x11cc [correct]
Source: <Private IP> (<Private IP>)
Destination: 60.172.219.2 (60.172.219.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb20c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
52 1.833668 <Private IP> 190.196.43.12 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 52 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:56.380728000
[Time delta from previous captured frame: 1.833668000 seconds]
[Time delta from previous displayed frame: 1.833668000 seconds]
[Time since reference or first frame: 111.460474000 seconds]
Frame Number: 52
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 190.196.43.12 (190.196.43.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x065b (1627)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x3f5c [correct]
Source: <Private IP> (<Private IP>)
Destination: 190.196.43.12 (190.196.43.12)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb20e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
53 1.493005 <Private IP> 190.196.43.12 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 53 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:57.873733000
[Time delta from previous captured frame: 1.493005000 seconds]
[Time delta from previous displayed frame: 1.493005000 seconds]
[Time since reference or first frame: 112.953479000 seconds]
Frame Number: 53
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 190.196.43.12 (190.196.43.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x065c (1628)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x3f5b [correct]
Source: <Private IP> (<Private IP>)
Destination: 190.196.43.12 (190.196.43.12)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb210
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
54 1.498478 <Private IP> 190.196.43.12 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 54 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:31:59.372211000
[Time delta from previous captured frame: 1.498478000 seconds]
[Time delta from previous displayed frame: 1.498478000 seconds]
[Time since reference or first frame: 114.451957000 seconds]
Frame Number: 54
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 190.196.43.12 (190.196.43.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0665 (1637)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x3f52 [correct]
Source: <Private IP> (<Private IP>)
Destination: 190.196.43.12 (190.196.43.12)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb212
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
55 3.611394 <Private IP> 24.64.178.21 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 55 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:02.983605000
[Time delta from previous captured frame: 3.611394000 seconds]
[Time delta from previous displayed frame: 3.611394000 seconds]
[Time since reference or first frame: 118.063351000 seconds]
Frame Number: 55
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.178.21 (24.64.178.21)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0818 (2072)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5d1a [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.178.21 (24.64.178.21)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb214
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
56 1.498344 <Private IP> 24.64.178.21 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 56 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:04.481949000
[Time delta from previous captured frame: 1.498344000 seconds]
[Time delta from previous displayed frame: 1.498344000 seconds]
[Time since reference or first frame: 119.561695000 seconds]
Frame Number: 56
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.178.21 (24.64.178.21)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0834 (2100)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5cfe [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.178.21 (24.64.178.21)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb216
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
57 1.500073 <Private IP> 24.64.178.21 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 57 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:05.982022000
[Time delta from previous captured frame: 1.500073000 seconds]
[Time delta from previous displayed frame: 1.500073000 seconds]
[Time since reference or first frame: 121.061768000 seconds]
Frame Number: 57
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.178.21 (24.64.178.21)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0835 (2101)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5cfd [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.178.21 (24.64.178.21)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb218
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
58 22.095897 <Private IP> 203.75.98.182 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 58 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:28.077919000
[Time delta from previous captured frame: 22.095897000 seconds]
[Time delta from previous displayed frame: 22.095897000 seconds]
[Time since reference or first frame: 143.157665000 seconds]
Frame Number: 58
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 203.75.98.182 (203.75.98.182)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0df0 (3568)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xf395 [correct]
Source: <Private IP> (<Private IP>)
Destination: 203.75.98.182 (203.75.98.182)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb21a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
59 1.497981 <Private IP> 203.75.98.182 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 59 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:29.575900000
[Time delta from previous captured frame: 1.497981000 seconds]
[Time delta from previous displayed frame: 1.497981000 seconds]
[Time since reference or first frame: 144.655646000 seconds]
Frame Number: 59
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 203.75.98.182 (203.75.98.182)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0e49 (3657)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xf33c [correct]
Source: <Private IP> (<Private IP>)
Destination: 203.75.98.182 (203.75.98.182)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb21c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
60 1.502849 <Private IP> 203.75.98.182 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 60 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:31.078749000
[Time delta from previous captured frame: 1.502849000 seconds]
[Time delta from previous displayed frame: 1.502849000 seconds]
[Time since reference or first frame: 146.158495000 seconds]
Frame Number: 60
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 203.75.98.182 (203.75.98.182)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0e6a (3690)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xf31b [correct]
Source: <Private IP> (<Private IP>)
Destination: 203.75.98.182 (203.75.98.182)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb21e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
61 5.081613 <Private IP> 210.118.64.191 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 61 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:36.160362000
[Time delta from previous captured frame: 5.081613000 seconds]
[Time delta from previous displayed frame: 5.081613000 seconds]
[Time since reference or first frame: 151.240108000 seconds]
Frame Number: 61
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 210.118.64.191 (210.118.64.191)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x103e (4158)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0c14 [correct]
Source: <Private IP> (<Private IP>)
Destination: 210.118.64.191 (210.118.64.191)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb220
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
62 1.496198 <Private IP> 210.118.64.191 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 62 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:37.656560000
[Time delta from previous captured frame: 1.496198000 seconds]
[Time delta from previous displayed frame: 1.496198000 seconds]
[Time since reference or first frame: 152.736306000 seconds]
Frame Number: 62
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 210.118.64.191 (210.118.64.191)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x103f (4159)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0c13 [correct]
Source: <Private IP> (<Private IP>)
Destination: 210.118.64.191 (210.118.64.191)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb222
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
63 1.498529 <Private IP> 210.118.64.191 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 63 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:39.155089000
[Time delta from previous captured frame: 1.498529000 seconds]
[Time delta from previous displayed frame: 1.498529000 seconds]
[Time since reference or first frame: 154.234835000 seconds]
Frame Number: 63
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 210.118.64.191 (210.118.64.191)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1065 (4197)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0bed [correct]
Source: <Private IP> (<Private IP>)
Destination: 210.118.64.191 (210.118.64.191)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb224
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
64 2.574161 <Private IP> 209.85.173.118 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 64 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:41.729250000
[Time delta from previous captured frame: 2.574161000 seconds]
[Time delta from previous displayed frame: 2.574161000 seconds]
[Time since reference or first frame: 156.808996000 seconds]
Frame Number: 64
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 209.85.173.118 (209.85.173.118)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1110 (4368)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9fab [correct]
Source: <Private IP> (<Private IP>)
Destination: 209.85.173.118 (209.85.173.118)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb226
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
65 1.489570 <Private IP> 209.85.173.118 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 65 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:43.218820000
[Time delta from previous captured frame: 1.489570000 seconds]
[Time delta from previous displayed frame: 1.489570000 seconds]
[Time since reference or first frame: 158.298566000 seconds]
Frame Number: 65
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 209.85.173.118 (209.85.173.118)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1144 (4420)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9f77 [correct]
Source: <Private IP> (<Private IP>)
Destination: 209.85.173.118 (209.85.173.118)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb228
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
66 1.501033 <Private IP> 209.85.173.118 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 66 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:44.719853000
[Time delta from previous captured frame: 1.501033000 seconds]
[Time delta from previous displayed frame: 1.501033000 seconds]
[Time since reference or first frame: 159.799599000 seconds]
Frame Number: 66
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 209.85.173.118 (209.85.173.118)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1153 (4435)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x9f68 [correct]
Source: <Private IP> (<Private IP>)
Destination: 209.85.173.118 (209.85.173.118)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb22a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
67 5.648718 <Private IP> 24.64.154.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 67 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:50.368571000
[Time delta from previous captured frame: 5.648718000 seconds]
[Time delta from previous displayed frame: 5.648718000 seconds]
[Time since reference or first frame: 165.448317000 seconds]
Frame Number: 67
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.154.157 (24.64.154.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x12dd (4829)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x69cd [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.154.157 (24.64.154.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb22c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
68 1.488029 <Private IP> 24.64.154.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 68 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:51.856600000
[Time delta from previous captured frame: 1.488029000 seconds]
[Time delta from previous displayed frame: 1.488029000 seconds]
[Time since reference or first frame: 166.936346000 seconds]
Frame Number: 68
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.154.157 (24.64.154.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x12ef (4847)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x69bb [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.154.157 (24.64.154.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb22e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
69 1.500353 <Private IP> 24.64.154.157 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 69 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:32:53.356953000
[Time delta from previous captured frame: 1.500353000 seconds]
[Time delta from previous displayed frame: 1.500353000 seconds]
[Time since reference or first frame: 168.436699000 seconds]
Frame Number: 69
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.154.157 (24.64.154.157)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x130b (4875)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x699f [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.154.157 (24.64.154.157)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb230
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
70 10.953580 <Private IP> 24.64.183.44 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 70 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:33:04.310533000
[Time delta from previous captured frame: 10.953580000 seconds]
[Time delta from previous displayed frame: 10.953580000 seconds]
[Time since reference or first frame: 179.390279000 seconds]
Frame Number: 70
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.183.44 (24.64.183.44)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1767 (5991)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x48b4 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.183.44 (24.64.183.44)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb232
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
71 1.499345 <Private IP> 24.64.183.44 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 71 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:33:05.809878000
[Time delta from previous captured frame: 1.499345000 seconds]
[Time delta from previous displayed frame: 1.499345000 seconds]
[Time since reference or first frame: 180.889624000 seconds]
Frame Number: 71
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.183.44 (24.64.183.44)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x1783 (6019)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x4898 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.183.44 (24.64.183.44)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb234
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
72 1.500255 <Private IP> 24.64.183.44 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 72 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:33:07.310133000
[Time delta from previous captured frame: 1.500255000 seconds]
[Time delta from previous displayed frame: 1.500255000 seconds]
[Time since reference or first frame: 182.389879000 seconds]
Frame Number: 72
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.183.44 (24.64.183.44)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x179f (6047)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x487c [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.183.44 (24.64.183.44)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb236
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
73 902.580719 <Private IP> 64.181.83.193 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 73 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:09.890852000
[Time delta from previous captured frame: 902.580719000 seconds]
[Time delta from previous displayed frame: 902.580719000 seconds]
[Time since reference or first frame: 1084.970598000 seconds]
Frame Number: 73
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 64.181.83.193 (64.181.83.193)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7ddb (32219)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1d36 [correct]
Source: <Private IP> (<Private IP>)
Destination: 64.181.83.193 (64.181.83.193)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb23c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
74 1.498394 <Private IP> 64.181.83.193 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 74 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:11.389246000
[Time delta from previous captured frame: 1.498394000 seconds]
[Time delta from previous displayed frame: 1.498394000 seconds]
[Time since reference or first frame: 1086.468992000 seconds]
Frame Number: 74
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 64.181.83.193 (64.181.83.193)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7e2a (32298)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1ce7 [correct]
Source: <Private IP> (<Private IP>)
Destination: 64.181.83.193 (64.181.83.193)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb23e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
75 1.499106 <Private IP> 64.181.83.193 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 75 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:12.888352000
[Time delta from previous captured frame: 1.499106000 seconds]
[Time delta from previous displayed frame: 1.499106000 seconds]
[Time since reference or first frame: 1087.968098000 seconds]
Frame Number: 75
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 64.181.83.193 (64.181.83.193)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7e2b (32299)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x1ce6 [correct]
Source: <Private IP> (<Private IP>)
Destination: 64.181.83.193 (64.181.83.193)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb240
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
76 3.391581 <Private IP> 220.117.247.94 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 76 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:16.279933000
[Time delta from previous captured frame: 3.391581000 seconds]
[Time delta from previous displayed frame: 3.391581000 seconds]
[Time since reference or first frame: 1091.359679000 seconds]
Frame Number: 76
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 220.117.247.94 (220.117.247.94)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7f88 (32648)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xdc2a [correct]
Source: <Private IP> (<Private IP>)
Destination: 220.117.247.94 (220.117.247.94)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb242
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
77 1.502283 <Private IP> 220.117.247.94 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 77 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:17.782216000
[Time delta from previous captured frame: 1.502283000 seconds]
[Time delta from previous displayed frame: 1.502283000 seconds]
[Time since reference or first frame: 1092.861962000 seconds]
Frame Number: 77
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 220.117.247.94 (220.117.247.94)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x7fce (32718)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xdbe4 [correct]
Source: <Private IP> (<Private IP>)
Destination: 220.117.247.94 (220.117.247.94)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb244
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
78 1.499541 <Private IP> 220.117.247.94 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 78 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:19.281757000
[Time delta from previous captured frame: 1.499541000 seconds]
[Time delta from previous displayed frame: 1.499541000 seconds]
[Time since reference or first frame: 1094.361503000 seconds]
Frame Number: 78
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 220.117.247.94 (220.117.247.94)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8196 (33174)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xda1c [correct]
Source: <Private IP> (<Private IP>)
Destination: 220.117.247.94 (220.117.247.94)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb246
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
79 1.774179 <Private IP> 24.64.53.23 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 79 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:21.055936000
[Time delta from previous captured frame: 1.774179000 seconds]
[Time delta from previous displayed frame: 1.774179000 seconds]
[Time since reference or first frame: 1096.135682000 seconds]
Frame Number: 79
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.53.23 (24.64.53.23)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8314 (33556)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5f1c [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.53.23 (24.64.53.23)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb248
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
80 1.489592 <Private IP> 24.64.53.23 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 80 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:22.545528000
[Time delta from previous captured frame: 1.489592000 seconds]
[Time delta from previous displayed frame: 1.489592000 seconds]
[Time since reference or first frame: 1097.625274000 seconds]
Frame Number: 80
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.53.23 (24.64.53.23)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x833d (33597)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5ef3 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.53.23 (24.64.53.23)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb24a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
81 1.499688 <Private IP> 24.64.53.23 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 81 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:24.045216000
[Time delta from previous captured frame: 1.499688000 seconds]
[Time delta from previous displayed frame: 1.499688000 seconds]
[Time since reference or first frame: 1099.124962000 seconds]
Frame Number: 81
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 24.64.53.23 (24.64.53.23)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x835d (33629)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5ed3 [correct]
Source: <Private IP> (<Private IP>)
Destination: 24.64.53.23 (24.64.53.23)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb24c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
82 2.184458 <Private IP> 87.103.211.51 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 82 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:26.229674000
[Time delta from previous captured frame: 2.184458000 seconds]
[Time delta from previous displayed frame: 2.184458000 seconds]
[Time since reference or first frame: 1101.309420000 seconds]
Frame Number: 82
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 87.103.211.51 (87.103.211.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8461 (33889)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x808b [correct]
Source: <Private IP> (<Private IP>)
Destination: 87.103.211.51 (87.103.211.51)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb24e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
83 1.486717 <Private IP> 87.103.211.51 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 83 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:27.716391000
[Time delta from previous captured frame: 1.486717000 seconds]
[Time delta from previous displayed frame: 1.486717000 seconds]
[Time since reference or first frame: 1102.796137000 seconds]
Frame Number: 83
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 87.103.211.51 (87.103.211.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8481 (33921)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x806b [correct]
Source: <Private IP> (<Private IP>)
Destination: 87.103.211.51 (87.103.211.51)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb250
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
84 1.501447 <Private IP> 87.103.211.51 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 84 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:29.217838000
[Time delta from previous captured frame: 1.501447000 seconds]
[Time delta from previous displayed frame: 1.501447000 seconds]
[Time since reference or first frame: 1104.297584000 seconds]
Frame Number: 84
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 87.103.211.51 (87.103.211.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8511 (34065)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x7fdb [correct]
Source: <Private IP> (<Private IP>)
Destination: 87.103.211.51 (87.103.211.51)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb252
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
85 2.075447 <Private IP> 211.212.203.237 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 85 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:31.293285000
[Time delta from previous captured frame: 2.075447000 seconds]
[Time delta from previous displayed frame: 2.075447000 seconds]
[Time since reference or first frame: 1106.373031000 seconds]
Frame Number: 85
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.212.203.237 (211.212.203.237)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x865f (34399)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0966 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.212.203.237 (211.212.203.237)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb254
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
86 1.485337 <Private IP> 211.212.203.237 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 86 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:32.778622000
[Time delta from previous captured frame: 1.485337000 seconds]
[Time delta from previous displayed frame: 1.485337000 seconds]
[Time since reference or first frame: 1107.858368000 seconds]
Frame Number: 86
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.212.203.237 (211.212.203.237)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8672 (34418)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0953 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.212.203.237 (211.212.203.237)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb256
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
87 1.500035 <Private IP> 211.212.203.237 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 87 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:34.278657000
[Time delta from previous captured frame: 1.500035000 seconds]
[Time delta from previous displayed frame: 1.500035000 seconds]
[Time since reference or first frame: 1109.358403000 seconds]
Frame Number: 87
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 211.212.203.237 (211.212.203.237)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x86bd (34493)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0908 [correct]
Source: <Private IP> (<Private IP>)
Destination: 211.212.203.237 (211.212.203.237)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb258
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
88 2.475786 <Private IP> 200.2.127.155 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 88 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:36.754443000
[Time delta from previous captured frame: 2.475786000 seconds]
[Time delta from previous displayed frame: 2.475786000 seconds]
[Time since reference or first frame: 1111.834189000 seconds]
Frame Number: 88
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.2.127.155 (200.2.127.155)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8725 (34597)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x60c4 [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.2.127.155 (200.2.127.155)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb25a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
89 1.492838 <Private IP> 200.2.127.155 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 89 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:38.247281000
[Time delta from previous captured frame: 1.492838000 seconds]
[Time delta from previous displayed frame: 1.492838000 seconds]
[Time since reference or first frame: 1113.327027000 seconds]
Frame Number: 89
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.2.127.155 (200.2.127.155)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8787 (34695)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x6062 [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.2.127.155 (200.2.127.155)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb25c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
90 1.500202 <Private IP> 200.2.127.155 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 90 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:39.747483000
[Time delta from previous captured frame: 1.500202000 seconds]
[Time delta from previous displayed frame: 1.500202000 seconds]
[Time since reference or first frame: 1114.827229000 seconds]
Frame Number: 90
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 200.2.127.155 (200.2.127.155)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x87c7 (34759)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x6022 [correct]
Source: <Private IP> (<Private IP>)
Destination: 200.2.127.155 (200.2.127.155)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb25e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
91 3.039957 <Private IP> 201.225.179.42 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 91 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:42.787440000
[Time delta from previous captured frame: 3.039957000 seconds]
[Time delta from previous displayed frame: 3.039957000 seconds]
[Time since reference or first frame: 1117.867186000 seconds]
Frame Number: 91
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 201.225.179.42 (201.225.179.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x889d (34973)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x29de [correct]
Source: <Private IP> (<Private IP>)
Destination: 201.225.179.42 (201.225.179.42)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb260
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
92 1.494246 <Private IP> 201.225.179.42 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 92 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:44.281686000
[Time delta from previous captured frame: 1.494246000 seconds]
[Time delta from previous displayed frame: 1.494246000 seconds]
[Time since reference or first frame: 1119.361432000 seconds]
Frame Number: 92
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 201.225.179.42 (201.225.179.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x889e (34974)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x29dd [correct]
Source: <Private IP> (<Private IP>)
Destination: 201.225.179.42 (201.225.179.42)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb262
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
93 1.497341 <Private IP> 201.225.179.42 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 93 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:45.779027000
[Time delta from previous captured frame: 1.497341000 seconds]
[Time delta from previous displayed frame: 1.497341000 seconds]
[Time since reference or first frame: 1120.858773000 seconds]
Frame Number: 93
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 201.225.179.42 (201.225.179.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x88ad (34989)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x29ce [correct]
Source: <Private IP> (<Private IP>)
Destination: 201.225.179.42 (201.225.179.42)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb264
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
94 2.674582 <Private IP> 123.55.227.18 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 94 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:48.453609000
[Time delta from previous captured frame: 2.674582000 seconds]
[Time delta from previous displayed frame: 2.674582000 seconds]
[Time since reference or first frame: 1123.533355000 seconds]
Frame Number: 94
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 123.55.227.18 (123.55.227.18)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x892b (35115)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x4812 [correct]
Source: <Private IP> (<Private IP>)
Destination: 123.55.227.18 (123.55.227.18)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb266
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
95 1.499497 <Private IP> 123.55.227.18 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 95 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:49.953106000
[Time delta from previous captured frame: 1.499497000 seconds]
[Time delta from previous displayed frame: 1.499497000 seconds]
[Time since reference or first frame: 1125.032852000 seconds]
Frame Number: 95
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 123.55.227.18 (123.55.227.18)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x892c (35116)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x4811 [correct]
Source: <Private IP> (<Private IP>)
Destination: 123.55.227.18 (123.55.227.18)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb268
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
96 1.497962 <Private IP> 123.55.227.18 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 96 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:51.451068000
[Time delta from previous captured frame: 1.497962000 seconds]
[Time delta from previous displayed frame: 1.497962000 seconds]
[Time since reference or first frame: 1126.530814000 seconds]
Frame Number: 96
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 123.55.227.18 (123.55.227.18)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x892d (35117)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x4810 [correct]
Source: <Private IP> (<Private IP>)
Destination: 123.55.227.18 (123.55.227.18)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb26a
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
97 1.842137 <Private IP> 77.67.0.147 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 97 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:53.293205000
[Time delta from previous captured frame: 1.842137000 seconds]
[Time delta from previous displayed frame: 1.842137000 seconds]
[Time since reference or first frame: 1128.372951000 seconds]
Frame Number: 97
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.0.147 (77.67.0.147)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8970 (35184)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5841 [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.0.147 (77.67.0.147)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb26c
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
98 1.486325 <Private IP> 77.67.0.147 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 98 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:54.779530000
[Time delta from previous captured frame: 1.486325000 seconds]
[Time delta from previous displayed frame: 1.486325000 seconds]
[Time since reference or first frame: 1129.859276000 seconds]
Frame Number: 98
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.0.147 (77.67.0.147)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x899f (35231)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x5812 [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.0.147 (77.67.0.147)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb26e
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
99 1.498966 <Private IP> 77.67.0.147 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 99 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:48:56.278496000
[Time delta from previous captured frame: 1.498966000 seconds]
[Time delta from previous displayed frame: 1.498966000 seconds]
[Time since reference or first frame: 1131.358242000 seconds]
Frame Number: 99
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 77.67.0.147 (77.67.0.147)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x89d3 (35283)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x57de [correct]
Source: <Private IP> (<Private IP>)
Destination: 77.67.0.147 (77.67.0.147)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb270
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
100 4.412683 <Private IP> 116.209.139.202 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 100 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:49:00.691179000
[Time delta from previous captured frame: 4.412683000 seconds]
[Time delta from previous displayed frame: 4.412683000 seconds]
[Time since reference or first frame: 1135.770925000 seconds]
Frame Number: 100
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.209.139.202 (116.209.139.202)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8bd6 (35798)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xa315 [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.209.139.202 (116.209.139.202)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb272
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
101 1.495457 <Private IP> 116.209.139.202 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 101 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:49:02.186636000
[Time delta from previous captured frame: 1.495457000 seconds]
[Time delta from previous displayed frame: 1.495457000 seconds]
[Time since reference or first frame: 1137.266382000 seconds]
Frame Number: 101
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.209.139.202 (116.209.139.202)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8bd7 (35799)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xa314 [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.209.139.202 (116.209.139.202)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb274
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Info
102 1.498860 <Private IP> 116.209.139.202 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 102 (92 bytes on wire, 92 bytes captured)
Arrival Time: Oct 1, 2008 10:49:03.685496000
[Time delta from previous captured frame: 1.498860000 seconds]
[Time delta from previous displayed frame: 1.498860000 seconds]
[Time since reference or first frame: 1138.765242000 seconds]
Frame Number: 102
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: <Hidden>(<Hidden>), Dst: <Hidden>(<Hidden>)
Destination: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: <Hidden>(<Hidden>)
Address: <Hidden>(<Hidden>)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: <Private IP> (<Private IP>), Dst: 116.209.139.202 (116.209.139.202)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x8bf3 (35827)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xa2f8 [correct]
Source: <Private IP> (<Private IP>)
Destination: 116.209.139.202 (116.209.139.202)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0xb276
Flags: 0x0000 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
- Follow-Ups:
- Re: [Wireshark-users] Unexplained Netbios Traffic
- From: Guy Harris
- Re: [Wireshark-users] Unexplained Netbios Traffic
- From: John Martin
- Re: [Wireshark-users] Unexplained Netbios Traffic
- From: Andrew Hood
- Re: [Wireshark-users] Unexplained Netbios Traffic
- References:
- [Wireshark-users] Unexplained Netbios Traffic
- From: Jon Ziminsky
- Re: [Wireshark-users] Unexplained Netbios Traffic
- From: Guy Harris
- [Wireshark-users] Unexplained Netbios Traffic
- Prev by Date: Re: [Wireshark-users] Unexplained Netbios Traffic
- Next by Date: Re: [Wireshark-users] Unexplained Netbios Traffic
- Previous by thread: Re: [Wireshark-users] Unexplained Netbios Traffic
- Next by thread: Re: [Wireshark-users] Unexplained Netbios Traffic
- Index(es):