samba - Nov 2001 - winbindd problem with NT4 PDC: samba does not see all the groups

Hi,

I would like to report a bug in winbindd that seems to be present in 2.2.2,
cvs 2.2.3-pre and cvs HEAD (cvs sources checked out Nov 9).

The problem is preventing us from using Samba in production with winbindd.


For all three samba versions, winbindd fails with the following symptoms:

     Samba has successfully joined the NT4 domain (the PDC is running NT)
     Domain users can access the samba server.
     wbinfo -g FAILS by only listing 8 groups of 50+
     wbinfo -t is OK
     wbinfo -u is OK
     wbinfo -s is OK and can lookup groups not listed by wbinfo -g

=================================================
Attempting to list all the groups with "wbinfo -g" or "getent
group" does
not work.

       $ wbinfo -g
       FAIRFIELD+Domain Admins
       FAIRFIELD+Domain Guests
       FAIRFIELD+Domain Users
       FAIRFIELD+MIS2
       FAIRFIELD+MTS Trusted Impersonators
       FAIRFIELD+Purchasing
       FAIRFIELD+RAS
       FAIRFIELD+SMSInternalCliGrp

Note that samba only finds 8 groups. getent group also only displays
these 8 groups. There are many more groups available at the PDC.

However, if I query wbinfo "in reverse" with wbinfo -G, I can find two
more groups, cadread and cadwrite. They can also be mapped from SID to
name using wbinfo.  Why are they not included in the wbinfo -g (or
getent group) listings?

$ wbinfo -s S-1-5-21-1563037056-1694922919-879972363-1177
FAIRFIELD+cadread 4

$ wbinfo -s S-1-5-21-1563037056-1694922919-879972363-1176
FAIRFIELD+Cadcreate 4

=================================================Output from from winbindd -d
100 -i
=================================================
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l->u = True) (u->l = True)
Adding chars 0xa0 0xb5 (l->u = True) (u->l = True)
Adding chars 0x83 0xb6 (l->u = True) (u->l = True)
Adding chars 0xc6 0xc7 (l->u = True) (u->l = True)
Adding chars 0x84 0x8e (l->u = True) (u->l = True)
Adding chars 0x86 0x8f (l->u = True) (u->l = True)
Adding chars 0x91 0x92 (l->u = True) (u->l = True)
Adding chars 0x87 0x80 (l->u = True) (u->l = True)
Adding chars 0x8a 0xd4 (l->u = True) (u->l = True)
Adding chars 0x82 0x90 (l->u = True) (u->l = True)
Adding chars 0x88 0xd2 (l->u = True) (u->l = True)
Adding chars 0x89 0xd3 (l->u = True) (u->l = True)
Adding chars 0x8d 0xde (l->u = True) (u->l = True)
Adding chars 0xa1 0xd6 (l->u = True) (u->l = True)
Adding chars 0x8c 0xd7 (l->u = True) (u->l = True)
Adding chars 0x8b 0xd8 (l->u = True) (u->l = True)
Adding chars 0xd0 0xd1 (l->u = True) (u->l = True)
Adding chars 0xa4 0xa5 (l->u = True) (u->l = True)
Adding chars 0x95 0xe3 (l->u = True) (u->l = True)
Adding chars 0xa2 0xe0 (l->u = True) (u->l = True)
Adding chars 0x93 0xe2 (l->u = True) (u->l = True)
Adding chars 0xe4 0xe5 (l->u = True) (u->l = True)
Adding chars 0x94 0x99 (l->u = True) (u->l = True)
Adding chars 0x9b 0x9d (l->u = True) (u->l = True)
Adding chars 0x97 0xeb (l->u = True) (u->l = True)
Adding chars 0xa3 0xe9 (l->u = True) (u->l = True)
Adding chars 0x96 0xea (l->u = True) (u->l = True)
Adding chars 0x81 0x9a (l->u = True) (u->l = True)
Adding chars 0xec 0xed (l->u = True) (u->l = True)
Adding chars 0xe7 0xe8 (l->u = True) (u->l = True)
Adding chars 0x9c 0x0 (l->u = False) (u->l = False)
load_unicode_map: loading unicode map for codepage 850.
added interface ip=192.168.10.9 bcast=192.168.10.255 nmask=255.255.255.0
establishing connections
server: dc=, pwdb_init=0, lsa_hnd=0
resolve_lmhosts: Attempting lmhosts lookup for name FAIRFIELD<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
resolve_wins: Attempting wins lookup for name FAIRFIELD<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name FAIRFIELD<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=16103 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.27 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.27) port 137
nmb packet from 192.168.10.27(137) header: id=16103 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A1B
Got a positive name query response from 192.168.10.27 ( 192.168.10.27 )
read_udp_socket: lastip 192.168.10.21 lastport 137 read: 62
parse_nmb: packet id = 16103
Received a packet of len 62 from (192.168.10.21) port 137
nmb packet from 192.168.10.21(137) header: id=16103 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A15
Got a positive name query response from 192.168.10.21 ( 192.168.10.21 )
read_udp_socket: lastip 192.168.10.11 lastport 13485 read: 58
parse_nmb: packet id = 16103
Received a packet of len 58 from (192.168.10.11) port 13485
nmb packet from 192.168.10.11(13485) header: id=16103 opcode=WACK(7)
response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=10
    answers   0 char ..   hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.28) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 283
parse_nmb: packet id = 22354
Received a packet of len 283 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=22354 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
    answers   0 char .IMT_BDC           hex 09494D545F4244432020202020202020
    answers  10 char .D.IMT_BDC         hex 004400494D545F424443202020202020
    answers  20 char    D.FAIRFIELD     hex 2020204400464149524649454C442020
    answers  30 char     ...FAIRFIELD   hex 2020202000C400464149524649454C44
    answers  40 char       ...FAIRFIE   hex 2020202020201CC40046414952464945
    answers  50 char LD      ...IMT_B   hex 4C442020202020201EC400494D545F42
    answers  60 char DC        .D.ADM   hex 4443202020202020202003440041444D
    answers  70 char INISTRATOR  .D.I   hex 494E4953545241544F52202003440049
    answers  80 char Net~Services  ..   hex 4E65747E536572766963657320201CC4
    answers  90 char .IS~IMT_BDC.....   hex 0049537E494D545F4244430000000000
    answers  a0 char .D......I.......   hex 00440000A0C9ECD64900000000000000
    answers  b0 char ................   hex 00000000000000000000000000000000
    answers  c0 char ................   hex 00000000000000000000000000000000
    answers  d0 char .   hex 00
cli_init_creds: user  domain  flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: IMT_BDC
resolve_lmhosts: Attempting lmhosts lookup for name IMT_BDC<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
resolve_hosts: Attempting host lookup for name IMT_BDC<0x20>
resolve_wins: Attempting wins lookup for name IMT_BDC<0x20>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name IMT_BDC<0x20>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 21084
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=21084 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=300000
    answers   0 char `.....   hex 6000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.11 lastport 13488 read: 58
parse_nmb: packet id = 21084
Received a packet of len 58 from (192.168.10.11) port 13488
nmb packet from 192.168.10.11(13488) header: id=21084 opcode=WACK(7)
response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=10
    answers   0 char ..   hex 0100
cli_establish_connection: CADFILES<00> connecting to IMT_BDC<20>
(192.168.10.28) -  []
Connecting to 192.168.10.28 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(7,76)
write_socket(7,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(7,168)
write_socket(7,168) wrote 168
got smb length of 97
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=20480 (0x5000)
smb_vwv[12]=25538 (0x63C2)
smb_vwv[13]=30973 (0x78FD)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 2C 79 A6 1F D6 99 D6 2E  46 00 41 00 49 00 52 00  ,y...... F.A.I.R.
[010] 46 00 49 00 45 00 4C 00  44 00 00 00              F.I.E.L. D...
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=20480 (0x5000)
smb_vwv[12]=25538 (0x63C2)
smb_vwv[13]=30973 (0x78FD)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 2C 79 A6 1F D6 99 D6 2E  46 00 41 00 49 00 52 00  ,y...... F.A.I.R.
[010] 46 00 49 00 45 00 4C 00  44 00 00 00              F.I.E.L. D...
write_socket(7,92)
write_socket(7,92) wrote 92
got smb length of 130
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 4E 00 54 00 20 00 34  00 2E 00 30 00 00 00 4E  .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41  00 4E 00 20 00 4D 00 61  .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65  00 72 00 20 00 34 00 2E  .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  00                       .E.L.D.. .
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 4E 00 54 00 20 00 34  00 2E 00 30 00 00 00 4E  .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41  00 4E 00 20 00 4D 00 61  .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65  00 72 00 20 00 34 00 2E  .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  00                       .E.L.D.. .
write_socket(7,82)
write_socket(7,82) wrote 82
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00                              IPC.... 
write_socket(7,104)
write_socket(7,104) wrote 104
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=5632 (0x1600)
smb_vwv[3]=264 (0x108)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[816]: \PIPE\lsarpc
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB 
xW4.4... ...#Eg..
[010] 00 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60 
.]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 00
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0048
    000a auth_len  : 0000
    000c call_id   : 00000001
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        0020 data   : 12345778
        0024 data   : 1234
        0026 data   : abcd
        0028 data   : ef 00 01 23 45 67 89 ab 
        0030 version: 00000000
    000034 smb_io_rpc_iface 
        0034 data   : 8a885d04
        0038 data   : 1ceb
        003a data   : 11c9
        003c data   : 9f e8 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:816
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48  00 00 00 01 00 00 00 30  .......H .......0
[020] 16 30 16 00 00 00 00 01  00 00 00 00 00 01 00 78  .0...... .......x
[030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00                              .H`.... 
write_socket(7,158)
write_socket(7,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  H....... .D......
[010] 00 30 16 30 16 CA 9D 00  00 0C 00 5C 50 49 50 45  .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 14  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  H....... .D......
[010] 00 30 16 30 16 CA 9D 00  00 0C 00 5C 50 49 50 45  .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 14  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0044
    000a auth_len  : 0000
    000c call_id   : 00000001
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00009dca
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        0030 data   : 8a885d04
        0034 data   : 1ceb
        0036 data   : 11c9
        0038 data   : 9f e8 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_open_pol: attr:0 da:33554432
init_lsa_obj_attr
000000 lsa_io_q_open_pol 
    0000 ptr       : 00000001
    0004 system_name: 005c
    000008 lsa_io_obj_attr 
        0008 len         : 00000018
        000c ptr_root_dir: 00000000
        0010 ptr_obj_name: 00000000
        0014 attributes  : 00000000
        0018 ptr_sec_desc: 00000000
        001c ptr_sec_qos : 00000000
    0020 des_access: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x6 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 003c
    000a auth_len  : 0000
    000c call_id   : 00000002
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000002c
    0014 context_id: 0000
    0016 opnum     : 0006
data_len: 3c data_calc_len: 3c
rpc_api_pipe: cmd:26 fnum:816
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C  00 00 00 02 00 00 00 2C  .......< .......,
[020] 00 00 00 00 00 06 00 01  00 00 00 5C 00 00 00 18  ........ ...\....
[030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[040] 00 00 00 00 00 00 00 00  00 00 02                 ........ ...
write_socket(7,146)
write_socket(7,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  <....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 42 88 78  ........ .....B.x
[020] FE 56 E6 2C 4F A3 DB B6  20 4E FC E2 08 00 00 00  .V.,O...  N......
[030] 00                                                . 
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  <....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 42 88 78  ........ .....B.x
[020] FE 56 E6 2C 4F A3 DB B6  20 4E FC E2 08 00 00 00  .V.,O...  N......
[030] 00                                                . 
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 00000002
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_open_pol 
    000018 smb_io_pol_hnd 
        0018 data1: 00000000
        001c data2: fe788842
        0020 data3: e656
        0022 data4: 4f2c
        0024 data5: a3 db b6 20 4e fc e2 08 
    002c status: 00000000
getting trusted domain list
adding trusted domain FAIRFIELD
init_q_enum_trust_dom
000000 lsa_io_q_enum_trust_dom 
    000000 smb_io_pol_hnd 
        0000 data1: 00000000
        0004 data2: fe788842
        0008 data3: e656
        000a data4: 4f2c
        000c data5: a3 db b6 20 4e fc e2 08 
    0014 enum_context : 00000000
    0018 preferred_len: ffffffff
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xd data_len: 0x34
create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0034
    000a auth_len  : 0000
    000c call_id   : 00000003
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000024
    0014 context_id: 0000
    0016 opnum     : 000d
data_len: 34 data_calc_len: 34
rpc_api_pipe: cmd:26 fnum:816
size=134
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=52 (0x34)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=52 (0x34)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=67
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 34  00 00 00 03 00 00 00 24  .......4 .......$
[020] 00 00 00 00 00 0D 00 00  00 00 00 42 88 78 FE 56  ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E  FC E2 08 00 00 00 00 FF  .,O... N ........
[040] FF FF FF                                          ... 
write_socket(7,138)
write_socket(7,138) wrote 138
got smb length of 108
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00  00 70 00 00 00 03 00 00  4....... .p......
[010] 00 58 00 00 00 00 00 00  00 01 00 00 00 01 00 00  .X...... ........
[020] 00 F0 CF 42 0F 01 00 00  00 10 00 10 00 B8 AB 45  ...B.... .......E
[030] 0F C8 F5 19 00                                    ..... 
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00  00 70 00 00 00 03 00 00  4....... .p......
[010] 00 58 00 00 00 00 00 00  00 01 00 00 00 01 00 00  .X...... ........
[020] 00 F0 CF 42 0F 01 00 00  00 10 00 10 00 B8 AB 45  ...B.... .......E
[030] 0F C8 F5 19 00                                    ..... 
rpc_check_hdr: rdata->data_size = 52
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0070
    000a auth_len  : 0000
    000c call_id   : 00000003
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000058
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 60 smbtrans read: 52
rpc_read: data_to_read: 60 rdata offset: 52 extra_data_size: 60
rpc_read: grew buffer by 60 bytes to 112
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 120
size=120
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=60 (0x3C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=61
[000] 03 08 00 00 00 00 00 00  00 08 00 00 00 49 00 4E  ........ .....I.N
[010] 00 54 00 45 00 52 00 4D  00 45 00 43 00 04 00 00  .T.E.R.M .E.C....
[020] 00 01 04 00 00 00 00 00  05 15 00 00 00 1D 66 1A  ........ ......f.
[030] 05 F8 19 A0 50 AB 15 05  2D 00 00 00 00           ....P... -....
rpc_read: num_read = 60, read offset: 0, to read: 60
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_enum_trust_dom 
    0018 enum_context    : 00000001
    001c num_domains     : 00000001
    0020 ptr_enum_domains: 0f42cff0
    0024 num_domains2: 00000001
    000028 smb_io_unihdr2 
        000028 smb_io_unihdr hdr
            0028 uni_str_len: 0010
            002a uni_max_len: 0010
            002c buffer     : 0f45abb8
        0030 buffer: 0019f5c8
    000034 smb_io_unistr2 
        0034 uni_max_len: 00000008
        0038 undoc      : 00000000
        003c uni_str_len: 00000008
        0040 buffer     : I.N.T.E.R.M.E.C.
    000050 smb_io_dom_sid2 
        0050 num_auths: 00000004
        000054 smb_io_dom_sid sid
            0054 sid_rev_num: 01
            0055 num_auths  : 04
            0056 id_auth[0] : 00
            0057 id_auth[1] : 00
            0058 id_auth[2] : 00
            0059 id_auth[3] : 00
            005a id_auth[4] : 00
            005b id_auth[5] : 05
            005c sub_auths : 00000015 051a661d 50a019f8 2d0515ab 
    006c status: 00000000
adding trusted domain INTERMEC
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
accepted socket 10
[17006]: list groups
checking domain handles for domain INTERMEC
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
opening sam handles
Getting domain info for domain INTERMEC
looking up sid for domain INTERMEC
resolve_lmhosts: Attempting lmhosts lookup for name INTERMEC<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
resolve_wins: Attempting wins lookup for name INTERMEC<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name INTERMEC<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.12 lastport 137 read: 62
parse_nmb: packet id = 3242
Received a packet of len 62 from (192.168.10.12) port 137
nmb packet from 192.168.10.12(137) header: id=3242 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=INTERMEC<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A0C
Got a positive name query response from 192.168.10.12 ( 192.168.10.12 )
read_udp_socket: lastip 192.168.10.11 lastport 13501 read: 58
parse_nmb: packet id = 3242
Received a packet of len 58 from (192.168.10.11) port 13501
nmb packet from 192.168.10.11(13501) header: id=3242 opcode=WACK(7) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=INTERMEC<1c> rr_type=32 rr_class=1 ttl=10
    answers   0 char ..   hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.12) on port 137
read_udp_socket: lastip 192.168.10.11 lastport 13508 read: 56
parse_nmb: packet id = 3242
Received a packet of len 56 from (192.168.10.11) port 13508
Sending a packet of len 50 to (192.168.10.12) on port 137
Could not resolve domain controller for domain INTERMEC
could not find sid for domain INTERMEC
checking domain handles for domain FAIRFIELD
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
opening sam handles
Getting domain info for domain FAIRFIELD
looking up sid for domain FAIRFIELD
resolve_lmhosts: Attempting lmhosts lookup for name FAIRFIELD<0x1c>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
resolve_wins: Attempting wins lookup for name FAIRFIELD<0x1c>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name FAIRFIELD<0x1c>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=8567 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.27 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.27) port 137
nmb packet from 192.168.10.27(137) header: id=8567 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A1B
Got a positive name query response from 192.168.10.27 ( 192.168.10.27 )
read_udp_socket: lastip 192.168.10.21 lastport 137 read: 62
parse_nmb: packet id = 8567
Received a packet of len 62 from (192.168.10.21) port 137
nmb packet from 192.168.10.21(137) header: id=8567 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A80A15
Got a positive name query response from 192.168.10.21 ( 192.168.10.21 )
read_udp_socket: lastip 192.168.10.11 lastport 13509 read: 58
parse_nmb: packet id = 8567
Received a packet of len 58 from (192.168.10.11) port 13509
nmb packet from 192.168.10.11(13509) header: id=8567 opcode=WACK(7) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=FAIRFIELD<1c> rr_type=32 rr_class=1 ttl=10
    answers   0 char ..   hex 0100
bind succeeded on port 0
Sending a packet of len 50 to (192.168.10.28) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 283
parse_nmb: packet id = 10272
Received a packet of len 283 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=10272 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
    answers   0 char .IMT_BDC           hex 09494D545F4244432020202020202020
    answers  10 char .D.IMT_BDC         hex 004400494D545F424443202020202020
    answers  20 char    D.FAIRFIELD     hex 2020204400464149524649454C442020
    answers  30 char     ...FAIRFIELD   hex 2020202000C400464149524649454C44
    answers  40 char       ...FAIRFIE   hex 2020202020201CC40046414952464945
    answers  50 char LD      ...IMT_B   hex 4C442020202020201EC400494D545F42
    answers  60 char DC        .D.ADM   hex 4443202020202020202003440041444D
    answers  70 char INISTRATOR  .D.I   hex 494E4953545241544F52202003440049
    answers  80 char Net~Services  ..   hex 4E65747E536572766963657320201CC4
    answers  90 char .IS~IMT_BDC.....   hex 0049537E494D545F4244430000000000
    answers  a0 char .D......I.......   hex 00440000A0C9ECD64900000000000000
    answers  b0 char ................   hex 00000000000000000000000000000000
    answers  c0 char ................   hex 00000000000000000000000000000000
    answers  d0 char .   hex 00
init_q_query
000000 lsa_io_q_query 
    000000 smb_io_pol_hnd 
        0000 data1: 00000000
        0004 data2: fe788842
        0008 data3: e656
        000a data4: 4f2c
        000c data5: a3 db b6 20 4e fc e2 08 
    0014 info_class: 0005
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x7 data_len: 0x2e
create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 002e
    000a auth_len  : 0000
    000c call_id   : 00000004
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000001e
    0014 context_id: 0000
    0016 opnum     : 0007
data_len: 2e data_calc_len: 2e
rpc_api_pipe: cmd:26 fnum:816
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=46 (0x2E)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=46 (0x2E)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=61
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2E  00 00 00 04 00 00 00 1E  ........ ........
[020] 00 00 00 00 00 07 00 00  00 00 00 42 88 78 FE 56  ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E  FC E2 08 05 00           .,O... N .....
write_socket(7,132)
write_socket(7,132) wrote 132
got smb length of 102
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 2E 05 00 02 03 10 00 00  00 6C 00 00 00 04 00 00  ........ .l......
[010] 00 54 00 00 00 00 00 00  00 20 CA 15 00 05 00 00  .T...... . ......
[020] 00 12 00 14 00 C8 F5 19  00 10 45 1D 00 0A 00     ........ ..E....
size=102
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=46 (0x2E)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=46 (0x2E)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=47
[000] 2E 05 00 02 03 10 00 00  00 6C 00 00 00 04 00 00  ........ .l......
[010] 00 54 00 00 00 00 00 00  00 20 CA 15 00 05 00 00  .T...... . ......
[020] 00 12 00 14 00 C8 F5 19  00 10 45 1D 00 0A 00     ........ ..E....
rpc_check_hdr: rdata->data_size = 46
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 006c
    000a auth_len  : 0000
    000c call_id   : 00000004
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000054
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 62 smbtrans read: 46
rpc_read: data_to_read: 62 rdata offset: 46 extra_data_size: 62
rpc_read: grew buffer by 62 bytes to 108
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 122
size=122
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=62 (0x3E)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=63
[000] 03 00 00 00 00 00 00 09  00 00 00 46 00 41 00 49  ........ ...F.A.I
[010] 00 52 00 46 00 49 00 45  00 4C 00 44 00 4D 00 04  .R.F.I.E .L.D.M..
[020] 00 00 00 01 04 00 00 00  00 00 05 15 00 00 00 80  ........ ........
[030] 0D 2A 5D A7 78 06 65 0B  50 73 34 00 00 00 00     .*].x.e. Ps4....
rpc_read: num_read = 62, read offset: 0, to read: 62
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_query 
    0018 undoc_buffer: 0015ca20
    001c info_class: 0005
    000020 lsa_io_dom_query 
        0020 uni_dom_max_len: 0012
        0022 uni_dom_str_len: 0014
        0024 buffer_dom_name: 0019f5c8
        0028 buffer_dom_sid : 001d4510
        00002c smb_io_unistr2 unistr2
            002c uni_max_len: 0000000a
            0030 undoc      : 00000000
            0034 uni_str_len: 00000009
            0038 buffer     : F.A.I.R.F.I.E.L.D.
        00004c smb_io_dom_sid2 
            004c num_auths: 00000004
            000050 smb_io_dom_sid sid
                0050 sid_rev_num: 01
                0051 num_auths  : 04
                0052 id_auth[0] : 00
                0053 id_auth[1] : 00
                0054 id_auth[2] : 00
                0055 id_auth[3] : 00
                0056 id_auth[4] : 00
                0057 id_auth[5] : 05
                0058 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 
    0068 status: 00000000
found sid S-1-5-21-1563037056-1694922919-879972363 for domain FAIRFIELD
cli_init_creds: user  domain  flgs: 0
ntlmssp_cli_flgs:0
resolve_srv_name: IMT_BDC
resolve_lmhosts: Attempting lmhosts lookup for name IMT_BDC<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
resolve_hosts: Attempting host lookup for name IMT_BDC<0x20>
resolve_wins: Attempting wins lookup for name IMT_BDC<0x20>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name IMT_BDC<0x20>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.10.255) on port 137
read_udp_socket: lastip 192.168.10.28 lastport 137 read: 62
parse_nmb: packet id = 16379
Received a packet of len 62 from (192.168.10.28) port 137
nmb packet from 192.168.10.28(137) header: id=16379 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=300000
    answers   0 char `.....   hex 6000C0A80A1C
Got a positive name query response from 192.168.10.28 ( 192.168.10.28 )
read_udp_socket: lastip 192.168.10.11 lastport 13512 read: 58
parse_nmb: packet id = 16379
Received a packet of len 58 from (192.168.10.11) port 13512
nmb packet from 192.168.10.11(13512) header: id=16379 opcode=WACK(7)
response=Yes
    header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=IMT_BDC<20> rr_type=32 rr_class=1 ttl=10
    answers   0 char ..   hex 0100
cli_establish_connection: CADFILES<00> connecting to IMT_BDC<20>
(192.168.10.28) -  []
Connecting to 192.168.10.28 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(11,76)
write_socket(11,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
write_socket(11,168)
write_socket(11,168) wrote 168
got smb length of 97
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=15872 (0x3E00)
smb_vwv[12]=13717 (0x3595)
smb_vwv[13]=30982 (0x7906)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 0B 2D E3 79 20 8E 2C 10  46 00 41 00 49 00 52 00  .-.y .,. F.A.I.R.
[010] 46 00 49 00 45 00 4C 00  44 00 00 00              F.I.E.L. D...
size=97
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=17005
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=17 (0x11)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=67 (0x43)
smb_vwv[11]=15872 (0x3E00)
smb_vwv[12]=13717 (0x3595)
smb_vwv[13]=30982 (0x7906)
smb_vwv[14]=49513 (0xC169)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=28
[000] 0B 2D E3 79 20 8E 2C 10  46 00 41 00 49 00 52 00  .-.y .,. F.A.I.R.
[010] 46 00 49 00 45 00 4C 00  44 00 00 00              F.I.E.L. D...
write_socket(11,92)
write_socket(11,92) wrote 92
got smb length of 130
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 4E 00 54 00 20 00 34  00 2E 00 30 00 00 00 4E  .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41  00 4E 00 20 00 4D 00 61  .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65  00 72 00 20 00 34 00 2E  .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  00                       .E.L.D.. .
size=130
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=0
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=130 (0x82)
smb_vwv[2]=0 (0x0)
smb_bcc=89
[000] 00 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 
[010] 00 4E 00 54 00 20 00 34  00 2E 00 30 00 00 00 4E  .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41  00 4E 00 20 00 4D 00 61  .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65  00 72 00 20 00 34 00 2E  .n.a.g.e .r. .4..
[040] 00 30 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .0...F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  00                       .E.L.D.. .
write_socket(11,82)
write_socket(11,82) wrote 82
got smb length of 48
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=1 (0x1)
smb_bcc=7
[000] 49 50 43 00 00 00 00                              IPC.... 
write_socket(11,100)
write_socket(11,100) wrote 100
got smb length of 103
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=34
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=103 (0x67)
smb_vwv[2]=2560 (0xA00)
smb_vwv[3]=264 (0x108)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=16 (0x10)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0
Bind RPC Pipe[80a]: \PIPE\samr
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AC 
xW4.4... ...#Eg..
[010] 01 00 00 00                                       .... 
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60 
.]...... ....+.H`
[010] 02 00 00 00                                       .... 
000000 smb_io_rpc_hdr hdr
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0b
    0003 flags     : 00
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0048
    000a auth_len  : 0000
    000c call_id   : 00000005
000010 smb_io_rpc_hdr_rb 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00000000
    0018 num_elements: 00000001
    001c context_id  : 0000
    001e num_syntaxes: 01
    00001f smb_io_rpc_iface 
        0020 data   : 12345778
        0024 data   : 1234
        0026 data   : abcd
        0028 data   : ef 00 01 23 45 67 89 ac 
        0030 version: 00000001
    000034 smb_io_rpc_iface 
        0034 data   : 8a885d04
        0038 data   : 1ceb
        003a data   : 11c9
        003c data   : 9f e8 08 00 2b 10 48 60 
        0044 version: 00000002
rpc_api_pipe: cmd:26 fnum:80a
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=72 (0x48)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=72 (0x48)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=72 (0x48)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=87
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 0B 00 10 00 00 00 48  00 00 00 05 00 00 00 30  .......H .......0
[020] 16 30 16 00 00 00 00 01  00 00 00 00 00 01 00 78  .0...... .......x
[030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AC 01  W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
[050] 10 48 60 02 00 00 00                              .H`.... 
write_socket(11,158)
write_socket(11,158) wrote 158
got smb length of 124
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 05 00 00  H....... .D......
[010] 00 30 16 30 16 CE 9D 00  00 0C 00 5C 50 49 50 45  .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=68 (0x44)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=68 (0x44)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=69
[000] 48 05 00 0C 03 10 00 00  00 44 00 00 00 05 00 00  H....... .D......
[010] 00 30 16 30 16 CE 9D 00  00 0C 00 5C 50 49 50 45  .0.0.... ...\PIPE
[020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
[040] 60 02 00 00 00                                    `.... 
rpc_check_hdr: rdata->data_size = 68
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 0c
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0044
    000a auth_len  : 0000
    000c call_id   : 00000005
rpc_api_pipe: len left: 0 smbtrans read: 68
rpc_api_pipe: fragment first and last both set
rpc_pipe_bind: rpc_api_pipe returned OK.
000010 smb_io_rpc_hdr_ba 
    000010 smb_io_rpc_hdr_bba 
        0010 max_tsize: 1630
        0012 max_rsize: 1630
        0014 assoc_gid: 00009dce
    000018 smb_io_rpc_addr_str 
        0018 len: 000c
        001a str: \PIPE\lsass.
    000026 smb_io_rpc_results 
        0028 num_results: 01
        002c result     : 0000
        002e reason     : 0000
    000030 smb_io_rpc_iface 
        0030 data   : 8a885d04
        0034 data   : 1ceb
        0036 data   : 11c9
        0038 data   : 9f e8 08 00 2b 10 48 60 
        0040 version: 00000002
bind_rpc_pipe: server pipe_name found: \PIPE\lsass
bind_rpc_pipe: accepted!
init_samr_q_connect
000000 samr_io_q_connect 
    0000 ptr_srv_name: 00000001
    000004 smb_io_unistr2 
        0004 uni_max_len: 00000008
        0008 undoc      : 00000000
        000c uni_str_len: 00000008
        0010 buffer     : I.M.T._.B.D.C...
    0020 access_mask: 02000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x39 data_len: 0x3c
create_rpc_request: data_len: 3c auth_len: 0 alloc_hint: 2c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 003c
    000a auth_len  : 0000
    000c call_id   : 00000006
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000002c
    0014 context_id: 0000
    0016 opnum     : 0039
data_len: 3c data_calc_len: 3c
rpc_api_pipe: cmd:26 fnum:80a
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=60 (0x3C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=60 (0x3C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=60 (0x3C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=75
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C  00 00 00 06 00 00 00 2C  .......< .......,
[020] 00 00 00 00 00 39 00 01  00 00 00 08 00 00 00 00  .....9.. ........
[030] 00 00 00 08 00 00 00 49  00 4D 00 54 00 5F 00 42  .......I .M.T._.B
[040] 00 44 00 43 00 00 00 00  00 00 02                 .D.C.... ...
write_socket(11,146)
write_socket(11,146) wrote 146
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00  00 30 00 00 00 06 00 00  <....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 21 9B B9  ........ .....!..
[020] D1 2E 43 CD 4D B2 22 94  E4 4F B2 71 C6 00 00 00  ..C.M.". .O.q....
[030] 00                                                . 
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 3C 05 00 02 03 10 00 00  00 30 00 00 00 06 00 00  <....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 21 9B B9  ........ .....!..
[020] D1 2E 43 CD 4D B2 22 94  E4 4F B2 71 C6 00 00 00  ..C.M.". .O.q....
[030] 00                                                . 
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 00000006
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_connect 
    000018 smb_io_pol_hnd connect_pol
        0018 data1: 00000000
        001c data2: d1b99b21
        0020 data3: 432e
        0022 data4: 4dcd
        0024 data5: b2 22 94 e4 4f b2 71 c6 
    002c status: 00000000
samr_init_samr_q_open_domain
000000 samr_io_q_open_domain 
    000000 smb_io_pol_hnd pol
        0000 data1: 00000000
        0004 data2: d1b99b21
        0008 data3: 432e
        000a data4: 4dcd
        000c data5: b2 22 94 e4 4f b2 71 c6 
    0014 flags: 02000000
    000018 smb_io_dom_sid2 sid
        0018 num_auths: 00000004
        00001c smb_io_dom_sid sid
            001c sid_rev_num: 01
            001d num_auths  : 04
            001e id_auth[0] : 00
            001f id_auth[1] : 00
            0020 id_auth[2] : 00
            0021 id_auth[3] : 00
            0022 id_auth[4] : 00
            0023 id_auth[5] : 05
            0024 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0x7 data_len: 0x4c
create_rpc_request: data_len: 4c auth_len: 0 alloc_hint: 3c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 004c
    000a auth_len  : 0000
    000c call_id   : 00000007
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000003c
    0014 context_id: 0000
    0016 opnum     : 0007
data_len: 4c data_calc_len: 4c
rpc_api_pipe: cmd:26 fnum:80a
size=158
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=76 (0x4C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=76 (0x4C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=76 (0x4C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=91
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 4C  00 00 00 07 00 00 00 3C  .......L .......<
[020] 00 00 00 00 00 07 00 00  00 00 00 21 9B B9 D1 2E  ........ ...!....
[030] 43 CD 4D B2 22 94 E4 4F  B2 71 C6 00 00 00 02 04  C.M."..O .q......
[040] 00 00 00 01 04 00 00 00  00 00 05 15 00 00 00 80  ........ ........
[050] 0D 2A 5D A7 78 06 65 0B  50 73 34                 .*].x.e. Ps4
write_socket(11,162)
write_socket(11,162) wrote 162
got smb length of 104
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 4C 05 00 02 03 10 00 00  00 30 00 00 00 07 00 00  L....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 13 BC 15  ........ ........
[020] 22 4E 3D F4 4C 9F 0F 69  B7 26 98 D3 0F 00 00 00  "N=.L..i
.&......
[030] 00                                                . 
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=48 (0x30)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=48 (0x30)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=49
[000] 4C 05 00 02 03 10 00 00  00 30 00 00 00 07 00 00  L....... .0......
[010] 00 18 00 00 00 00 00 00  00 00 00 00 00 13 BC 15  ........ ........
[020] 22 4E 3D F4 4C 9F 0F 69  B7 26 98 D3 0F 00 00 00  "N=.L..i
.&......
[030] 00                                                . 
rpc_check_hdr: rdata->data_size = 48
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0030
    000a auth_len  : 0000
    000c call_id   : 00000007
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 00000018
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 0 smbtrans read: 48
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_open_domain 
    000018 smb_io_pol_hnd domain_pol
        0018 data1: 00000000
        001c data2: 2215bc13
        0020 data3: 3d4e
        0022 data4: 4cf4
        0024 data5: 9f 0f 69 b7 26 98 d3 0f 
    002c status: 00000000
init_samr_q_enum_dom_groups
000000 samr_io_q_enum_dom_groups 
    000000 smb_io_pol_hnd pol
        0000 data1: 00000000
        0004 data2: 2215bc13
        0008 data3: 3d4e
        000a data4: 4cf4
        000c data5: 9f 0f 69 b7 26 98 d3 0f 
    0014 start_idx: 00000000
    0018 max_size : 00008000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xb data_len: 0x34
create_rpc_request: data_len: 34 auth_len: 0 alloc_hint: 24
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 0034
    000a auth_len  : 0000
    000c call_id   : 00000008
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 00000024
    0014 context_id: 0000
    0016 opnum     : 000b
data_len: 34 data_calc_len: 34
rpc_api_pipe: cmd:26 fnum:80a
size=134
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=52 (0x34)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=52 (0x34)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2058 (0x80A)
smb_bcc=67
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 34  00 00 00 08 00 00 00 24  .......4 .......$
[020] 00 00 00 00 00 0B 00 00  00 00 00 13 BC 15 22 4E  ........ ......"N
[030] 3D F4 4C 9F 0F 69 B7 26  98 D3 0F 00 00 00 00 00  =.L..i.& ........
[040] 80 00 00                                          ... 
write_socket(11,138)
write_socket(11,138) wrote 138
got smb length of 108
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00  00 C0 01 00 00 08 00 00  4....... ........
[010] 00 A8 01 00 00 00 00 00  00 08 00 00 00 18 2A 17  ........ ......*.
[020] 00 08 00 00 00 78 A5 14  00 08 00 00 00 00 02 00  .....x.. ........
[030] 00 1A 00 20 00                                    ... . 
size=108
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 34 05 00 02 03 10 00 00  00 C0 01 00 00 08 00 00  4....... ........
[010] 00 A8 01 00 00 00 00 00  00 08 00 00 00 18 2A 17  ........ ......*.
[020] 00 08 00 00 00 78 A5 14  00 08 00 00 00 00 02 00  .....x.. ........
[030] 00 1A 00 20 00                                    ... . 
rpc_check_hdr: rdata->data_size = 52
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 01c0
    000a auth_len  : 0000
    000c call_id   : 00000008
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 000001a8
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 396 smbtrans read: 52
rpc_read: data_to_read: 396 rdata offset: 52 extra_data_size: 396
rpc_read: grew buffer by 396 bytes to 448
write_socket(11,59)
write_socket(11,59) wrote 59
got smb length of 456
size=456
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4101
smb_pid=17005
smb_uid=2051
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=396 (0x18C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=397
[000] 03 C0 64 1C 00 02 02 00  00 1A 00 20 00 28 66 1C  ..d..... ... .(f.
[010] 00 01 02 00 00 18 00 20  00 20 64 1C 00 6B 04 00  .......  . d..k..
[020] 00 08 00 20 00 C8 63 1C  00 FA 03 00 00 32 00 32  ... ..c. .....2.2
[030] 00 A8 AF 1C 00 1A 05 00  00 14 00 20 00 70 63 1C  ........ ... .pc.
[040] 00 F0 03 00 00 06 00 20  00 48 63 1C 00 AB 05 00  .......  .Hc.....
[050] 00 22 00 22 00 C0 62 1C  00 10 00 00 00 00 00 00  ."."..b.
........
[060] 00 0D 00 00 00 44 00 6F  00 6D 00 61 00 69 00 6E  .....D.o .m.a.i.n
[070] 00 20 00 41 00 64 00 6D  00 69 00 6E 00 73 00 00  . .A.d.m .i.n.s..
[080] 00 10 00 00 00 00 00 00  00 0D 00 00 00 44 00 6F  ........ .....D.o
[090] 00 6D 00 61 00 69 00 6E  00 20 00 47 00 75 00 65  .m.a.i.n . .G.u.e
[0A0] 00 73 00 74 00 73 00 9A  BF 10 00 00 00 00 00 00  .s.t.s.. ........
[0B0] 00 0C 00 00 00 44 00 6F  00 6D 00 61 00 69 00 6E  .....D.o .m.a.i.n
[0C0] 00 20 00 55 00 73 00 65  00 72 00 73 00 10 00 00  . .U.s.e .r.s....
[0D0] 00 00 00 00 00 04 00 00  00 4D 00 49 00 53 00 32  ........ .M.I.S.2
[0E0] 00 19 00 00 00 00 00 00  00 19 00 00 00 4D 00 54  ........ .....M.T
[0F0] 00 53 00 20 00 54 00 72  00 75 00 73 00 74 00 65  .S. .T.r .u.s.t.e
[100] 00 64 00 20 00 49 00 6D  00 70 00 65 00 72 00 73  .d. .I.m .p.e.r.s
[110] 00 6F 00 6E 00 61 00 74  00 6F 00 72 00 73 00 30  .o.n.a.t .o.r.s.0
[120] C6 10 00 00 00 00 00 00  00 0A 00 00 00 50 00 75  ........ .....P.u
[130] 00 72 00 63 00 68 00 61  00 73 00 69 00 6E 00 67  .r.c.h.a .s.i.n.g
[140] 00 10 00 00 00 00 00 00  00 03 00 00 00 52 00 41  ........ .....R.A
[150] 00 53 00 14 00 11 00 00  00 00 00 00 00 11 00 00  .S...... ........
[160] 00 53 00 4D 00 53 00 49  00 6E 00 74 00 65 00 72  .S.M.S.I .n.t.e.r
[170] 00 6E 00 61 00 6C 00 43  00 6C 00 69 00 47 00 72  .n.a.l.C .l.i.G.r
[180] 00 70 00 00 00 08 00 00  00 00 00 00 00           .p...... .....
rpc_read: num_read = 396, read offset: 0, to read: 396
rpc_api_pipe: fragment first and last both set
000018 samr_io_r_enum_dom_groups 
    0018 next_idx    : 00000008
    001c ptr_entries1: 00172a18
    0020 num_entries2: 00000008
    0024 ptr_entries2: 0014a578
    0028 num_entries3: 00000008
    00002c sam_io_sam_entry 
        002c rid: 00000200
        000030 smb_io_unihdr unihdr
            0030 uni_str_len: 001a
            0032 uni_max_len: 0020
            0034 buffer     : 001c64c0
    000038 sam_io_sam_entry 
        0038 rid: 00000202
        00003c smb_io_unihdr unihdr
            003c uni_str_len: 001a
            003e uni_max_len: 0020
            0040 buffer     : 001c6628
    000044 sam_io_sam_entry 
        0044 rid: 00000201
        000048 smb_io_unihdr unihdr
            0048 uni_str_len: 0018
            004a uni_max_len: 0020
            004c buffer     : 001c6420
    000050 sam_io_sam_entry 
        0050 rid: 0000046b
        000054 smb_io_unihdr unihdr
            0054 uni_str_len: 0008
            0056 uni_max_len: 0020
            0058 buffer     : 001c63c8
    00005c sam_io_sam_entry 
        005c rid: 000003fa
        000060 smb_io_unihdr unihdr
            0060 uni_str_len: 0032
            0062 uni_max_len: 0032
            0064 buffer     : 001cafa8
    000068 sam_io_sam_entry 
        0068 rid: 0000051a
        00006c smb_io_unihdr unihdr
            006c uni_str_len: 0014
            006e uni_max_len: 0020
            0070 buffer     : 001c6370
    000074 sam_io_sam_entry 
        0074 rid: 000003f0
        000078 smb_io_unihdr unihdr
            0078 uni_str_len: 0006
            007a uni_max_len: 0020
            007c buffer     : 001c6348
    000080 sam_io_sam_entry 
        0080 rid: 000005ab
        000084 smb_io_unihdr unihdr
            0084 uni_str_len: 0022
            0086 uni_max_len: 0022
            0088 buffer     : 001c62c0
    00008c smb_io_unistr2 
        008c uni_max_len: 00000010
        0090 undoc      : 00000000
        0094 uni_str_len: 0000000d
        0098 buffer     : D.o.m.a.i.n. .A.d.m.i.n.s.
    0000b2 smb_io_unistr2 
        00b4 uni_max_len: 00000010
        00b8 undoc      : 00000000
        00bc uni_str_len: 0000000d
        00c0 buffer     : D.o.m.a.i.n. .G.u.e.s.t.s.
    0000da smb_io_unistr2 
        00dc uni_max_len: 00000010
        00e0 undoc      : 00000000
        00e4 uni_str_len: 0000000c
        00e8 buffer     : D.o.m.a.i.n. .U.s.e.r.s.
    000100 smb_io_unistr2 
        0100 uni_max_len: 00000010
        0104 undoc      : 00000000
        0108 uni_str_len: 00000004
        010c buffer     : M.I.S.2.
    000114 smb_io_unistr2 
        0114 uni_max_len: 00000019
        0118 undoc      : 00000000
        011c uni_str_len: 00000019
        0120 buffer     : M.T.S. .T.r.u.s.t.e.d. .I.m.p.e.r.s.o.n.a.t.o.r.s.
    000152 smb_io_unistr2 
        0154 uni_max_len: 00000010
        0158 undoc      : 00000000
        015c uni_str_len: 0000000a
        0160 buffer     : P.u.r.c.h.a.s.i.n.g.
    000174 smb_io_unistr2 
        0174 uni_max_len: 00000010
        0178 undoc      : 00000000
        017c uni_str_len: 00000003
        0180 buffer     : R.A.S.
    000186 smb_io_unistr2 
        0188 uni_max_len: 00000011
        018c undoc      : 00000000
        0190 uni_str_len: 00000011
        0194 buffer     : S.M.S.I.n.t.e.r.n.a.l.C.l.i.G.r.p.
    01b8 num_entries4: 00000008
    01bc status: 00000000
read failed on sock 10, pid 17006: EOF
accepted socket 10
establishing connections
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
[17008]: lookupsid S-1-5-21-1563037056-1694922919-879972363-1177
string_to_sid: converted SID S-1-5-21-1563037056-1694922919-879972363-1177 ok
init_r_enum_trust_dom
init_lsa_sid_enum
000000 lsa_io_q_lookup_sids 
    000000 smb_io_pol_hnd pol_hnd
        0000 data1: 00000000
        0004 data2: fe788842
        0008 data3: e656
        000a data4: 4f2c
        000c data5: a3 db b6 20 4e fc e2 08 
    000014 lsa_io_sid_enum sids   
        0014 num_entries : 00000001
        0018 ptr_sid_enum: 00000001
        001c num_entries2: 00000001
        0020 ptr_sid[0]: 00000001
        000024 smb_io_dom_sid2 sid[0]
            0024 num_auths: 00000005
            000028 smb_io_dom_sid sid
                0028 sid_rev_num: 01
                0029 num_auths  : 05
                002a id_auth[0] : 00
                002b id_auth[1] : 00
                002c id_auth[2] : 00
                002d id_auth[3] : 00
                002e id_auth[4] : 00
                002f id_auth[5] : 05
                0030 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 00000499 
    000044 lsa_io_trans_names names  
        0044 num_entries    : 00000000
        0048 ptr_trans_names: 00000000
    00004c smb_io_lookup_level switch 
        004c value: 0001
    0050 mapped_count: 00000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xf data_len: 0x6c
create_rpc_request: data_len: 6c auth_len: 0 alloc_hint: 5c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 006c
    000a auth_len  : 0000
    000c call_id   : 00000009
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000005c
    0014 context_id: 0000
    0016 opnum     : 000f
data_len: 6c data_calc_len: 6c
rpc_api_pipe: cmd:26 fnum:816
size=190
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=108 (0x6C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=108 (0x6C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=123
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 6C  00 00 00 09 00 00 00 5C  .......l .......\
[020] 00 00 00 00 00 0F 00 00  00 00 00 42 88 78 FE 56  ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E  FC E2 08 01 00 00 00 01  .,O... N ........
[040] 00 00 00 01 00 00 00 01  00 00 00 05 00 00 00 01  ........ ........
[050] 05 00 00 00 00 00 05 15  00 00 00 80 0D 2A 5D A7  ........ .....*].
[060] 78 06 65 0B 50 73 34 99  04 00 00 00 00 00 00 00  x.e.Ps4. ........
[070] 00 00 00 01 00 00 00 00  00 00 00                 ........ ...
write_socket(7,194)
write_socket(7,194) wrote 194
got smb length of 164
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00  00 B4 00 00 00 09 00 00  l....... ........
[010] 00 9C 00 00 00 00 00 00  00 50 0A 1B 00 01 00 00  ........ .P......
[020] 00 28 88 1A 00 20 00 00  00 01 00 00 00 12 00 14  .(... .. ........
[030] 00 B8 C0 15 00 10 00 1B  00 0A 00 00 00 00 00 00  ........ ........
[040] 00 09 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  05 04 00 00 00 01 04 00  .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00  00 80 0D 2A 5D           ........ ...*]
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00  00 B4 00 00 00 09 00 00  l....... ........
[010] 00 9C 00 00 00 00 00 00  00 50 0A 1B 00 01 00 00  ........ .P......
[020] 00 28 88 1A 00 20 00 00  00 01 00 00 00 12 00 14  .(... .. ........
[030] 00 B8 C0 15 00 10 00 1B  00 0A 00 00 00 00 00 00  ........ ........
[040] 00 09 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  05 04 00 00 00 01 04 00  .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00  00 80 0D 2A 5D           ........ ...*]
rpc_check_hdr: rdata->data_size = 108
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 00b4
    000a auth_len  : 0000
    000c call_id   : 00000009
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 0000009c
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 72 smbtrans read: 108
rpc_read: data_to_read: 72 rdata offset: 108 extra_data_size: 72
rpc_read: grew buffer by 72 bytes to 180
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 132
size=132
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=72 (0x48)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=73
[000] 03 A7 78 06 65 0B 50 73  34 01 00 00 00 F0 62 1C  ..x.e.Ps 4.....b.
[010] 00 01 00 00 00 04 00 00  00 0E 00 0E 00 28 21 1B  ........ .....(!.
[020] 00 00 00 00 00 07 00 00  00 00 00 00 00 07 00 00  ........ ........
[030] 00 63 00 61 00 64 00 72  00 65 00 61 00 64 00 6D  .c.a.d.r .e.a.d.m
[040] 00 01 00 00 00 00 00 00  00                       ........ .
rpc_read: num_read = 72, read offset: 0, to read: 72
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_sids 
    0018 ptr_dom_ref: 001b0a50
    00001c lsa_io_dom_r_ref dom_ref
        001c num_ref_doms_1: 00000001
        0020 ptr_ref_dom   : 001a8828
        0024 max_entries   : 00000020
        0028 num_ref_doms_2: 00000001
        00002c smb_io_unihdr dom_ref[0] 
            002c uni_str_len: 0012
            002e uni_max_len: 0014
            0030 buffer     : 0015c0b8
        0034 sid_ptr[0] : 001b0010
        000038 smb_io_unistr2 dom_ref[0] 
            0038 uni_max_len: 0000000a
            003c undoc      : 00000000
            0040 uni_str_len: 00000009
            0044 buffer     : F.A.I.R.F.I.E.L.D.
        000058 smb_io_dom_sid2 sid_ptr[0] 
            0058 num_auths: 00000004
            00005c smb_io_dom_sid sid
                005c sid_rev_num: 01
                005d num_auths  : 04
                005e id_auth[0] : 00
                005f id_auth[1] : 00
                0060 id_auth[2] : 00
                0061 id_auth[3] : 00
                0062 id_auth[4] : 00
                0063 id_auth[5] : 05
                0064 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 
    000074 lsa_io_trans_names names  
        0074 num_entries    : 00000001
        0078 ptr_trans_names: 001c62f0
        007c num_entries2   : 00000001
        000080 lsa_io_trans_name name[0] 
            0080 sid_name_use: 0004
            000084 smb_io_unihdr hdr_name
                0084 uni_str_len: 000e
                0086 uni_max_len: 000e
                0088 buffer     : 001b2128
            008c domain_idx  : 00000000
        000090 smb_io_unistr2 name[0] 
            0090 uni_max_len: 00000007
            0094 undoc      : 00000000
            0098 uni_str_len: 00000007
            009c buffer     : c.a.d.r.e.a.d.
    00ac mapped_count: 00000001
    00b0 status      : 00000000
read failed on sock 10, pid 17008: EOF
establishing connections
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
server: dc=IMT_BDC, pwdb_init=1, lsa_hnd=1
INTERMEC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0
FAIRFIELD: dc=IMT_BDC, got_sid=1, sam_hnd=1 sam_dom_hnd=1
accepted socket 10
[17009]: lookupsid S-1-5-21-1563037056-1694922919-879972363-1176
string_to_sid: converted SID S-1-5-21-1563037056-1694922919-879972363-1176 ok
init_r_enum_trust_dom
init_lsa_sid_enum
000000 lsa_io_q_lookup_sids 
    000000 smb_io_pol_hnd pol_hnd
        0000 data1: 00000000
        0004 data2: fe788842
        0008 data3: e656
        000a data4: 4f2c
        000c data5: a3 db b6 20 4e fc e2 08 
    000014 lsa_io_sid_enum sids   
        0014 num_entries : 00000001
        0018 ptr_sid_enum: 00000001
        001c num_entries2: 00000001
        0020 ptr_sid[0]: 00000001
        000024 smb_io_dom_sid2 sid[0]
            0024 num_auths: 00000005
            000028 smb_io_dom_sid sid
                0028 sid_rev_num: 01
                0029 num_auths  : 05
                002a id_auth[0] : 00
                002b id_auth[1] : 00
                002c id_auth[2] : 00
                002d id_auth[3] : 00
                002e id_auth[4] : 00
                002f id_auth[5] : 05
                0030 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 00000498 
    000044 lsa_io_trans_names names  
        0044 num_entries    : 00000000
        0048 ptr_trans_names: 00000000
    00004c smb_io_lookup_level switch 
        004c value: 0001
    0050 mapped_count: 00000000
rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....
create_rpc_request: opnum: 0xf data_len: 0x6c
create_rpc_request: data_len: 6c auth_len: 0 alloc_hint: 5c
000000 smb_io_rpc_hdr hdr    
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 00
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 006c
    000a auth_len  : 0000
    000c call_id   : 0000000a
000010 smb_io_rpc_hdr_req hdr_req
    0010 alloc_hint: 0000005c
    0014 context_id: 0000
    0016 opnum     : 000f
data_len: 6c data_calc_len: 6c
rpc_api_pipe: cmd:26 fnum:816
size=190
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=16
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=108 (0x6C)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=82 (0x52)
smb_vwv[11]=108 (0x6C)
smb_vwv[12]=82 (0x52)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2070 (0x816)
smb_bcc=123
[000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 6C  00 00 00 0A 00 00 00 5C  .......l .......\
[020] 00 00 00 00 00 0F 00 00  00 00 00 42 88 78 FE 56  ........ ...B.x.V
[030] E6 2C 4F A3 DB B6 20 4E  FC E2 08 01 00 00 00 01  .,O... N ........
[040] 00 00 00 01 00 00 00 01  00 00 00 05 00 00 00 01  ........ ........
[050] 05 00 00 00 00 00 05 15  00 00 00 80 0D 2A 5D A7  ........ .....*].
[060] 78 06 65 0B 50 73 34 98  04 00 00 00 00 00 00 00  x.e.Ps4. ........
[070] 00 00 00 01 00 00 00 00  00 00 00                 ........ ...
write_socket(7,194)
write_socket(7,194) wrote 194
got smb length of 164
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00  00 B8 00 00 00 0A 00 00  l....... ........
[010] 00 A0 00 00 00 00 00 00  00 C8 00 40 0F 01 00 00  ........ ...@....
[020] 00 28 88 1A 00 20 00 00  00 01 00 00 00 12 00 14  .(... .. ........
[030] 00 10 45 1D 00 C8 F5 19  00 0A 00 00 00 00 00 00  ..E..... ........
[040] 00 09 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  05 04 00 00 00 01 04 00  .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00  00 80 0D 2A 5D           ........ ...*]
size=164
smb_com=0x25
smb_rcls=1
smb_reh=0
smb_err=234
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=108 (0x6C)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=108 (0x6C)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=109
[000] 6C 05 00 02 03 10 00 00  00 B8 00 00 00 0A 00 00  l....... ........
[010] 00 A0 00 00 00 00 00 00  00 C8 00 40 0F 01 00 00  ........ ...@....
[020] 00 28 88 1A 00 20 00 00  00 01 00 00 00 12 00 14  .(... .. ........
[030] 00 10 45 1D 00 C8 F5 19  00 0A 00 00 00 00 00 00  ..E..... ........
[040] 00 09 00 00 00 46 00 41  00 49 00 52 00 46 00 49  .....F.A .I.R.F.I
[050] 00 45 00 4C 00 44 00 00  05 04 00 00 00 01 04 00  .E.L.D.. ........
[060] 00 00 00 00 05 15 00 00  00 80 0D 2A 5D           ........ ...*]
rpc_check_hdr: rdata->data_size = 108
000000 smb_io_rpc_hdr rpc_hdr   
    0000 major     : 05
    0001 minor     : 00
    0002 pkt_type  : 02
    0003 flags     : 03
    0004 pack_type0: 10
    0005 pack_type1: 00
    0006 pack_type2: 00
    0007 pack_type3: 00
    0008 frag_len  : 00b8
    000a auth_len  : 0000
    000c call_id   : 0000000a
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
    0010 alloc_hint: 000000a0
    0014 context_id: 0000
    0016 cancel_ct : 00
    0017 reserved  : 00
rpc_api_pipe: len left: 76 smbtrans read: 108
rpc_read: data_to_read: 76 rdata offset: 108 extra_data_size: 76
rpc_read: grew buffer by 76 bytes to 184
write_socket(7,59)
write_socket(7,59) wrote 59
got smb length of 136
size=136
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=32769
smb_tid=4097
smb_pid=17005
smb_uid=4099
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=76 (0x4C)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=77
[000] 03 A7 78 06 65 0B 50 73  34 01 00 00 00 F0 62 1C  ..x.e.Ps 4.....b.
[010] 00 01 00 00 00 04 00 00  00 12 00 12 00 10 00 1B  ........ ........
[020] 00 00 00 00 00 09 00 00  00 00 00 00 00 09 00 00  ........ ........
[030] 00 43 00 61 00 64 00 63  00 72 00 65 00 61 00 74  .C.a.d.c .r.e.a.t
[040] 00 65 00 00 00 01 00 00  00 00 00 00 00           .e...... .....
rpc_read: num_read = 76, read offset: 0, to read: 76
rpc_api_pipe: fragment first and last both set
000018 lsa_io_r_lookup_sids 
    0018 ptr_dom_ref: 0f4000c8
    00001c lsa_io_dom_r_ref dom_ref
        001c num_ref_doms_1: 00000001
        0020 ptr_ref_dom   : 001a8828
        0024 max_entries   : 00000020
        0028 num_ref_doms_2: 00000001
        00002c smb_io_unihdr dom_ref[0] 
            002c uni_str_len: 0012
            002e uni_max_len: 0014
            0030 buffer     : 001d4510
        0034 sid_ptr[0] : 0019f5c8
        000038 smb_io_unistr2 dom_ref[0] 
            0038 uni_max_len: 0000000a
            003c undoc      : 00000000
            0040 uni_str_len: 00000009
            0044 buffer     : F.A.I.R.F.I.E.L.D.
        000058 smb_io_dom_sid2 sid_ptr[0] 
            0058 num_auths: 00000004
            00005c smb_io_dom_sid sid
                005c sid_rev_num: 01
                005d num_auths  : 04
                005e id_auth[0] : 00
                005f id_auth[1] : 00
                0060 id_auth[2] : 00
                0061 id_auth[3] : 00
                0062 id_auth[4] : 00
                0063 id_auth[5] : 05
                0064 sub_auths : 00000015 5d2a0d80 650678a7 3473500b 
    000074 lsa_io_trans_names names  
        0074 num_entries    : 00000001
        0078 ptr_trans_names: 001c62f0
        007c num_entries2   : 00000001
        000080 lsa_io_trans_name name[0] 
            0080 sid_name_use: 0004
            000084 smb_io_unihdr hdr_name
                0084 uni_str_len: 0012
                0086 uni_max_len: 0012
                0088 buffer     : 001b0010
            008c domain_idx  : 00000000
        000090 smb_io_unistr2 name[0] 
            0090 uni_max_len: 00000009
            0094 undoc      : 00000000
            0098 uni_str_len: 00000009
            009c buffer     : C.a.d.c.r.e.a.t.e.
    00b0 mapped_count: 00000001
    00b4 status      : 00000000
read failed on sock 10, pid 17009: EOF



-- 
Daniel Deimert (d1dd@dtek.chalmers.se) -*- http://www.dtek.chalmers.se/~d1dd/