I am trying to vampire the account database from my NT 4 DC (that has
SP6A installed). The DC's name is nemesis. The samba computer's name
is mjollnir.
The directions seem trivial:
1.) Join the Domain as a BDC with:
net rpc join -S nemesis -W WHSD -U Administrator
this worked fine and I can see the computer listed in server manager
with type "Windows NT Backup"
2.) Run the vampire command:
net rpc vampire -S nemesis -U Administrator -W WHSD
this returns:
Fetching DOMAIN database
Failed to fetch domain database: NT_STATUS_INVALID_COMPUTER_NAME
I've tried this on another NT 4 DC in a different domain with the same
results. Am I missing a step? It seems like my situation would be the
default for this and that everyone would be getting this error yet I
can't find it documented anywhere. I'd really like to get these domains
moved to samba and really appreciate any help.
My smb.conf is:
[global]
workgroup = WHSD
server string = mjollnir server
netbios name = MJOLLNIR
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
security = USER
#security = DOMAIN
#password server = GENESIS
encrypt passwords = true
passdb backend = tdbsam
#smb passwd file = /etc/samba/smbpasswd
allow trusted domains = No
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain logons = Yes
domain master = No
preferred master = no
#wins server = 10.1.2.2
dns proxy = no
log level = 3
add user script = /usr/sbin/useradd -m '%u'
add group script = /usr/sbin/groupadd '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d
/var/lib/nobody '%u'
client schannel = no
[netlogon]
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[tmp]
path = /var/lib/samba/tmp
read only = no
browseable = no
guest ok = yes
I've attached the output of:
net rpc vampire -S nemesis -U Administrator -W WHSD -d 10
to this message in case it is helpful in any way.
-------------- next part --------------
[2007/05/30 11:13:14, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2007/05/30 11:13:14, 3] param/loadparm.c:lp_load(4945)
lp_load: refreshing parameters
[2007/05/30 11:13:14, 3] param/loadparm.c:init_globals(1410)
Initialising global parameters
[2007/05/30 11:13:14, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/05/30 11:13:14, 3] param/loadparm.c:do_section(3687)
Processing section "[global]"
doing parameter workgroup = WHSD
doing parameter server string = mjollnir server
doing parameter netbios name = MJOLLNIR
[2007/05/30 11:13:14, 4] param/loadparm.c:handle_netbios_name(3045)
handle_netbios_name: set global_myname to: MJOLLNIR
doing parameter printcap name = /etc/printcap
doing parameter load printers = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter security = USER
doing parameter encrypt passwords = true
doing parameter passdb backend = tdbsam
doing parameter allow trusted domains = No
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter local master = no
doing parameter domain logons = Yes
doing parameter domain master = No
doing parameter preferred master = no
doing parameter dns proxy = no
doing parameter log level = 3
doing parameter add user script = /usr/sbin/useradd -m '%u'
doing parameter add group script = /usr/sbin/groupadd '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g'
'%u'
doing parameter add machine script = /usr/sbin/useradd -s /bin/false -d
/var/lib/nobody '%u'
doing parameter client schannel = no
[2007/05/30 11:13:14, 4] param/loadparm.c:lp_load(4976)
pm_process() returned Yes
[2007/05/30 11:13:14, 7] param/loadparm.c:lp_servicenumber(5112)
lp_servicenumber: couldn't find homes
[2007/05/30 11:13:14, 10] param/loadparm.c:set_server_role(4221)
set_server_role: role = ROLE_DOMAIN_BDC
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2007/05/30 11:13:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ANSI_X3.4-1968' for LOCALE
[2007/05/30 11:13:14, 5] lib/util.c:init_names(286)
Netbios name list:-
my_netbios_names[0]="MJOLLNIR"
[2007/05/30 11:13:14, 2] lib/interface.c:add_interface(81)
added interface ip=10.1.1.252 bcast=10.1.255.255 nmask=255.255.0.0
[2007/05/30 11:13:14, 10] libsmb/namequery.c:internal_resolve_name(1132)
internal_resolve_name: looking up nemesis#20
[2007/05/30 11:13:14, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/cache/samba/gencache.tdb
[2007/05/30 11:13:14, 10] lib/gencache.c:gencache_get(304)
Returning valid cache entry: key = NBT/NEMESIS#20, value = 10.1.1.85:0,
timeout = Wed May 30 11:18:57 2007
[2007/05/30 11:13:14, 5] libsmb/namecache.c:namecache_fetch(201)
name nemesis#20 found.
[2007/05/30 11:13:14, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host=nemesis
[2007/05/30 11:13:14, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.1.1.85 at port 445
[2007/05/30 11:13:14, 2] lib/util_sock.c:open_socket_out(911)
error connecting to 10.1.1.85:445 (Connection refused)
[2007/05/30 11:13:14, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.1.1.85 at port 139
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_KEEPALIVE = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_REUSEADDR = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_BROADCAST = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_NODELAY = 1
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPCNT = 9
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPIDLE = 7200
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPINTVL = 75
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option IPTOS_LOWDELAY = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option IPTOS_THROUGHPUT = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDBUF = 16384
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVBUF = 16384
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDLOWAT = 1
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVLOWAT = 1
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDTIMEO = 0
[2007/05/30 11:13:14, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVTIMEO = 0
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,72)
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,72) wrote 72
[2007/05/30 11:13:14, 5] libsmb/cliconnect.c:cli_session_request(1271)
Sent session request
[2007/05/30 11:13:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 0
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,183)
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,183) wrote 183
[2007/05/30 11:13:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 87
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=87
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7484
smb_uid=0
smb_mid=2
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 67 (0x43)
smb_vwv[11]=11776 (0x2E00)
smb_vwv[12]=33276 (0x81FC)
smb_vwv[13]=52291 (0xCC43)
smb_vwv[14]=51106 (0xC7A2)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]= 2048 (0x800)
smb_bcc=18
[2007/05/30 11:13:14, 10] lib/util.c:dump_data(2222)
[000] CE 6C F4 F8 B5 09 04 A8 57 00 48 00 53 00 44 00 .l...... W.H.S.D.
[010] 00 00 ..
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=87
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7484
smb_uid=0
smb_mid=2
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 67 (0x43)
smb_vwv[11]=11776 (0x2E00)
smb_vwv[12]=33276 (0x81FC)
smb_vwv[13]=52291 (0xCC43)
smb_vwv[14]=51106 (0xC7A2)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]= 2048 (0x800)
smb_bcc=18
[2007/05/30 11:13:14, 10] lib/util.c:dump_data(2222)
[000] CE 6C F4 F8 B5 09 04 A8 57 00 48 00 53 00 44 00 .l...... W.H.S.D.
[010] 00 00 ..
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,92)
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,92) wrote 92
[2007/05/30 11:13:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 120
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7484
smb_uid=26624
smb_mid=3
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 120 (0x78)
smb_vwv[ 2]= 0 (0x0)
smb_bcc=79
[2007/05/30 11:13:14, 10] lib/util.c:dump_data(2222)
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 57 00 48 00 53 00 44 00 00 00 .0...W.H .S.D...
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7484
smb_uid=26624
smb_mid=3
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 120 (0x78)
smb_vwv[ 2]= 0 (0x0)
smb_bcc=79
[2007/05/30 11:13:14, 10] lib/util.c:dump_data(2222)
[000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s.
[010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N
[020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a
[030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4..
[040] 00 30 00 00 00 57 00 48 00 53 00 44 00 00 00 .0...W.H .S.D...
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,82)
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,82) wrote 82
[2007/05/30 11:13:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 48
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=4
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 1 (0x1)
smb_bcc=7
[2007/05/30 11:13:14, 10] lib/util.c:dump_data(2222)
[000] 49 50 43 00 00 00 00 IPC....
[2007/05/30 11:13:14, 10] libsmb/clientgen.c:cli_init_creds(233)
cli_init_creds: user domain
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,104)
[2007/05/30 11:13:14, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,104) wrote 104
[2007/05/30 11:13:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 103
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:14, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=5
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 103 (0x67)
smb_vwv[ 2]= 3328 (0xD00)
smb_vwv[ 3]= 280 (0x118)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 16 (0x10)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2007/05/30 11:13:14, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2044)
Bind RPC Pipe[180d]: \lsarpc auth_type 0, auth_level 0
[2007/05/30 11:13:14, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647)
Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB
xW4.4... ...#Eg..
[010] 00 00 00 00 ....
[2007/05/30 11:13:14, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650)
Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60
.]...... ....+.H`
[010] 02 00 00 00 ....
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0048
[2007/05/30 11:13:14, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000001
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_rb
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_bba
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0010 max_tsize: 10b8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0012 max_rsize: 10b8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0014 assoc_gid: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_contexts: 01
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
001c context_id : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001e num_transfer_syntaxes: 01
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
00001f smb_io_rpc_iface
[2007/05/30 11:13:15, 7] rpc_parse/parse_prs.c:prs_debug(84)
000020 smb_io_uuid uuid
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0020 data : 12345778
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0024 data : 1234
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0026 data : abcd
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
0028 data : ef 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
002a data : 01 23 45 67 89 ab
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0030 version: 00000000
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000034 smb_io_rpc_iface
[2007/05/30 11:13:15, 7] rpc_parse/parse_prs.c:prs_debug(84)
000034 smb_io_uuid uuid
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0034 data : 8a885d04
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0038 data : 1ceb
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
003a data : 11c9
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
003c data : 9f e8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
003e data : 08 00 2b 10 48 60
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0044 version: 00000002
[2007/05/30 11:13:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=154
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=6
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]= 6157 (0x180D)
smb_bcc=87
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........
[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x
[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg...
[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+
[050] 10 48 60 02 00 00 00 .H`....
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,158)
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,158) wrote 158
[2007/05/30 11:13:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 124
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D......
[010] 00 B8 10 B8 10 89 19 0B 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=124
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=6
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 68 (0x44)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 68 (0x44)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=69
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D......
[010] 00 B8 10 B8 10 89 19 0B 00 0C 00 5C 50 49 50 45 ........ ...\PIPE
[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........
[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H
[040] 60 02 00 00 00 `....
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr rpc_hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0044
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000001
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
rpc_api_pipe: got PDU len of 68 at offset 0
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d returned 68
bytes.
[2007/05/30 11:13:15, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine nemesis pipe \lsarpc fnum 0x180d bind request
returned ok.
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0044
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000001
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_ba
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_bba
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0010 max_tsize: 10b8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0012 max_rsize: 10b8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0014 assoc_gid: 000b1989
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000018 smb_io_rpc_addr_str
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0018 len: 000c
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
001a str: \PIPE\lsass.
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000026 smb_io_rpc_results
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0028 num_results: 01
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
002c result : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
002e reason : 0000
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000030 smb_io_rpc_iface
[2007/05/30 11:13:15, 7] rpc_parse/parse_prs.c:prs_debug(84)
000030 smb_io_uuid uuid
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0030 data : 8a885d04
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0034 data : 1ceb
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0036 data : 11c9
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
0038 data : 9f e8
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
003a data : 08 00 2b 10 48 60
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0040 version: 00000002
[2007/05/30 11:13:15, 5] rpc_client/cli_pipe.c:check_bind_response(1701)
check_bind_response: accepted!
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2271)
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine nemesis and bound
anonymously.
[2007/05/30 11:13:15, 5] rpc_parse/parse_lsa.c:init_q_open_pol(304)
init_open_pol: attr:0 da:33554432
[2007/05/30 11:13:15, 5] rpc_parse/parse_lsa.c:init_lsa_obj_attr(236)
init_lsa_obj_attr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_open_pol
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 ptr : 00000001
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0004 system_name: 005c
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000008 lsa_io_obj_attr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0008 len : 00000018
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c ptr_root_dir: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 ptr_obj_name: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0014 attributes : 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0018 ptr_sec_desc: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
001c ptr_sec_qos : 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0020 des_access: 02000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 003c
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000002
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_req hdr_req
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000024
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0016 opnum : 0006
[2007/05/30 11:13:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=142
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=7
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 60 (0x3C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 60 (0x3C)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]= 6157 (0x180D)
smb_bcc=75
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$
[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\....
[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[040] 00 00 00 00 00 00 00 00 00 00 02 ........ ...
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,146)
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,146) wrote 146
[2007/05/30 11:13:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 104
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=7
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 C3 33 5C ........ ......3\
[020] 01 AD 0E DC 11 8E 51 DC E6 24 45 65 5A 00 00 00 ......Q. .$EeZ...
[030] 00 .
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=7
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 3C 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 <....... .0......
[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 C3 33 5C ........ ......3\
[020] 01 AD 0E DC 11 8E 51 DC E6 24 45 65 5A 00 00 00 ......Q. .$EeZ...
[030] 00 .
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr rpc_hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0030
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000002
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000018
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2007/05/30 11:13:15, 10]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
rpc_api_pipe: got PDU len of 48 at offset 0
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d returned 48
bytes.
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_open_pol
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_pol_hnd
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 data1: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0004 data2: 015c33c3
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 data3: 0ead
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a data4: 11dc
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
000c data5: 8e 51 dc e6 24 45 65 5a
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
0014 status: NT_STATUS_OK
[2007/05/30 11:13:15, 5] rpc_parse/parse_lsa.c:init_q_query(488)
init_q_query
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_query
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_pol_hnd
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 data1: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0004 data2: 015c33c3
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 data3: 0ead
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a data4: 11dc
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
000c data5: 8e 51 dc e6 24 45 65 5a
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 info_class: 0005
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 002e
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000003
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_req hdr_req
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000016
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0016 opnum : 0007
[2007/05/30 11:13:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=8
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]= 6157 (0x180D)
smb_bcc=61
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........
[020] 00 00 00 00 00 07 00 00 00 00 00 C3 33 5C 01 AD ........ ....3\..
[030] 0E DC 11 8E 51 DC E6 24 45 65 5A 05 00 ....Q..$ EeZ..
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,132)
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,132) wrote 132
[2007/05/30 11:13:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 152
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=8
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 96 (0x60)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 96 (0x60)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=97
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 2E 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`......
[010] 00 48 00 00 00 00 00 00 00 F0 7F 82 07 05 00 5C .H...... .......\
[020] 01 08 00 0A 00 E0 6C 15 00 C0 B7 22 00 05 00 00 ......l. ..."....
[030] 00 00 00 00 00 04 00 00 00 57 00 48 00 53 00 44 ........ .W.H.S.D
[040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........
[050] 00 93 78 80 2A 90 1D DC 07 2D 2F CE 10 00 00 00 ..x.*... .-/.....
[060] 00 .
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=152
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=8
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 96 (0x60)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 96 (0x60)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=97
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 2E 05 00 02 03 10 00 00 00 60 00 00 00 03 00 00 ........ .`......
[010] 00 48 00 00 00 00 00 00 00 F0 7F 82 07 05 00 5C .H...... .......\
[020] 01 08 00 0A 00 E0 6C 15 00 C0 B7 22 00 05 00 00 ......l. ..."....
[030] 00 00 00 00 00 04 00 00 00 57 00 48 00 53 00 44 ........ .W.H.S.D
[040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........
[050] 00 93 78 80 2A 90 1D DC 07 2D 2F CE 10 00 00 00 ..x.*... .-/.....
[060] 00 .
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr rpc_hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0060
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000003
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000048
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2007/05/30 11:13:15, 10]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
cli_pipe_validate_current_pdu: got pdu len 96, data_len 72, ss_len 0
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
rpc_api_pipe: got PDU len of 96 at offset 0
[2007/05/30 11:13:15, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d returned 144
bytes.
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_query
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 dom_ptr: 07827ff0
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000004 lsa_io_query_info_ctr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0004 info_class: 0005
[2007/05/30 11:13:15, 7] rpc_parse/parse_prs.c:prs_debug(84)
000008 lsa_io_dom_query_3
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 uni_dom_max_len: 0008
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a uni_dom_str_len: 000a
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c buffer_dom_name: 00156ce0
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 buffer_dom_sid : 0022b7c0
[2007/05/30 11:13:15, 8] rpc_parse/parse_prs.c:prs_debug(84)
000014 smb_io_unistr2 unistr2
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0014 uni_max_len: 00000005
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0018 offset : 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
001c uni_str_len: 00000004
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936)
0020 buffer : W.H.S.D.
[2007/05/30 11:13:15, 8] rpc_parse/parse_prs.c:prs_debug(84)
000028 smb_io_dom_sid2
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0028 num_auths: 00000004
[2007/05/30 11:13:15, 9] rpc_parse/parse_prs.c:prs_debug(84)
00002c smb_io_dom_sid sid
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
002c sid_rev_num: 01
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
002d num_auths : 04
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
002e id_auth[0] : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
002f id_auth[1] : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0030 id_auth[2] : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0031 id_auth[3] : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0032 id_auth[4] : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0033 id_auth[5] : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32s(991)
0034 sub_auths : 00000015 2a807893 07dc1d90 10ce2f2d
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
0044 status: NT_STATUS_OK
[2007/05/30 11:13:15, 5] rpc_parse/parse_lsa.c:init_lsa_q_close(2126)
init_lsa_q_close
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_close
[2007/05/30 11:13:15, 6] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_pol_hnd
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 data1: 00000000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0004 data2: 015c33c3
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 data3: 0ead
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a data4: 11dc
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
000c data5: 8e 51 dc e6 24 45 65 5a
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 002c
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 00000004
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_req hdr_req
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000014
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2007/05/30 11:13:15, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0016 opnum : 0000
[2007/05/30 11:13:15, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770)
rpc_api_pipe: Remote machine nemesis pipe \lsarpc fnum 0x180d
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=126
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=9
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 4280 (0x10B8)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 82 (0x52)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 82 (0x52)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]= 6157 (0x180D)
smb_bcc=59
[2007/05/30 11:13:15, 10] lib/util.c:dump_data(2222)
[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\....
[010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........
[020] 00 00 00 00 00 00 00 00 00 00 00 C3 33 5C 01 AD ........ ....3\..
[030] 0E DC 11 8E 51 DC E6 24 45 65 5A ....Q..$ EeZ
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,130)
[2007/05/30 11:13:15, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,130) wrote 130
[2007/05/30 11:13:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 104
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(485)
[2007/05/30 11:13:15, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=12288
smb_pid=7484
smb_uid=26624
smb_mid=9
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
