[Samba] smbd uses 10 to 15% CPU w/Vista client
in [Samba]
|
From: Ross Boylan on 6 Sep 2009 19:30 For quite awhile I've noticed that smbd uses 10-15% of my CPU (Pentium 4) when nothing visible is going on. I have a couple of laptops on my home network, and some experiments showing that powering on the Vista laptop (other is OSX) is sufficient to raise useage from 0 to 10-15%. The screen is locked, although 2 user accounts are logged in. Wireshark seems to show a lot of chatter, particularly about the printers. Can anyone explain what is going on or, even better, how to fix it? I'm running samba 3.2.5 on Debian Lenny, linux 2.6.26-2-686 kernel. The P4 has hyperthreading. I have not installed any printer drivers on the server, though they are set up on the client. Below is my smb.conf and then an excerpt from wireshark: [global] workgroup = Boylan server string = %h server wins support = yes include = /etc/samba/dhcp.conf dns proxy = no interfaces = 127.0.0.0/8 ethfast bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . printing = cups printcap name = cups socket options = TCP_NODELAY [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [download] comment = Downloads path = /usr/local/download read only = No packet capture: No. Time Source Destination Protocol Info 1 0.000000 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=1 Ack=1 Win=41664 Len=0 2 0.006582 192.168.40.2 192.168.40.46 SMB Read AndX Response, 3032 bytes 3 0.006628 192.168.40.2 192.168.40.46 NBSS Session message 4 0.011062 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=1 Ack=3096 Win=4380 Len=0 5 0.011113 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 5 opnum: 26 ctx_id: 0 6 0.011233 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=3096 Ack=177 Win=41664 Len=0 7 0.015300 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 5 ctx_id: 0 8 0.019147 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 9 0.019199 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 6 opnum: 53 ctx_id: 0 10 0.019619 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=4220 Ack=2429 Win=41629 Len=0 11 0.024679 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724e 12 0.024708 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 13 0.029030 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=2429 Ack=6376 Win=4380 Len=0 14 0.030023 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 15 0.030048 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 7 opnum: 8 ctx_id: 0 16 0.030131 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=6376 Ack=4625 Win=41630 Len=0 17 0.043197 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 6 ctx_id: 0 18 0.043230 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 19 0.057041 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=4625 Ack=8524 Win=4380 Len=0 20 0.057097 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 8 opnum: 29 ctx_id: 0 21 0.057303 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 8 ctx_id: 0 22 0.060375 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x724e 23 0.060552 192.168.40.2 192.168.40.46 SMB Close Response 24 0.065014 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 25 0.066675 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 26 0.066702 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 8 ctx_id: 0 27 0.066779 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=8671 Ack=7722 Win=41664 Len=0 28 0.078417 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 29 0.078464 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 30 0.084065 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=9046 Ack=12867 Win=4380 Len=0 31 0.088682 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 32 0.088726 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 33 0.089142 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=12867 Ack=11966 Win=41624 Len=0 34 0.090003 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 5 opnum: 8 ctx_id: 0 35 0.100291 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 36 0.100337 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 37 0.105033 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=13290 Ack=17063 Win=4380 Len=0 38 0.106295 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 39 0.106319 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 40 0.106408 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=17063 Ack=16210 Win=41624 Len=0 41 0.107386 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 6 opnum: 8 ctx_id: 0 42 0.117862 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 43 0.117904 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 44 0.122078 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=17534 Ack=19983 Win=4380 Len=0 45 0.128247 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 46 0.128293 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 47 0.128396 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=21259 Ack=20454 Win=41624 Len=0 48 0.129379 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 7 opnum: 8 ctx_id: 0 49 0.143838 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 6 ctx_id: 0 50 0.143884 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 51 0.149059 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=21778 Ack=24179 Win=4380 Len=0 52 0.151506 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 53 0.151536 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 54 0.152384 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=25455 Ack=24698 Win=41624 Len=0 55 0.152696 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 8 opnum: 8 ctx_id: 0 56 0.165166 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 57 0.165221 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 58 0.169365 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=26022 Ack=28375 Win=4380 Len=0 59 0.173998 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 60 0.174055 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 61 0.174677 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=29651 Ack=28942 Win=41624 Len=0 62 0.175285 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 9 opnum: 8 ctx_id: 0 63 0.185694 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 8 ctx_id: 0 64 0.185742 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 65 0.190075 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=30266 Ack=32571 Win=4380 Len=0 66 0.192350 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 67 0.192388 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 68 0.192585 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=33847 Ack=33186 Win=41624 Len=0 69 0.193571 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 10 opnum: 8 ctx_id: 0 70 0.204285 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 71 0.204357 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 72 0.209385 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=34510 Ack=36767 Win=4380 Len=0 73 0.212405 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 74 0.212444 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 75 0.212624 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=38043 Ack=37430 Win=41624 Len=0 76 0.213603 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 11 opnum: 8 ctx_id: 0 77 0.254651 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=38043 Ack=38754 Win=41664 Len=0 78 0.285690 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 10 ctx_id: 0 79 0.285726 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 80 0.290146 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=38754 Ack=40963 Win=4380 Len=0 81 0.293432 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 82 0.293454 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 83 0.293571 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=42239 Ack=41674 Win=41624 Len=0 84 0.294546 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 12 opnum: 8 ctx_id: 0 85 0.294599 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=42239 Ack=42998 Win=41664 Len=0 86 0.303569 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 87 0.303612 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 88 0.309064 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=42998 Ack=46435 Win=4380 Len=0 89 0.313960 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 90 0.313985 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 91 0.314143 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=46435 Ack=45918 Win=41624 Len=0 92 0.315124 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 13 opnum: 8 ctx_id: 0 93 0.325142 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 12 ctx_id: 0 94 0.325178 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 95 0.329278 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=47242 Ack=49355 Win=4380 Len=0 96 0.331377 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 97 0.331404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 98 0.331483 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=50631 Ack=50162 Win=41624 Len=0 99 0.332460 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 14 opnum: 8 ctx_id: 0 100 0.342030 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 101 0.342084 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 102 0.347080 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=51486 Ack=53551 Win=4380 Len=0 103 0.353399 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 104 0.353449 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 105 0.354106 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=54827 Ack=54406 Win=41624 Len=0 106 0.354398 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 15 opnum: 8 ctx_id: 0 107 0.359527 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 14 ctx_id: 0 108 0.359571 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 109 0.365321 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=55730 Ack=59023 Win=4380 Len=0 110 0.366356 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 111 0.370598 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 112 0.371683 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 16 opnum: 8 ctx_id: 0 113 0.373074 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=59023 Ack=58650 Win=41664 Len=0 114 0.381831 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 115 0.381878 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 116 0.387440 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=59974 Ack=61943 Win=4380 Len=0 117 0.392910 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 118 0.392963 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 119 0.393464 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=63219 Ack=62894 Win=41624 Len=0 120 0.394249 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 17 opnum: 8 ctx_id: 0 121 0.403604 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 16 ctx_id: 0 122 0.403650 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 123 0.409099 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=64218 Ack=67415 Win=4380 Len=0 124 0.410386 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 125 0.410410 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 126 0.410580 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=67415 Ack=67138 Win=41624 Len=0 127 0.411521 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 18 opnum: 8 ctx_id: 0 128 0.420971 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 129 0.421015 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 130 0.425231 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=68462 Ack=70335 Win=4380 Len=0 131 0.431796 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 132 0.431853 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 133 0.431966 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=71611 Ack=71382 Win=41624 Len=0 134 0.432945 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 19 opnum: 8 ctx_id: 0 135 0.447681 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 18 ctx_id: 0 136 0.447730 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 137 0.456977 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=72706 Ack=74531 Win=4380 Len=0 138 0.458019 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 139 0.458059 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 140 0.458804 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=75807 Ack=75626 Win=41624 Len=0 141 0.459320 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 20 opnum: 8 ctx_id: 0 142 0.469774 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 143 0.469820 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 144 0.475069 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=76950 Ack=78727 Win=4380 Len=0 145 0.481378 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 146 0.481435 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 147 0.482704 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 21 opnum: 8 ctx_id: 0 148 0.486583 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=80003 Ack=81194 Win=41603 Len=0 149 0.495941 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 20 ctx_id: 0 150 0.495981 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 151 0.501605 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=81194 Ack=82923 Win=4380 Len=0 152 0.504193 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 153 0.504227 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 154 0.504437 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=84199 Ack=84114 Win=41624 Len=0 155 0.505417 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 22 opnum: 8 ctx_id: 0 156 0.521496 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 157 0.521542 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 158 0.526067 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=85438 Ack=88395 Win=4380 Len=0 159 0.530065 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 160 0.531453 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 161 0.531482 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 23 opnum: 8 ctx_id: 0 162 0.531565 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=88395 Ack=88358 Win=41664 Len=0 163 0.546270 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 22 ctx_id: 0 164 0.546313 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 165 0.552063 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=89682 Ack=91315 Win=4380 Len=0 166 0.556396 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 167 0.556428 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 168 0.556587 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=92591 Ack=92602 Win=41624 Len=0 169 0.557567 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 24 opnum: 8 ctx_id: 0 170 0.564894 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 171 0.564938 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 172 0.570400 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=93926 Ack=95511 Win=4380 Len=0 173 0.576651 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 174 0.576685 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 175 0.576760 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=96787 Ack=96846 Win=41624 Len=0 176 0.577735 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 25 opnum: 8 ctx_id: 0 177 0.582815 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 24 ctx_id: 0 178 0.582856 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 179 0.587053 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=98170 Ack=99707 Win=4380 Len=0 180 0.589276 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 181 0.589309 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 182 0.589495 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=100983 Ack=101090 Win=41624 Len=0 183 0.590480 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 26 opnum: 8 ctx_id: 0 184 0.594962 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 185 0.594993 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 186 0.600148 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=102414 Ack=103903 Win=4380 Len=0 187 0.605175 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 188 0.605215 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 189 0.605451 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=105179 Ack=105334 Win=41624 Len=0 190 0.606437 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 27 opnum: 8 ctx_id: 0 191 0.611630 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 26 ctx_id: 0 192 0.611661 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 193 0.616028 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=106658 Ack=108099 Win=4380 Len=0 194 0.618265 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 195 0.618287 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 196 0.618399 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=109375 Ack=109578 Win=41624 Len=0 197 0.620497 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 28 opnum: 8 ctx_id: 0 198 0.624608 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 199 0.624636 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 200 0.629056 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=110902 Ack=112295 Win=4380 Len=0 201 0.657610 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 202 0.657660 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 203 0.658936 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 29 opnum: 8 ctx_id: 0 204 0.662242 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=113571 Ack=115146 Win=41603 Len=0 205 0.667235 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 28 ctx_id: 0 206 0.667264 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 207 0.672282 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=115146 Ack=116491 Win=4380 Len=0 208 0.674472 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 209 0.674495 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 210 0.674557 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=117767 Ack=118066 Win=41624 Len=0 211 0.675528 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 30 opnum: 8 ctx_id: 0 212 0.680324 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 213 0.680354 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 214 0.685102 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=119390 Ack=121963 Win=4380 Len=0 215 0.689017 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 216 0.689034 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 217 0.689091 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=121963 Ack=122310 Win=41624 Len=0 218 0.690063 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 31 opnum: 8 ctx_id: 0 219 0.695575 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 30 ctx_id: 0 220 0.695608 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 221 0.700182 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=123634 Ack=126159 Win=4380 Len=0 222 0.701276 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 223 0.701293 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 224 0.701650 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=126159 Ack=126554 Win=41624 Len=0 225 0.702550 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 32 opnum: 8 ctx_id: 0 226 0.706873 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 227 0.706903 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 228 0.712032 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=127878 Ack=129079 Win=4380 Len=0 229 0.716726 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 230 0.716751 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 231 0.716883 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=130355 Ack=130798 Win=41624 Len=0 232 0.717855 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 33 opnum: 8 ctx_id: 0 233 0.722440 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 32 ctx_id: 0 234 0.722469 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 235 0.727076 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=132122 Ack=134551 Win=4380 Len=0 236 0.728323 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 237 0.728340 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 238 0.728450 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=134551 Ack=135042 Win=41624 Len=0 239 0.729425 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 34 opnum: 8 ctx_id: 0 240 0.734483 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 241 0.734513 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 242 0.739027 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=136366 Ack=138747 Win=4380 Len=0 243 0.743805 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 244 0.745557 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 245 0.745594 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 35 opnum: 8 ctx_id: 0 246 0.745797 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=138747 Ack=139286 Win=41664 Len=0 247 0.751271 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 34 ctx_id: 0 248 0.751315 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 249 0.756131 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=140610 Ack=141667 Win=4380 Len=0 250 0.758358 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 251 0.758396 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 252 0.758478 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=142943 Ack=143530 Win=41624 Len=0 253 0.759453 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 36 opnum: 8 ctx_id: 0 254 0.765750 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 255 0.765794 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 256 0.770175 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=144854 Ack=145863 Win=4380 Len=0 257 0.775105 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 258 0.775127 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 259 0.775918 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=147139 Ack=147774 Win=41624 Len=0 260 0.776486 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 37 opnum: 8 ctx_id: 0 261 0.781074 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 36 ctx_id: 0 262 0.781111 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 263 0.785349 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=149098 Ack=150059 Win=4380 Len=0 264 0.788255 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 265 0.788277 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 266 0.788307 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=151335 Ack=152018 Win=41664 Len=0 267 0.789281 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 38 opnum: 8 ctx_id: 0 268 0.794246 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 269 0.794281 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 270 0.799301 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=153342 Ack=154255 Win=4380 Len=0 271 0.804689 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 272 0.804711 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 273 0.804744 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=155531 Ack=156262 Win=41624 Len=0 274 0.805720 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 39 opnum: 8 ctx_id: 0 275 0.810715 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 38 ctx_id: 0 276 0.810750 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 277 0.815079 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=157586 Ack=158451 Win=4380 Len=0 278 0.817341 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 279 0.818948 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 280 0.818969 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 40 opnum: 8 ctx_id: 0 281 0.818989 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=159727 Ack=160506 Win=41664 Len=0 282 0.824069 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 283 0.824106 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 284 0.828187 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=161830 Ack=162647 Win=4380 Len=0 285 0.833870 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 286 0.833897 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 287 0.833926 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=163923 Ack=164750 Win=41664 Len=0 288 0.857537 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 41 opnum: 8 ctx_id: 0 289 0.865095 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 40 ctx_id: 0 290 0.865149 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 291 0.870281 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=166074 Ack=166843 Win=4380 Len=0 292 0.872336 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 293 0.872356 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 294 0.872414 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=168119 Ack=168994 Win=41624 Len=0 295 0.874466 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 42 opnum: 8 ctx_id: 0 296 0.879091 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 297 0.879126 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 298 0.883358 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=170318 Ack=171039 Win=4380 Len=0 299 0.889336 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 300 0.889363 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 301 0.889500 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=172315 Ack=173238 Win=41624 Len=0 302 0.890475 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 43 opnum: 8 ctx_id: 0 303 0.896076 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 42 ctx_id: 0 304 0.896109 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 305 0.900427 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=174562 Ack=175235 Win=4380 Len=0 306 0.902856 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 307 0.904285 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 308 0.904311 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 44 opnum: 8 ctx_id: 0 309 0.904449 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=176511 Ack=177482 Win=41664 Len=0 310 0.909601 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 311 0.909643 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 312 0.915109 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=178806 Ack=180707 Win=4380 Len=0 313 0.919928 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 314 0.919964 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 315 0.919995 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=180707 Ack=181726 Win=41624 Len=0 316 0.920979 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 45 opnum: 8 ctx_id: 0 317 0.925794 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 44 ctx_id: 0 318 0.925829 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 319 0.931484 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=183050 Ack=183627 Win=4380 Len=0 320 0.933345 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 321 0.933364 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 322 0.933395 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=184903 Ack=185970 Win=41664 Len=0 323 0.934375 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 46 opnum: 8 ctx_id: 0 324 0.941423 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 325 0.941462 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 326 0.946097 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=187294 Ack=189099 Win=4380 Len=0 327 0.951723 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 328 0.951752 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 329 0.951785 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=189099 Ack=190214 Win=41624 Len=0 330 0.952761 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 47 opnum: 8 ctx_id: 0 331 0.958879 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 46 ctx_id: 0 332 0.958917 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 333 0.964062 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=191538 Ack=192019 Win=4380 Len=0 334 0.966283 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 335 0.966307 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 336 0.966336 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=193295 Ack=194458 Win=41624 Len=0 337 0.968430 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 48 opnum: 8 ctx_id: 0 338 0.972936 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724c 339 0.972973 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 340 0.977109 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=195782 Ack=196215 Win=4380 Len=0 341 0.981692 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 49 opnum: 29 ctx_id: 0 342 0.981812 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 49 ctx_id: 0 343 0.985307 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x724c 344 0.985406 192.168.40.2 192.168.40.46 SMB Close Response 345 1.002377 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x724f, Path: \spoolss 346 1.002522 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x724f 347 1.005342 192.168.40.46 192.168.40.2 SMB Trans2 Request, QUERY_FILE_INFO, FID: 0x724f, Query File Standard Info 348 1.005404 192.168.40.2 192.168.40.46 SMB Trans2 Response, FID: 0x724f, QUERY_FILE_INFO 349 1.008716 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0 350 1.008797 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x724f, 116 bytes 351 1.012007 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x724f, 1024 bytes at offset 0 352 1.012072 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 353 1.016831 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 354 1.018438 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 355 1.018453 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter 356 1.018470 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=198047 Ack=199308 Win=41664 Len=0 357 1.018803 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response 358 1.023767 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 359 1.023804 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 360 1.023906 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=198155 Ack=202398 Win=41624 Len=0 361 1.024887 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 4 362 1.027236 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f 363 1.030310 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x724f, 3112 bytes at offset 0 364 1.030379 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x724f, 3112 bytes 365 1.030410 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 366 1.045975 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=203785 Ack=202414 Win=4380 Len=0 367 1.057272 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x7250, Path: \spoolss 368 1.057514 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x7250 369 1.060691 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0 370 1.060858 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7250, 116 bytes 371 1.063225 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 1024 bytes at offset 0 372 1.063308 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 373 1.066368 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter 374 1.066719 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response 375 1.069332 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 2 376 1.069450 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 2[Malformed Packet] 377 1.072267 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1 378 1.072429 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 1, Insufficient buffer 379 1.077031 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 380 1.077059 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 381 1.077205 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=203051 Ack=207644 Win=41624 Len=0 382 1.078179 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #386] 383 1.078247 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7250, 4280 bytes 384 1.081950 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 385 1.085141 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 386 1.085157 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1 387 1.085208 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=203102 Ack=211992 Win=41664 Len=0 388 1.085630 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250 389 1.089641 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 3256 bytes at offset 0 390 1.089715 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x7250, 3256 bytes 391 1.089739 192.168.40.2 192.168.40.46 NBSS Session message 392 1.095306 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=212271 Ack=207505 Win=4380 Len=0 393 1.095345 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7250, 4280 bytes at offset 0 394 1.095618 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited during capture] 395 1.095651 192.168.40.2 192.168.40.46 NBSS Session message 396 1.100253 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=212334 Ack=210600 Win=4380 Len=0 397 1.100284 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterData request, DriverPolicy 398 1.103251 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250 399 1.150697 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 400 1.150746 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6 401 1.150877 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=211724 Ack=214762 Win=41629 Len=0 402 1.153560 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7250 403 1.153580 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 404 1.158511 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=214762 Ack=213880 Win=4380 Len=0 405 1.159517 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 406 1.161046 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 407 1.161112 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=213880 Ack=216958 Win=41664 Len=0 408 1.165602 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment] 409 1.165629 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 410 1.170331 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=216958 Ack=216028 Win=4380 Len=0 411 1.170362 192.168.40.46 192.168.40.2 SPOOLSS ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter) 412 1.170476 192.168.40.2 192.168.40.46 SPOOLSS ClosePrinter response 413 1.174272 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x7250 414 1.174381 192.168.40.2 192.168.40.46 SMB Close Response, FID: 0x7250 415 1.178137 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 416 1.185481 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f 417 1.191104 192.168.40.46 192.168.40.2 SMB NT Create AndX Request, FID: 0x7251, Path: \spoolss 418 1.230649 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=217575 Ack=218689 Win=41663 Len=0 419 1.277782 192.168.40.2 192.168.40.46 SMB NT Create AndX Response, FID: 0x7251 420 1.280815 192.168.40.46 192.168.40.2 DCERPC Bind: call_id: 1, 2 context items, 1st SPOOLSS V1.0 421 1.280929 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=217714 Ack=218873 Win=41664 Len=0 422 1.281036 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7251, 116 bytes 423 1.284284 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 1024 bytes at offset 0 424 1.284413 192.168.40.2 192.168.40.46 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 425 1.287843 192.168.40.46 192.168.40.2 SPOOLSS OpenPrinterEx request, \\CORN\rawPrinter 426 1.288865 192.168.40.2 192.168.40.46 SPOOLSS OpenPrinterEx response 427 1.292489 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 2 428 1.292671 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 2[Malformed Packet] 429 1.295277 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1 430 1.295537 192.168.40.2 192.168.40.46 SPOOLSS EnumForms response, level 1, Insufficient buffer 431 1.299053 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 432 1.299086 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 433 1.299275 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=218212 Ack=222442 Win=41624 Len=0 434 1.300254 192.168.40.46 192.168.40.2 DCERPC Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #438] 435 1.300345 192.168.40.2 192.168.40.46 SMB Write AndX Response, FID: 0x7251, 4280 bytes 436 1.304004 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 437 1.304036 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 438 1.304049 192.168.40.46 192.168.40.2 SPOOLSS EnumForms request, level 1 439 1.304208 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=218263 Ack=227006 Win=41615 Len=0 440 1.304612 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251 441 1.308260 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 3256 bytes at offset 0 442 1.309801 192.168.40.2 192.168.40.46 SMB Read AndX Response, FID: 0x7251, 3256 bytes 443 1.309841 192.168.40.2 192.168.40.46 NBSS Session message 444 1.314107 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=227069 Ack=222666 Win=4380 Len=0 445 1.314146 192.168.40.46 192.168.40.2 SMB Read AndX Request, FID: 0x7251, 4280 bytes at offset 0 446 1.314250 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited during capture] 447 1.314283 192.168.40.2 192.168.40.46 NBSS Session message 448 1.319136 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=227132 Ack=225586 Win=4380 Len=0 449 1.320898 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterData request, DriverPolicy 450 1.325622 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251 451 1.330052 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 452 1.330106 192.168.40.46 192.168.40.2 SPOOLSS GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6 453 1.332777 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=226885 Ack=229560 Win=41629 Len=0 454 1.336101 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x7251 455 1.336134 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 456 1.340311 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=229560 Ack=229041 Win=4380 Len=0 457 1.340361 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 458 1.341426 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 459 1.341488 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=229041 Ack=231756 Win=41664 Len=0 460 1.347994 192.168.40.2 192.168.40.46 DCERPC Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment] 461 1.348026 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 462 1.352066 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=231756 Ack=231189 Win=4380 Len=0 463 1.352118 192.168.40.46 192.168.40.2 SPOOLSS ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter) 464 1.352286 192.168.40.2 192.168.40.46 SPOOLSS ClosePrinter response 465 1.355312 192.168.40.46 192.168.40.2 SMB Close Request, FID: 0x7251 466 1.355523 192.168.40.2 192.168.40.46 SMB Close Response, FID: 0x7251 467 1.359978 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 468 1.360034 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 469 1.360115 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=231336 Ack=234853 Win=41624 Len=0 470 1.361095 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 471 1.367772 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 4 472 1.367816 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 473 1.372052 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=236177 Ack=234256 Win=4380 Len=0 474 1.377397 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 475 1.377452 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 476 1.377529 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=235532 Ack=239097 Win=41624 Len=0 477 1.378507 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 478 1.384936 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f 479 1.384979 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 480 1.390270 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=240421 Ack=238452 Win=4380 Len=0 481 1.392365 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 482 1.392404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 483 1.392474 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=239728 Ack=243341 Win=41624 Len=0 484 1.393452 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 485 1.402976 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 2 486 1.403018 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 487 1.407124 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=244665 Ack=242648 Win=4380 Len=0 488 1.413401 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 489 1.413458 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 490 1.413538 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=243924 Ack=247585 Win=41624 Len=0 491 1.414515 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 492 1.422727 192.168.40.2 192.168.40.46 SMB Pipe TransactNmPipe Response, FID: 0x724f 493 1.422768 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message 494 1.427092 192.168.40.46 192.168.40.2 TCP 58439 > microsoft-ds [ACK] Seq=248909 Ack=246844 Win=4380 Len=0 495 1.429404 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 496 1.430888 192.168.40.46 192.168.40.2 TCP [TCP segment of a reassembled PDU] 497 1.430918 192.168.40.46 192.168.40.2 SPOOLSS GetPrinter request, level 2 498 1.430983 192.168.40.2 192.168.40.46 TCP microsoft-ds > 58439 [ACK] Seq=248120 Ack=251829 Win=41664 Len=0 499 1.437383 192.168.40.2 192.168.40.46 SPOOLSS GetPrinter response, level 2 500 1.437427 192.168.40.2 192.168.40.46 NBSS NBSS Continuation Message -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: "net sam provision" and samba 3.4.0 Next: smbd uses 10 to 15% CPU w/Vista client |