No. RelativeTime Delta Source SrcPort Destination DestPort CumuBytes Info Protocol AbsoluteT
1 0.000000 0.000000 10.13.5.121 1026 10.13.159.153 139 314 Session Setup AndX Request, User: foobar; Tree Connect AndX, Path: \\XXX\NETLOGON SMB 11:10:34.077447
2 0.005413 0.005413 10.13.159.153 139 10.13.5.121 1026 510 Session Setup AndX Response; Tree Connect AndX SMB 11:10:34.082860
3 0.005638 0.000225 10.13.5.121 1026 10.13.159.153 139 670 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \ntconfig.pol SMB 11:10:34.083085
4 0.006614 0.000976 10.13.159.153 139 10.13.5.121 1026 763 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB 11:10:34.084061
5 0.135916 0.129302 10.13.5.121 1026 10.13.159.153 139 823 1026 > netbios-ssn [ACK] Seq=366 Ack=181 Win=64059 Len=0 TCP 11:10:34.213363
6 13.967960 13.832044 10.13.5.121 138 10.13.159.153 138 1155 SAM LOGON request from client NETLOGON 11:10:48.045407
7 13.970336 0.002376 10.13.159.153 138 10.13.5.121 138 1427 Response to SAM LOGON request NETLOGON 11:10:48.047783
8 14.134935 0.164599 10.13.5.121 1026 10.13.159.153 139 1561 Tree Connect AndX Request, Path: \\foobar\IPC$ SMB 11:10:48.212382
9 14.135883 0.000948 10.13.159.153 139 10.13.5.121 1026 1667 Tree Connect AndX Response SMB 11:10:48.213330
10 14.197447 0.061564 10.13.5.121 1026 10.13.159.153 139 1825 NT Create AndX Request, Path: \srvsvc SMB 11:10:48.274894
11 14.200451 0.003004 10.13.159.153 139 10.13.5.121 1026 1986 NT Create AndX Response, FID: 0x0808 SMB 11:10:48.277898
12 14.260694 0.060243 10.13.5.121 1026 10.13.159.153 139 2200 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:10:48.338141
13 14.262060 0.001366 10.13.159.153 139 10.13.5.121 1026 2382 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:10:48.339507
14 14.292568 0.030508 10.13.5.121 1026 10.13.159.153 139 2584 NetrServerGetInfo request, \\foobar SRVSVC 11:10:48.370015
15 14.294285 0.001717 10.13.159.153 139 10.13.5.121 1026 2858 NetrServerGetInfo response, SQL Server, Backup Controller, Domain Member Server, Dialin Server, NT Workstation, Unknown server type:14, NT Server, Potential Browser, OSF, Workstation, Server, Backup Controller, NT Workstation, Master Browser SRVSVC 11:10:48.371732
16 14.323405 0.029120 10.13.5.121 1026 10.13.159.153 139 2957 Close Request, FID: 0x0808 SMB 11:10:48.400852
17 14.324871 0.001466 10.13.159.153 139 10.13.5.121 1026 3050 Close Response SMB 11:10:48.402318
18 14.462818 0.137947 10.13.5.121 1026 10.13.159.153 139 3110 1026 > netbios-ssn [ACK] Seq=903 Ack=727 Win=63513 Len=0 TCP 11:10:48.540265
19 16.113699 1.650881 10.13.5.121 138 10.13.159.153 138 3442 SAM LOGON request from client NETLOGON 11:10:50.191146
20 16.116436 0.002737 10.13.159.153 138 10.13.5.121 138 3714 Response to SAM LOGON request NETLOGON 11:10:50.193883
21 16.213412 0.096976 10.13.5.121 1026 10.13.159.153 139 3872 NT Create AndX Request, Path: \srvsvc SMB 11:10:50.290859
22 16.214910 0.001498 10.13.159.153 139 10.13.5.121 1026 4033 NT Create AndX Response, FID: 0x0809 SMB 11:10:50.292357
23 16.215354 0.000444 10.13.5.121 1026 10.13.159.153 139 4247 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:10:50.292801
24 16.216725 0.001371 10.13.159.153 139 10.13.5.121 1026 4429 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:10:50.294172
25 16.217046 0.000321 10.13.5.121 1026 10.13.159.153 139 4631 NetrServerGetInfo request, \\foobar SRVSVC 11:10:50.294493
26 16.218306 0.001260 10.13.159.153 139 10.13.5.121 1026 4781 NetrServerGetInfo response, Access denied SRVSVC 11:10:50.295753
27 16.218803 0.000497 10.13.5.121 1026 10.13.159.153 139 4880 Close Request, FID: 0x0809 SMB 11:10:50.296250
28 16.219700 0.000897 10.13.159.153 139 10.13.5.121 1026 4973 Close Response SMB 11:10:50.297147
29 16.431416 0.211716 10.13.5.121 1026 10.13.159.153 139 5033 1026 > netbios-ssn [ACK] Seq=1360 Ack=1097 Win=63143 Len=0 TCP 11:10:50.508863
30 22.575742 6.144326 10.13.5.121 1026 10.13.159.153 139 5191 NT Create AndX Request, Path: \srvsvc SMB 11:10:56.653189
31 22.577480 0.001738 10.13.159.153 139 10.13.5.121 1026 5352 NT Create AndX Response, FID: 0x080a SMB 11:10:56.654927
32 22.577938 0.000458 10.13.5.121 1026 10.13.159.153 139 5566 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:10:56.655385
33 22.579315 0.001377 10.13.159.153 139 10.13.5.121 1026 5748 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:10:56.656762
34 22.579492 0.000177 10.13.5.121 1026 10.13.159.153 139 5946 NetrRemoteTOD request SRVSVC 11:10:56.656939
35 22.580826 0.001334 10.13.159.153 139 10.13.5.121 1026 6140 NetrRemoteTOD response SRVSVC 11:10:56.658273
36 22.581105 0.000279 10.13.5.121 1026 10.13.159.153 139 6239 Close Request, FID: 0x080a SMB 11:10:56.658552
37 22.582006 0.000901 10.13.159.153 139 10.13.5.121 1026 6332 Close Response SMB 11:10:56.659453
38 22.643487 0.061481 10.13.5.121 1026 10.13.159.153 139 6490 NT Create AndX Request, Path: \srvsvc SMB 11:10:56.720934
39 22.644962 0.001475 10.13.159.153 139 10.13.5.121 1026 6651 NT Create AndX Response, FID: 0x080b SMB 11:10:56.722409
40 22.645199 0.000237 10.13.5.121 1026 10.13.159.153 139 6865 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:10:56.722646
41 22.646550 0.001351 10.13.159.153 139 10.13.5.121 1026 7047 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:10:56.723997
42 22.646839 0.000289 10.13.5.121 1026 10.13.159.153 139 7245 NetrRemoteTOD request SRVSVC 11:10:56.724286
43 22.648192 0.001353 10.13.159.153 139 10.13.5.121 1026 7439 NetrRemoteTOD response SRVSVC 11:10:56.725639
44 22.648459 0.000267 10.13.5.121 1026 10.13.159.153 139 7538 Close Request, FID: 0x080b SMB 11:10:56.725906
45 22.649365 0.000906 10.13.159.153 139 10.13.5.121 1026 7631 Close Response SMB 11:10:56.726812
46 22.774658 0.125293 10.13.5.121 1026 10.13.159.153 139 7691 1026 > netbios-ssn [ACK] Seq=2266 Ack=1925 Win=63787 Len=0 TCP 11:10:56.852105
47 41.407330 18.632672 10.13.5.121 138 10.13.159.153 138 7974 SAM LOGON request from client NETLOGON 11:11:15.484777
48 41.409515 0.002185 10.13.159.153 138 10.13.5.121 138 8224 SAM Response - user unknown NETLOGON 11:11:15.486962
49 43.257552 1.848037 10.13.5.121 1026 10.13.159.153 139 8323 Close Request, FID: 0x0805 SMB 11:11:17.334999
50 43.260912 0.003360 10.13.159.153 139 10.13.5.121 1026 8416 Close Response SMB 11:11:17.338359
51 43.261206 0.000294 10.13.5.121 1026 10.13.159.153 139 8515 Close Request, FID: 0x0807 SMB 11:11:17.338653
52 43.262090 0.000884 10.13.159.153 139 10.13.5.121 1026 8608 Close Response SMB 11:11:17.339537
53 43.444804 0.182714 10.13.5.121 1026 10.13.159.153 139 8668 1026 > netbios-ssn [ACK] Seq=2356 Ack=2003 Win=63709 Len=0 TCP 11:11:17.522251
54 45.785160 2.340356 10.13.5.121 1026 10.13.159.153 139 8826 NT Create AndX Request, Path: \lsarpc SMB 11:11:19.862607
55 45.786726 0.001566 10.13.159.153 139 10.13.5.121 1026 8987 NT Create AndX Response, FID: 0x080c SMB 11:11:19.864173
56 45.786969 0.000243 10.13.5.121 1026 10.13.159.153 139 9201 Bind: call_id: 1 UUID: LSA DCERPC 11:11:19.864416
57 45.788510 0.001541 10.13.159.153 139 10.13.5.121 1026 9383 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:19.865957
58 45.788881 0.000371 10.13.5.121 1026 10.13.159.153 139 9617 LsarOpenPolicy2 request, \\foobar LSA 11:11:19.866328
59 45.790392 0.001511 10.13.159.153 139 10.13.5.121 1026 9779 LsarOpenPolicy2 response LSA 11:11:19.867839
60 45.796711 0.006319 10.13.5.121 1026 10.13.159.153 139 9967 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:19.874158
61 45.798113 0.001402 10.13.159.153 139 10.13.5.121 1026 10173 LsarQueryInformationPolicy response LSA 11:11:19.875560
62 45.798423 0.000310 10.13.5.121 1026 10.13.159.153 139 10361 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:19.875870
63 45.800463 0.002040 10.13.159.153 139 10.13.5.121 1026 10567 LsarQueryInformationPolicy response LSA 11:11:19.877910
64 45.800943 0.000480 10.13.5.121 1026 10.13.159.153 139 10825 LsarLookupSids2 request LSA 11:11:19.878390
65 45.802271 0.001328 10.13.159.153 139 10.13.5.121 1026 10971 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:19.879718
66 45.802868 0.000597 10.13.5.121 1026 10.13.159.153 139 11221 LsarLookupSids request LSA 11:11:19.880315
67 45.804800 0.001932 10.13.159.153 139 10.13.5.121 1026 11507 LsarLookupSids response LSA 11:11:19.882247
68 45.805019 0.000219 10.13.5.121 1026 10.13.159.153 139 11693 LsarClose request LSA 11:11:19.882466
69 45.806248 0.001229 10.13.159.153 139 10.13.5.121 1026 11855 LsarClose response LSA 11:11:19.883695
70 45.806637 0.000389 10.13.5.121 1026 10.13.159.153 139 11954 Close Request, FID: 0x080c SMB 11:11:19.884084
71 45.807530 0.000893 10.13.159.153 139 10.13.5.121 1026 12047 Close Response SMB 11:11:19.884977
72 45.808854 0.001324 10.13.5.121 1026 10.13.159.153 139 12205 NT Create AndX Request, Path: \lsarpc SMB 11:11:19.886301
73 45.810212 0.001358 10.13.159.153 139 10.13.5.121 1026 12366 NT Create AndX Response, FID: 0x080d SMB 11:11:19.887659
74 45.810627 0.000415 10.13.5.121 1026 10.13.159.153 139 12580 Bind: call_id: 1 UUID: LSA DCERPC 11:11:19.888074
75 45.811948 0.001321 10.13.159.153 139 10.13.5.121 1026 12762 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:19.889395
76 45.812309 0.000361 10.13.5.121 1026 10.13.159.153 139 12996 LsarOpenPolicy2 request, \\foobar LSA 11:11:19.889756
77 45.813732 0.001423 10.13.159.153 139 10.13.5.121 1026 13158 LsarOpenPolicy2 response LSA 11:11:19.891179
78 45.814425 0.000693 10.13.5.121 1026 10.13.159.153 139 13346 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:19.891872
79 45.815790 0.001365 10.13.159.153 139 10.13.5.121 1026 13552 LsarQueryInformationPolicy response LSA 11:11:19.893237
80 45.816232 0.000442 10.13.5.121 1026 10.13.159.153 139 13740 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:19.893679
81 45.818670 0.002438 10.13.159.153 139 10.13.5.121 1026 13946 LsarQueryInformationPolicy response LSA 11:11:19.896117
82 45.818895 0.000225 10.13.5.121 1026 10.13.159.153 139 14204 LsarLookupSids2 request LSA 11:11:19.896342
83 45.819154 0.000259 10.13.159.153 139 10.13.5.121 1026 14350 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:19.896601
84 45.820455 0.001301 10.13.5.121 1026 10.13.159.153 139 14600 LsarLookupSids request LSA 11:11:19.897902
85 45.822421 0.001966 10.13.159.153 139 10.13.5.121 1026 14878 LsarLookupSids response LSA 11:11:19.899868
86 45.823325 0.000904 10.13.5.121 1026 10.13.159.153 139 15064 LsarClose request LSA 11:11:19.900772
87 45.824541 0.001216 10.13.159.153 139 10.13.5.121 1026 15226 LsarClose response LSA 11:11:19.901988
88 45.824796 0.000255 10.13.5.121 1026 10.13.159.153 139 15325 Close Request, FID: 0x080d SMB 11:11:19.902243
89 45.825688 0.000892 10.13.159.153 139 10.13.5.121 1026 15418 Close Response SMB 11:11:19.903135
90 45.826980 0.001292 10.13.5.121 1026 10.13.159.153 139 15576 NT Create AndX Request, Path: \lsarpc SMB 11:11:19.904427
91 45.828319 0.001339 10.13.159.153 139 10.13.5.121 1026 15737 NT Create AndX Response, FID: 0x080e SMB 11:11:19.905766
92 45.828532 0.000213 10.13.5.121 1026 10.13.159.153 139 15951 Bind: call_id: 1 UUID: LSA DCERPC 11:11:19.905979
93 45.830371 0.001839 10.13.159.153 139 10.13.5.121 1026 16133 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:19.907818
94 45.830685 0.000314 10.13.5.121 1026 10.13.159.153 139 16367 LsarOpenPolicy2 request, \\foobar LSA 11:11:19.908132
95 45.833136 0.002451 10.13.159.153 139 10.13.5.121 1026 16529 LsarOpenPolicy2 response LSA 11:11:19.910583
96 45.833365 0.000229 10.13.5.121 1026 10.13.159.153 139 16717 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:19.910812
97 45.835712 0.002347 10.13.159.153 139 10.13.5.121 1026 16923 LsarQueryInformationPolicy response LSA 11:11:19.913159
98 45.836023 0.000311 10.13.5.121 1026 10.13.159.153 139 17111 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:19.913470
99 45.837381 0.001358 10.13.159.153 139 10.13.5.121 1026 17317 LsarQueryInformationPolicy response LSA 11:11:19.914828
100 45.837764 0.000383 10.13.5.121 1026 10.13.159.153 139 17575 LsarLookupSids2 request LSA 11:11:19.915211
101 45.839128 0.001364 10.13.159.153 139 10.13.5.121 1026 17721 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:19.916575
102 45.839481 0.000353 10.13.5.121 1026 10.13.159.153 139 17971 LsarLookupSids request LSA 11:11:19.916928
103 45.841438 0.001957 10.13.159.153 139 10.13.5.121 1026 18249 LsarLookupSids response LSA 11:11:19.918885
104 45.841604 0.000166 10.13.5.121 1026 10.13.159.153 139 18435 LsarClose request LSA 11:11:19.919051
105 45.842835 0.001231 10.13.159.153 139 10.13.5.121 1026 18597 LsarClose response LSA 11:11:19.920282
106 45.843014 0.000179 10.13.5.121 1026 10.13.159.153 139 18696 Close Request, FID: 0x080e SMB 11:11:19.920461
107 45.843897 0.000883 10.13.159.153 139 10.13.5.121 1026 18789 Close Response SMB 11:11:19.921344
108 45.845215 0.001318 10.13.5.121 1026 10.13.159.153 139 18947 NT Create AndX Request, Path: \lsarpc SMB 11:11:19.922662
109 45.846552 0.001337 10.13.159.153 139 10.13.5.121 1026 19108 NT Create AndX Response, FID: 0x080f SMB 11:11:19.923999
110 45.846763 0.000211 10.13.5.121 1026 10.13.159.153 139 19322 Bind: call_id: 1 UUID: LSA DCERPC 11:11:19.924210
111 45.848081 0.001318 10.13.159.153 139 10.13.5.121 1026 19504 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:19.925528
112 45.848442 0.000361 10.13.5.121 1026 10.13.159.153 139 19738 LsarOpenPolicy2 request, \\foobar LSA 11:11:19.925889
113 45.849856 0.001414 10.13.159.153 139 10.13.5.121 1026 19900 LsarOpenPolicy2 response LSA 11:11:19.927303
114 45.850101 0.000245 10.13.5.121 1026 10.13.159.153 139 20088 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:19.927548
115 45.851468 0.001367 10.13.159.153 139 10.13.5.121 1026 20294 LsarQueryInformationPolicy response LSA 11:11:19.928915
116 45.851825 0.000357 10.13.5.121 1026 10.13.159.153 139 20482 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:19.929272
117 45.853178 0.001353 10.13.159.153 139 10.13.5.121 1026 20688 LsarQueryInformationPolicy response LSA 11:11:19.930625
118 45.853571 0.000393 10.13.5.121 1026 10.13.159.153 139 20946 LsarLookupSids2 request LSA 11:11:19.931018
119 45.854825 0.001254 10.13.159.153 139 10.13.5.121 1026 21092 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:19.932272
120 45.855401 0.000576 10.13.5.121 1026 10.13.159.153 139 21342 LsarLookupSids request LSA 11:11:19.932848
121 45.983886 0.128485 10.13.159.153 139 10.13.5.121 1026 21636 LsarLookupSids response LSA 11:11:20.061333
122 45.984488 0.000602 10.13.5.121 1026 10.13.159.153 139 21822 LsarClose request LSA 11:11:20.061935
123 45.985585 0.001097 10.13.159.153 139 10.13.5.121 1026 21984 LsarClose response LSA 11:11:20.063032
124 45.985740 0.000155 10.13.5.121 1026 10.13.159.153 139 22083 Close Request, FID: 0x080f SMB 11:11:20.063187
125 45.986642 0.000902 10.13.159.153 139 10.13.5.121 1026 22176 Close Response SMB 11:11:20.064089
126 45.987934 0.001292 10.13.5.121 1026 10.13.159.153 139 22334 NT Create AndX Request, Path: \lsarpc SMB 11:11:20.065381
127 45.989282 0.001348 10.13.159.153 139 10.13.5.121 1026 22495 NT Create AndX Response, FID: 0x1000 SMB 11:11:20.066729
128 45.989526 0.000244 10.13.5.121 1026 10.13.159.153 139 22709 Bind: call_id: 1 UUID: LSA DCERPC 11:11:20.066973
129 45.990851 0.001325 10.13.159.153 139 10.13.5.121 1026 22891 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:20.068298
130 45.991200 0.000349 10.13.5.121 1026 10.13.159.153 139 23125 LsarOpenPolicy2 request, \\foobar LSA 11:11:20.068647
131 45.992636 0.001436 10.13.159.153 139 10.13.5.121 1026 23287 LsarOpenPolicy2 response LSA 11:11:20.070083
132 45.992863 0.000227 10.13.5.121 1026 10.13.159.153 139 23475 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:20.070310
133 45.994245 0.001382 10.13.159.153 139 10.13.5.121 1026 23681 LsarQueryInformationPolicy response LSA 11:11:20.071692
134 45.994552 0.000307 10.13.5.121 1026 10.13.159.153 139 23869 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:20.071999
135 45.995932 0.001380 10.13.159.153 139 10.13.5.121 1026 24075 LsarQueryInformationPolicy response LSA 11:11:20.073379
136 45.996316 0.000384 10.13.5.121 1026 10.13.159.153 139 24333 LsarLookupSids2 request LSA 11:11:20.073763
137 45.997570 0.001254 10.13.159.153 139 10.13.5.121 1026 24479 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:20.075017
138 45.998019 0.000449 10.13.5.121 1026 10.13.159.153 139 24729 LsarLookupSids request LSA 11:11:20.075466
139 46.000009 0.001990 10.13.159.153 139 10.13.5.121 1026 25019 LsarLookupSids response LSA 11:11:20.077456
140 46.000421 0.000412 10.13.5.121 1026 10.13.159.153 139 25205 LsarClose request LSA 11:11:20.077868
141 46.001664 0.001243 10.13.159.153 139 10.13.5.121 1026 25367 LsarClose response LSA 11:11:20.079111
142 46.001821 0.000157 10.13.5.121 1026 10.13.159.153 139 25466 Close Request, FID: 0x1000 SMB 11:11:20.079268
143 46.002728 0.000907 10.13.159.153 139 10.13.5.121 1026 25559 Close Response SMB 11:11:20.080175
144 46.004142 0.001414 10.13.5.121 1026 10.13.159.153 139 25717 NT Create AndX Request, Path: \lsarpc SMB 11:11:20.081589
145 46.006257 0.002115 10.13.159.153 139 10.13.5.121 1026 25878 NT Create AndX Response, FID: 0x1001 SMB 11:11:20.083704
146 46.006612 0.000355 10.13.5.121 1026 10.13.159.153 139 26092 Bind: call_id: 1 UUID: LSA DCERPC 11:11:20.084059
147 46.008920 0.002308 10.13.159.153 139 10.13.5.121 1026 26274 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:20.086367
148 46.009309 0.000389 10.13.5.121 1026 10.13.159.153 139 26508 LsarOpenPolicy2 request, \\foobar LSA 11:11:20.086756
149 46.019739 0.010430 10.13.159.153 139 10.13.5.121 1026 26670 LsarOpenPolicy2 response LSA 11:11:20.097186
150 46.024965 0.005226 10.13.5.121 1026 10.13.159.153 139 26858 LsarQueryInformationPolicy request, Primary Domain Information LSA 11:11:20.102412
151 46.036460 0.011495 10.13.159.153 139 10.13.5.121 1026 27064 LsarQueryInformationPolicy response LSA 11:11:20.113907
152 46.036698 0.000238 10.13.5.121 1026 10.13.159.153 139 27252 LsarQueryInformationPolicy request, Account Domain Information LSA 11:11:20.114145
153 46.036881 0.000183 10.13.159.153 139 10.13.5.121 1026 27458 LsarQueryInformationPolicy response LSA 11:11:20.114328
154 46.037205 0.000324 10.13.5.121 1026 10.13.159.153 139 27716 LsarLookupSids2 request LSA 11:11:20.114652
155 46.037435 0.000230 10.13.159.153 139 10.13.5.121 1026 27862 Fault: call_id: 4 ctx_id: 0 status: nca_op_rng_error DCERPC 11:11:20.114882
156 46.038006 0.000571 10.13.5.121 1026 10.13.159.153 139 28112 LsarLookupSids request LSA 11:11:20.115453
157 46.153349 0.115343 10.13.159.153 139 10.13.5.121 1026 28172 netbios-ssn > 1026 [ACK] Seq=8328 Ack=9913 Win=7912 Len=0 TCP 11:11:20.230796
158 46.183506 0.030157 10.13.159.153 139 10.13.5.121 1026 28474 LsarLookupSids response LSA 11:11:20.260953
159 46.184026 0.000520 10.13.5.121 1026 10.13.159.153 139 28660 LsarClose request LSA 11:11:20.261473
160 46.184175 0.000149 10.13.159.153 139 10.13.5.121 1026 28822 LsarClose response LSA 11:11:20.261622
161 46.184488 0.000313 10.13.5.121 1026 10.13.159.153 139 28921 Close Request, FID: 0x1001 SMB 11:11:20.261935
162 46.194914 0.010426 10.13.159.153 139 10.13.5.121 1026 29014 Close Response SMB 11:11:20.272361
163 46.288337 0.093423 10.13.5.121 1026 10.13.159.153 139 29074 1026 > netbios-ssn [ACK] Seq=10090 Ack=8723 Win=63067 Len=0 TCP 11:11:20.365784
164 48.739184 2.450847 10.13.5.121 1026 10.13.159.153 139 29234 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \ntconfig.pol SMB 11:11:22.816631
165 48.740201 0.001017 10.13.159.153 139 10.13.5.121 1026 29327 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB 11:11:22.817648
166 48.913181 0.172980 10.13.5.121 1026 10.13.159.153 139 29387 1026 > netbios-ssn [ACK] Seq=10196 Ack=8762 Win=63028 Len=0 TCP 11:11:22.990628
167 50.821731 1.908550 10.13.5.121 138 10.13.159.153 138 29719 SAM LOGON request from client NETLOGON 11:11:24.899178
168 50.823944 0.002213 10.13.159.153 138 10.13.5.121 138 29991 Response to SAM LOGON request NETLOGON 11:11:24.901391
169 50.929305 0.105361 10.13.5.121 1026 10.13.159.153 139 30149 NT Create AndX Request, Path: \srvsvc SMB 11:11:25.006752
170 50.930849 0.001544 10.13.159.153 139 10.13.5.121 1026 30310 NT Create AndX Response, FID: 0x1002 SMB 11:11:25.008296
171 50.931148 0.000299 10.13.5.121 1026 10.13.159.153 139 30524 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:11:25.008595
172 50.932672 0.001524 10.13.159.153 139 10.13.5.121 1026 30706 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:25.010119
173 50.933008 0.000336 10.13.5.121 1026 10.13.159.153 139 30908 NetrServerGetInfo request, \\foobar SRVSVC 11:11:25.010455
174 50.934738 0.001730 10.13.159.153 139 10.13.5.121 1026 31182 NetrServerGetInfo response, SQL Server, Backup Controller, Domain Member Server, Dialin Server, NT Workstation, Unknown server type:14, NT Server, Potential Browser, OSF, Workstation, Server, Backup Controller, NT Workstation, Master Browser SRVSVC 11:11:25.012185
175 50.934899 0.000161 10.13.5.121 1026 10.13.159.153 139 31281 Close Request, FID: 0x1002 SMB 11:11:25.012346
176 50.935811 0.000912 10.13.159.153 139 10.13.5.121 1026 31374 Close Response SMB 11:11:25.013258
177 51.022961 0.087150 10.13.5.121 138 10.13.159.153 138 31706 SAM LOGON request from client NETLOGON 11:11:25.100408
178 51.025101 0.002140 10.13.159.153 138 10.13.5.121 138 31978 Response to SAM LOGON request NETLOGON 11:11:25.102548
179 51.100437 0.075336 10.13.5.121 1026 10.13.159.153 139 32038 1026 > netbios-ssn [ACK] Seq=10653 Ack=9256 Win=64201 Len=0 TCP 11:11:25.177884
180 51.132353 0.031916 10.13.5.121 1026 10.13.159.153 139 32196 NT Create AndX Request, Path: \srvsvc SMB 11:11:25.209800
181 51.133835 0.001482 10.13.159.153 139 10.13.5.121 1026 32357 NT Create AndX Response, FID: 0x1003 SMB 11:11:25.211282
182 51.134187 0.000352 10.13.5.121 1026 10.13.159.153 139 32571 Bind: call_id: 1 UUID: SRVSVC DCERPC 11:11:25.211634
183 51.135536 0.001349 10.13.159.153 139 10.13.5.121 1026 32753 Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 DCERPC 11:11:25.212983
184 51.135819 0.000283 10.13.5.121 1026 10.13.159.153 139 32955 NetrServerGetInfo request, \\foobar SRVSVC 11:11:25.213266
185 51.137053 0.001234 10.13.159.153 139 10.13.5.121 1026 33105 NetrServerGetInfo response, Access denied SRVSVC 11:11:25.214500
186 51.137209 0.000156 10.13.5.121 1026 10.13.159.153 139 33204 Close Request, FID: 0x1003 SMB 11:11:25.214656
187 51.138113 0.000904 10.13.159.153 139 10.13.5.121 1026 33297 Close Response SMB 11:11:25.215560
188 51.319166 0.181053 10.13.5.121 1026 10.13.159.153 139 33357 1026 > netbios-ssn [ACK] Seq=11110 Ack=9626 Win=63831 Len=0 TCP 11:11:25.396613
189 55.039252 3.720086 10.13.5.121 1026 10.13.159.153 139 33517 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \ntconfig.pol SMB 11:11:29.116699
190 55.040367 0.001115 10.13.159.153 139 10.13.5.121 1026 33610 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB 11:11:29.117814
191 55.256403 0.216036 10.13.5.121 1026 10.13.159.153 139 33670 1026 > netbios-ssn [ACK] Seq=11216 Ack=9665 Win=63792 Len=0 TCP 11:11:29.333850
192 61.029298 5.772895 10.13.5.121 1026 10.13.159.153 139 33830 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \ntconfig.pol SMB 11:11:35.106745
193 61.030331 0.001033 10.13.159.153 139 10.13.5.121 1026 33923 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB 11:11:35.107778
194 61.162136 0.131805 10.13.5.121 1026 10.13.159.153 139 33983 1026 > netbios-ssn [ACK] Seq=11322 Ack=9704 Win=63753 Len=0 TCP 11:11:35.239583
195 91.354773 30.192637 10.13.5.121 1026 10.13.159.153 139 34076 Tree Disconnect Request SMB 11:12:05.432220
196 91.355610 0.000837 10.13.159.153 139 10.13.5.121 1026 34169 Tree Disconnect Response SMB 11:12:05.433057
197 91.355828 0.000218 10.13.5.121 1026 10.13.159.153 139 34266 Logoff AndX Request SMB 11:12:05.433275
198 91.356607 0.000779 10.13.159.153 139 10.13.5.121 1026 34363 Logoff AndX Response SMB 11:12:05.434054
199 91.356834 0.000227 10.13.5.121 1026 10.13.159.153 139 34456 Tree Disconnect Request SMB 11:12:05.434281
200 91.357582 0.000748 10.13.159.153 139 10.13.5.121 1026 34549 Tree Disconnect Response SMB 11:12:05.435029
201 91.565883 0.208301 10.13.5.121 1026 10.13.159.153 139 34609 1026 > netbios-ssn [ACK] Seq=11443 Ack=9825 Win=63632 Len=0 TCP 11:12:05.643330