Aparte de este equipo tengo otros 10 equipos con el mismo S.O., software, permisos y que se usan para la misma función y que no meten nada de este tráfico.
¿Me pueden descifrar esta trama.? Gracias.
Código HTML:
No. Time Source Destination Protocol Info
13765 569.652529 1.2.3.140 1.2.255.255 BROWSER Browser Election Request
Frame 13765 (228 bytes on wire, 228 bytes captured)
Arrival Time: Feb 6, 2006 10:10:44.618439000
Time delta from previous packet: 0.928928000 seconds
Time since reference or first frame: 569.652529000 seconds
Frame Number: 13765
Packet Length: 228 bytes
Capture Length: 228 bytes
Protocols in frame: eth:ip:udp:nbdgm:smb:browser
Ethernet II, Src: 00:60:94:1a:64:d3, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff (Broadcast)
Source: 00:60:94:1a:64:d3 (Ibm_1a:64:d3)
Type: IP (0x0800)
Internet Protocol, Src Addr: 1.2.3.140 (1.2.3.140), Dst Addr: 1.2.255.255 (1.2.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 214
Identification: 0x571c (22300)
Flags: 0x00
Fragment offset: 0
Time to live: 32
Protocol: UDP (0x11)
Header checksum: 0x0a69 (correct)
Source: 1.2.3.140 (1.2.3.140)
Destination: 1.2.255.255 (1.2.255.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
Source port: netbios-dgm (138)
Destination port: netbios-dgm (138)
Length: 194
Checksum: 0xdaf4 (correct)
NetBIOS Datagram Service
Message Type: Direct_group datagram (17)
More fragments follow: No
This is first fragment: Yes
Node Type: B node (0)
Datagram ID: 0x03b1
Source IP: 1.2.3.140 (1.2.3.140)
Source Port: 138
Datagram length: 172 bytes
Packet offset: 0 bytes
Source name: 908<20> (Server service)
Destination name: SERVIDO1<1e> (Browser Election Service)
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0x0000
0... .... .... .... = Unicode Strings: Strings are ASCII
.0.. .... .... .... = Error Code Type: Error codes are DOS error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 0
User ID: 0
Multiplex ID: 0
Trans Request (0x25)
Word Count (WCT): 17
Total Parameter Count: 0
Total Data Count: 18
Max Parameter Count: 0
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 0
Data Count: 18
Data Offset: 86
Setup Count: 3
Reserved: 00
Byte Count (BCC): 35
Transaction Name: \MAILSLOT\BROWSE
SMB MailSlot Protocol
Opcode: Write Mail Slot (1)
Priority: 1
Class: Unreliable & Broadcast (2)
Size: 35
Mailslot Name: \MAILSLOT\BROWSE
Microsoft Windows Browser Protocol
Command: Browser Election Request (0x08)
Election Version: 1
Election Criteria: 0x00000000
Election Desire: 0x00
.... ...0 = Backup: NOT Backup Browse Server
.... ..0. = Standby: NOT Standby Browse Server
.... .0.. = Master: NOT Master Browser
.... 0... = Domain Master: NOT Domain Master Browse Server
..0. .... = WINS: NOT WINS Client
0... .... = NT: NOT Windows NT Advanced Server
Browser Protocol Major Version: 0
Browser Protocol Minor Version: 0
Election OS: 0x00
.... ...0 = WfW: Not Windows for Workgroups
...0 .... = NT Workstation: Not Windows NT Workstation
..0. .... = NT Server: Not Windows NT Server
Uptime: 0 time
Server Name: 908
