Ver Mensaje Individual
  #1 (permalink)  
Antiguo 06/02/2006, 03:27
pellagofio
 
Fecha de Ingreso: noviembre-2003
Mensajes: 383
Antigüedad: 21 años
Puntos: 2
Descifrar trama de red.

Tengo un equipo con Windows 95 que está metiendo muchas tramas en la red como la que aparece abajo.
Aparte de este equipo tengo otros 10 equipos con el mismo S.O., software, permisos y que se usan para la misma función y que no meten nada de este tráfico.
¿Me pueden descifrar esta trama.? Gracias.


Código HTML:
No.     Time        Source                Destination           Protocol Info
  13765 569.652529  1.2.3.140           1.2.255.255         BROWSER  Browser Election Request

Frame 13765 (228 bytes on wire, 228 bytes captured)
    Arrival Time: Feb  6, 2006 10:10:44.618439000
    Time delta from previous packet: 0.928928000 seconds
    Time since reference or first frame: 569.652529000 seconds
    Frame Number: 13765
    Packet Length: 228 bytes
    Capture Length: 228 bytes
    Protocols in frame: eth:ip:udp:nbdgm:smb:browser
Ethernet II, Src: 00:60:94:1a:64:d3, Dst: ff:ff:ff:ff:ff:ff
    Destination: ff:ff:ff:ff:ff:ff (Broadcast)
    Source: 00:60:94:1a:64:d3 (Ibm_1a:64:d3)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 1.2.3.140 (1.2.3.140), Dst Addr: 1.2.255.255 (1.2.255.255)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 214
    Identification: 0x571c (22300)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 32
    Protocol: UDP (0x11)
    Header checksum: 0x0a69 (correct)
    Source: 1.2.3.140 (1.2.3.140)
    Destination: 1.2.255.255 (1.2.255.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
    Source port: netbios-dgm (138)
    Destination port: netbios-dgm (138)
    Length: 194
    Checksum: 0xdaf4 (correct)
NetBIOS Datagram Service
    Message Type: Direct_group datagram (17)
    More fragments follow: No
    This is first fragment: Yes
    Node Type: B node (0)
    Datagram ID: 0x03b1
    Source IP: 1.2.3.140 (1.2.3.140)
    Source Port: 138
    Datagram length: 172 bytes
    Packet offset: 0 bytes
    Source name: 908<20> (Server service)
    Destination name: SERVIDO1<1e> (Browser Election Service)
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Trans (0x25)
        Error Class: Success (0x00)
        Reserved: 00
        Error Code: No Error
        Flags: 0x00
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
            .... 0... = Case Sensitivity: Path names are case sensitive
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0x0000
            0... .... .... .... = Unicode Strings: Strings are ASCII
            .0.. .... .... .... = Error Code Type: Error codes are DOS error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported
            .... .... .0.. .... = Long Names Used: Path names in request are not long file names
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..0. = Extended Attributes: Extended attributes are not supported
            .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 0
        Process ID: 0
        User ID: 0
        Multiplex ID: 0
    Trans Request (0x25)
        Word Count (WCT): 17
        Total Parameter Count: 0
        Total Data Count: 18
        Max Parameter Count: 0
        Max Data Count: 0
        Max Setup Count: 0
        Reserved: 00
        Flags: 0x0000
            .... .... .... ..0. = One Way Transaction: Two way transaction
            .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
        Timeout: Return immediately (0)
        Reserved: 0000
        Parameter Count: 0
        Parameter Offset: 0
        Data Count: 18
        Data Offset: 86
        Setup Count: 3
        Reserved: 00
        Byte Count (BCC): 35
        Transaction Name: \MAILSLOT\BROWSE
SMB MailSlot Protocol
    Opcode: Write Mail Slot (1)
    Priority: 1
    Class: Unreliable & Broadcast (2)
    Size: 35
    Mailslot Name: \MAILSLOT\BROWSE
Microsoft Windows Browser Protocol
    Command: Browser Election Request (0x08)
    Election Version: 1
    Election Criteria: 0x00000000
        Election Desire: 0x00
            .... ...0 = Backup: NOT Backup Browse Server
            .... ..0. = Standby: NOT Standby Browse Server
            .... .0.. = Master: NOT Master Browser
            .... 0... = Domain Master: NOT Domain Master Browse Server
            ..0. .... = WINS: NOT WINS Client
            0... .... = NT: NOT Windows NT Advanced Server
        Browser Protocol Major Version: 0
        Browser Protocol Minor Version: 0
        Election OS: 0x00
            .... ...0 = WfW: Not Windows for Workgroups
            ...0 .... = NT Workstation: Not Windows NT Workstation
            ..0. .... = NT Server: Not Windows NT Server
    Uptime: 0 time
    Server Name: 908