Aparte de este equipo tengo otros 10 equipos con el mismo S.O., software, permisos y que se usan para la misma función y que no meten nada de este tráfico.
¿Me pueden descifrar esta trama.? Gracias.
Código HTML:
No. Time Source Destination Protocol Info 13765 569.652529 1.2.3.140 1.2.255.255 BROWSER Browser Election Request Frame 13765 (228 bytes on wire, 228 bytes captured) Arrival Time: Feb 6, 2006 10:10:44.618439000 Time delta from previous packet: 0.928928000 seconds Time since reference or first frame: 569.652529000 seconds Frame Number: 13765 Packet Length: 228 bytes Capture Length: 228 bytes Protocols in frame: eth:ip:udp:nbdgm:smb:browser Ethernet II, Src: 00:60:94:1a:64:d3, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:60:94:1a:64:d3 (Ibm_1a:64:d3) Type: IP (0x0800) Internet Protocol, Src Addr: 1.2.3.140 (1.2.3.140), Dst Addr: 1.2.255.255 (1.2.255.255) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 214 Identification: 0x571c (22300) Flags: 0x00 Fragment offset: 0 Time to live: 32 Protocol: UDP (0x11) Header checksum: 0x0a69 (correct) Source: 1.2.3.140 (1.2.3.140) Destination: 1.2.255.255 (1.2.255.255) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) Source port: netbios-dgm (138) Destination port: netbios-dgm (138) Length: 194 Checksum: 0xdaf4 (correct) NetBIOS Datagram Service Message Type: Direct_group datagram (17) More fragments follow: No This is first fragment: Yes Node Type: B node (0) Datagram ID: 0x03b1 Source IP: 1.2.3.140 (1.2.3.140) Source Port: 138 Datagram length: 172 bytes Packet offset: 0 bytes Source name: 908<20> (Server service) Destination name: SERVIDO1<1e> (Browser Election Service) SMB (Server Message Block Protocol) SMB Header Server Component: SMB SMB Command: Trans (0x25) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0000 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 0 Process ID: 0 User ID: 0 Multiplex ID: 0 Trans Request (0x25) Word Count (WCT): 17 Total Parameter Count: 0 Total Data Count: 18 Max Parameter Count: 0 Max Data Count: 0 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 0 Parameter Offset: 0 Data Count: 18 Data Offset: 86 Setup Count: 3 Reserved: 00 Byte Count (BCC): 35 Transaction Name: \MAILSLOT\BROWSE SMB MailSlot Protocol Opcode: Write Mail Slot (1) Priority: 1 Class: Unreliable & Broadcast (2) Size: 35 Mailslot Name: \MAILSLOT\BROWSE Microsoft Windows Browser Protocol Command: Browser Election Request (0x08) Election Version: 1 Election Criteria: 0x00000000 Election Desire: 0x00 .... ...0 = Backup: NOT Backup Browse Server .... ..0. = Standby: NOT Standby Browse Server .... .0.. = Master: NOT Master Browser .... 0... = Domain Master: NOT Domain Master Browse Server ..0. .... = WINS: NOT WINS Client 0... .... = NT: NOT Windows NT Advanced Server Browser Protocol Major Version: 0 Browser Protocol Minor Version: 0 Election OS: 0x00 .... ...0 = WfW: Not Windows for Workgroups ...0 .... = NT Workstation: Not Windows NT Workstation ..0. .... = NT Server: Not Windows NT Server Uptime: 0 time Server Name: 908