JustPaste.it - Share Text & Images the Easy Way

Session Setup request, NTLMSSP_Negotiate

Internet Protocol Version 4, Src: 10.239.4.95, Dst: 10.239.1.145
Transmission Control Protocol, Src Port: 64375, Dst Port: 445, Seq: 252, Ack: 505, Len: 166
NetBIOS Session Service
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 1
Channel Sequence: 0
Reserved: 0000
Command: Session Setup (1)
Credits requested: 33
Flags: 0x00000000
Chain Offset: 0x00000000
Message ID: Unknown (2)
Process Id: 0x0000feff
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
Session Setup Request (0x01)
[Preauth Hash: 391df1b02ea87c0a55fe9b01bf696e40a79d2ea1780d7e35…]
StructureSize: 0x0019
0000 0000 0001 100. = Fixed Part Length: 12
.... .... .... ...1 = Dynamic Part: True
Flags: 0
.... ...0 = Session Binding Request: False
Security mode: 0x02, Signing required
.... ...0 = Signing enabled: False
.... ..1. = Signing required: True
Capabilities: 0x00000001, DFS
.... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
.... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
.... .... .... .... .... .... .... .0.. = LARGE MTU: This host does NOT support LARGE_MTU
.... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
.... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
.... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
.... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
Channel: None (0x00000000)
Previous Session Id: 0x0000000000000000
Blob Offset: 0x00000058
Blob Length: 74
Security Blob: 604806062b0601050502a03e303ca00e300c060a2b060104…
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 1 item
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
mechToken: 4e544c4d5353500001000000978208e20000000000000000…
NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Negotiate Flags: 0xe2088297, Negotiate 56, Negotiate Key Exchange, Negotiate 128, Negotiate Version, Negotiate Extended Security, Negotiate Always Sign, Negotiate NTLM key, Negotiate Lan Manager Key, Negotiate Sign, Request Target, Negotia
Calling workstation domain: NULL
Calling workstation name: NULL
Version 10.0 (Build 17134); NTLM Current Revision 15
Major Version: 10
Minor Version: 0
Build Number: 17134
NTLM Current Revision: 15

386 5.484167 10.239.1.145 10.239.4.95 SMB2 306 [TCP Spurious Retransmission] Negotiate Protocol Response

Frame 386: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface \Device\NPF_{B37C9405-418A-4408-8B11-0663A3091D62}, id 0
Ethernet II, Src: Cisco_ff:fc:0c (00:08:e3:ff:fc:0c), Dst: HewlettP_4d:63:5c (18:60:24:4d:63:5c)
Internet Protocol Version 4, Src: 10.239.1.145, Dst: 10.239.4.95
Transmission Control Protocol, Src Port: 445, Dst Port: 64375, Seq: 253, Ack: 252, Len: 252
NetBIOS Session Service
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Negotiate Protocol (0)
Credits granted: 1
Flags: 0x00000001, Response
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: Unknown (1)
Process Id: 0x0000feff
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
[Response to: 374]
[Time from request: 0.318173000 seconds]
Negotiate Protocol Response (0x00)
[Preauth Hash: 4a7b8a5188d0ad35638725ae038c0ade7c8b7555d595b189…]
StructureSize: 0x0041
0000 0000 0100 000. = Fixed Part Length: 32
.... .... .... ...1 = Dynamic Part: True
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
Dialect: SMB 2.1 (0x0210)
NegotiateContextCount: 0
Server Guid: 230879b3-79e7-4e6f-a5e6-1d379f6a9957
Capabilities: 0x00000007, DFS, LEASING, LARGE MTU
.... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
.... .... .... .... .... .... .... ..1. = LEASING: This host supports LEASING
.... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
.... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
.... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
.... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
.... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
Max Transaction Size: 1048576
Max Read Size: 1048576
Max Write Size: 1048576
Current Time: Jan 22, 2020 13:12:25.084801300 South Africa Standard Time
Boot Time: Jan 22, 2020 11:15:35.369708600 South Africa Standard Time
Blob Offset: 0x00000080
Blob Length: 120
Security Blob: 607606062b0601050502a06c306aa03c303a060a2b060104…
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 5 items
MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX - SPNEGO Extended Negotiation Security Mechanism)
MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
negHints
hintName: not_defined_in_RFC4178@please_ignore
NegotiateContextOffset: 0x3110001