My Linux box is in a Windows domain network but I never joined my Linux to the windows domain. I did below command:
Code: Select all
$ sudo tcpdump -i eth1 net 172 and dst host "MY IP" and port 445
Code: Select all
12:16:29.700792 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [S.], seq 381694702, ack 2634118497, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 38509174 ecr 2358727], length 0
12:16:29.701558 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 1:253, ack 160, win 260, options [nop,nop,TS val 38509174 ecr 2358727], length 252 SMB-over-TCP packet:(raw data or continuation?)
12:16:29.702264 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 253:505, ack 268, win 259, options [nop,nop,TS val 38509174 ecr 2358727], length 252 SMB-over-TCP packet:(raw data or continuation?)
12:16:29.703838 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [.], ack 3279, win 260, options [nop,nop,TS val 38509174 ecr 2358728], length 0
12:16:29.704651 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 505:765, ack 3279, win 260, options [nop,nop,TS val 38509174 ecr 2358728], length 260 SMB-over-TCP packet:(raw data or continuation?)
12:16:29.705419 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 765:849, ack 3401, win 259, options [nop,nop,TS val 38509174 ecr 2358728], length 84 SMB-over-TCP packet:(raw data or continuation?)
12:16:29.706187 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 849:1149, ack 3529, win 259, options [nop,nop,TS val 38509174 ecr 2358728], length 300 SMB-over-TCP packet:(raw data or continuation?)
12:16:39.881678 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 1149:1221, ack 3601, win 258, options [nop,nop,TS val 38510192 ecr 2361272], length 72 SMB-over-TCP packet:(raw data or continuation?)
12:16:39.882314 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [P.], seq 1221:1293, ack 3673, win 258, options [nop,nop,TS val 38510192 ecr 2361272], length 72 SMB-over-TCP packet:(raw data or continuation?)
12:16:39.882818 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [.], ack 3674, win 258, options [nop,nop,TS val 38510192 ecr 2361273], length 0
12:16:39.882958 IP DC.MyDC.xyz.microsoft-ds > "MY IP".57627: Flags [R.], seq 1293, ack 3674, win 0, length 0
Thank you.