OK, turing.

<- leave blank

Tue May 22 11:49:12 EDT 2018

#!/usr/bin/env python3

import random

# число элементов в списке, влияет на потребляемую память
n = 50 * 1000 * 1000

# число итераций замены элементов списка
c = 3

print('Наполняем список случайными числами...')

# добавляем в пустой список n случайных чисел
x = []
for _ in range(n):
    x.append(random.random())

for i in range(c):
    print('Читение и запись новых значений, итерация {} из {}'.format(i + 1, c))

    # заменяем элементы списка на новые
    for i in range(n):
	x[i] = x[i] * 0.999

del x


Mon May 21 12:31:57 EDT 2018
[Good output]
term% mount -c /srv/dos /n/9 /dev/sdC0/9fat
dossrv 404:<-Tversion tag 65535 msize 8216 version '9P2000'
dossrv 404:->Rversion tag 65535 msize 8216 version '9P2000'
dossrv 404:<-Tauth tag 2 afid 272 uname glenda aname /dev/sdC0/9fat
dossrv 404:->Rerror tag 2 ename dossrv: authentication not required
dossrv 404:<-Tattach tag 2 fid 272 afid -1 uname glenda aname /dev/sdC0/9fat
alloc "/dev/sdC0/9fat", dev=3...[tread 0+0...done]magic: 0xeb 0x58 0x90
version: "Plan9.00"
sectsize: 512
clustsize: 8
nresrv: 2
nfats: 2
rootsize: 512
volsize: 0
mediadesc: 0xf8
fatsize: 100
trksize: 63
nheads: 255
nhidden: 63
bigvolsize: 204800
driveno: 128
reserved0: 0x00
bootsig: 0x29
volid: 0x00000000
label: "PLAN9 "
fatbits=16 (25572 clusters)...fat 0: 2...fat 1: 102...root: 202...data:
234...dossrv 404:->Rattach tag 2 qid (0000000000000000 0 d)

[Bad output]
term% mount -c /srv/dos /n/9 /dev/sdC0/9fat
dossrv 404:<-Tversion tag 65535 msize 8216 version '9P2000'
dossrv 404:->Rversion tag 65535 msize 8216 version '9P2000'
dossrv 404:<-Tauth tag 2 afid 272 uname glenda aname /dev/sdC0/9fat
dossrv 404:->Rerror tag 2 ename dossrv: authentication not required
dossrv 404:<-Tattach tag 2 fid 272 afid -1 uname glenda aname /dev/sdC0/9fat
alloc "/dev/sdC0/9fat", dev=3...[tread 0+0...done]bad sig 13 00 00nfree
"/dev/sdE2/9fat", dev=3...dossrv 911:->Rerror tag 7 ename unknown format
mount: mount /n/9: unknown format



Mon May 21 06:55:55 EDT 2018
#!/usr/bin/env python3

import os
import signal
import operator
from time import sleep

###########################################################################################

k = 0.0042
oom_score_min = 10
t_min = 0.5

rate_mem = 3
rate_swap = 1
rate_zram = 0.5

# уровни доступной памяти для срабатывания киллеров
mem_term_level = 200 # MiB
mem_kill_level = 100 # MiB

swap_term_level = 200 # MiB
swap_kill_level = 100 # MiB

zram_term_level = 3 * 1024 # MiB
zram_kill_level = 4 * 1024 # MiB


mtl = mem_term_level * 1024
mkl = mem_kill_level * 1024
stl = swap_term_level * 1024
skl = swap_kill_level * 1024
ztl = zram_term_level * 1024
zkl = zram_kill_level * 1024


###########################################################################################

# перевод дроби в проценты
def percent(num):
    a = str(round(num * 100, 1)).split('.')
    a0 = a[0].rjust(3, ' ')
    a1 = a[1]
    return '{}.{}'.format(a0, a1)


# B -> MiB, KiB -> GiB
def human(num):
    a = str(round(num / 1048576, 3))
    a0 = a.split('.')[0].rjust(4, ' ')
    a1 = a.split('.')[1]
    if len(a1) == 1:
	a1 += '00'
    if len(a1) == 2:
	a1 += '0'
    return '{}.{}'.format(a0, a1)


# возвращает disksize и mem_used_total по zram id
def zram_stat(zram_id):

    try:
	with open('/sys/block/' + zram_id + '/disksize') as file:
	    disksize = file.readlines()
    except FileNotFoundError:
	return '0', '0'

    if disksize == ['0\n']:
	return '0', '0'

    try:

	with open('/sys/block/' + zram_id + '/mm_stat') as file:
	    mm_stat = file.readlines()[0][:-1].split(' ')

	mm_stat_list = []

	# улучшить, сократить цикл
	for i in mm_stat:
	    if i != '':
		mm_stat_list.append(i)

	mem_used_total = mm_stat_list[2]

    except FileNotFoundError:

	with open('/sys/block/' + zram_id + '/mem_used_total') as file:
	    mem_used_total = file.readlines()[0][:-1]

    return disksize[0][:-1], mem_used_total # BYTES, str


# имя через пид
def pid_to_name(pid):
    try:
	with open('/proc/' + pid + '/status') as f:
	    for line in f:
		return line[:-1].split('\t')[1]
    except FileNotFoundError:
	return '<unknown1>'
    except ProcessLookupError:
	return '<unknown2>'


# поиск пид жертвы
def find_victim(signal):

    oom_list = []

    for i in os.listdir('/proc'):

	if i.isdigit() is not True:
	    continue

	try:
	    with open('/proc/' + i + '/oom_score') as file:
		oom_score = int(file.readlines()[0][:-1])
	except FileNotFoundError:
	    oom_score = 0

	oom_list.append((i, oom_score))

    pid_tuple = sorted(oom_list, key=operator.itemgetter(1), reverse=True)[0]
    oom_score = pid_tuple[1]

    if oom_score >= oom_score_min:

	pid = pid_tuple[0]

	name = pid_to_name(pid)

	print('\nSend signal {} to process {}, Pid {}, oom_score
	{}'.format(signal, name, pid, oom_score))

	try:
	    os.kill(int(pid), signal)
	    print('Success\n')
	except ProcessLookupError:
	    print('No such process\n')
	except PermissionError:
	    print('Operation not permitted\n')

    else:

	print('\noom_score {} < oom_score_min {}\n'.format(oom_score,
	oom_score_min))


###########################################################################################


# START

# повышаем приоритет

try:
    os.nice(-20)
    print('nice = -20')
except PermissionError:
    pass


# снизить oom_adj


# ищем позиции

with open('/proc/meminfo') as file:
    mem_list = file.readlines()

mem_list_names = []
for s in mem_list:
    mem_list_names.append(s.split(':')[0])

if mem_list_names[2] != 'MemAvailable':
    print('Your Linux kernel is too old (3.14+ requied), bye!')
    exit()

swap_total_index = mem_list_names.index('SwapTotal')
swap_free_index = swap_total_index + 1

mem_total = int(mem_list[0].split(':')[1].split(' ')[-2])


###########################################################################################




# рабочий цикл
while True:

    # находим mem_available, swap_total, swap_free
    with open('/proc/meminfo') as f:
	for n, line in enumerate(f):
	    if n == 2:
		mem_available = int(line.split(':')[1].split(' ')[-2])
		continue
	    if n == swap_total_index:
		swap_total = int(line.split(':')[1].split(' ')[-2])
		continue
	    if n == swap_free_index:
		swap_free = int(line.split(':')[1].split(' ')[-2])
		break

    # тут находим фулл зрам
    disksize_sum = 0
    mem_used_total_sum = 0

    for dev in os.listdir('/sys/block'):

	if dev.startswith('zram'):

	    stat = zram_stat(dev)

	    disksize_sum += int(stat[0])
	    mem_used_total_sum += int(stat[1])

    full_zram = (disksize_sum * k + mem_used_total_sum) / 1024.0


    # если не печатать периоды, то можно это вынести в конец
    t_mem = mem_available / 1024.0 / 1024.0 / rate_mem

    t_swap = swap_free / 1024.0 / 1024.0 / rate_swap

    # fullzram может превысить 09, будет отриц значение
    # memtotal * 0.9 - это фактически макс память для зрам
    t_zram = (mem_total * 0.8 - full_zram) / 1024.0 / 1024.0 / rate_zram
    if t_zram <= 0:
	t_zram = 0.01

    t1 = t_mem + t_swap
    t2 = t_mem + t_zram

    if t1 <= t2:
	t = t1
    else:
	t = t2


    print(
	'MA: {} G, SA: {} G, ZF: {} G, Periods: {} {}'.format(
	    human(mem_available),
	    human(swap_free),
	    human(full_zram),
	    round(t1, 1),
	    round(t2, 1)
	    )
	)

    if mem_available < mkl and swap_free < skl:
	print('\nmem_available < mkl and swap_free < skl')
	find_victim(signal.SIGKILL)
	sleep(t_min)
	continue

    if full_zram > zkl:
	print('\nfull_zram > zkl')
	find_victim(signal.SIGKILL)
	sleep(t_min)
	continue

    if mem_available < mtl and swap_free < stl:
	print('\nmem_available < mtl and swap_free < stl')
	find_victim(signal.SIGTERM)
	sleep(t_min)

    if full_zram > ztl:
	print('\nzram_part > zram_tl')
	find_victim(signal.SIGTERM)
	sleep(t_min)


    sleep(t)





Sun May 20 17:46:39 EDT 2018
use std
use sys
use thread

use "types"

pkg event =
	generic wait : (h : hub(@ev)# -> @ev#)
	generic chain : (m : hub(@mev)#, s : hub(@sev)#, cvt : (e : @sev ->
	@mev) -> void)
	generic add : (h : hub(@ev)#, fn : (-> @ev) -> void)
	generic addfd : (h : hub(@ev)#, fd : std.fd, fn : (fd : std.fd -> @ev)
	-> void)
;;

generic wait = {hub
	var p, r

	thread.mtxlock(&hub.qmtx)
	/* find tag for rendezvous */
	for evp : [hub.refrp, hub.mousep, hub.kbdp][:]
		if evp != (0 : void#)
			p = evp
			goto found
		;;
	;;

	/* if we couldn't find a tag, enqueue ourselves */
	p = (hub : void#)
	for qp : [&hub.refrp, &hub.mousep, &hub.kbdp][:]
		qp# = p
	;;
:found
	thread.mtxunlock(&hub.qmtx)

	r = (-1 : void#)
	while r == (-1 : void#)
		r = sys.rendezvous(p, (0 : void#))
	;;

	/* now dequeue */
	thread.mtxlock(&hub.qmtx)
	for qp : [&hub.refrp, &hub.mousep, &hub.kbdp][:]
		if qp# == (hub : void#)
			qp# = (0 : void#)
		;;
	;;
	thread.mtxunlock(&hub.qmtx)
	-> (r : @ev#)
}

const send = {hub, qp, evp
	var p, r

	thread.mtxlock(&hub.qmtx)
	if qp# == (0 : void#)
		/* nobody is queued; we enquue ourselves */
		p = (qp : void#)
		qp# = p
	else
		/* somebody is waiting, use their tag */
		p = qp#
		qp# = (0 : void#)
	;;
	thread.mtxunlock(&hub.qmtx)
	r = (-1 : void#)
	while r == (-1 : void#)
		r = sys.rendezvous(p, (evp : void#))
	;;
	/* now dequeue */
	thread.mtxlock(&hub.qmtx)
	if qp# == (qp : void#)
		qp# = (0 : void#)
	;;
	thread.mtxunlock(&hub.qmtx)
}


Sun May 20 17:43:10 EDT 2018

pkg event =
	type hub(@ev) = struct
		/* opaque */
	;;
	type sendtag = void#

	/* blocks until an event is ready, then returns it.  */
	generic wait : (h : hub(@ev)# -> @ev#)

	/*
	 * chains one event source into another: when an event on slave 's' is
	 * available, cvt(wait(s)) is fired on the master.
	 */
	generic chain : (m : hub(@mev)#, s : hub(@sev)#, cvt : (e : @sev ->
	@mev) -> void)
	/* adds a source; the source should block until the event is ready.  */
	generic add : (h : hub(@ev)#, fn : (-> @ev) -> void)
	/* adds an fd-based source; this may be more convenient on some systems.
	*/
	generic addfd : (h : hub(@ev)#, fd : std.fd, fn : (fd : std.fd -> @ev)
	-> void)
;;



Sun May 20 12:29:00 EDT 2018
diff -r fce5d1b1fdfc sys/src/cmd/auth/authsrv.c
--- a/sys/src/cmd/auth/authsrv.c Sun May 20 03:48:33 2018 +0200
+++ b/sys/src/cmd/auth/authsrv.c Sun May 20 18:28:59 2018 +0200
@@ -776,6 +776,7 @@
	}

	if(ntbloblen > 0){
+ /* NTLMv2 */
		getname(MsvAvNbDomainName, ntblob, ntbloblen, windom,
		sizeof(windom));
		for(;;){
			ntv2hash(hash, secret, tr->uid, windom);
@@ -807,6 +808,7 @@
		}
		dupe = 0;
	} else if(nchal == MSchallenv2){
+ /* MSCHAPv2 */
		s = sha1((uchar*)reply.LMresp, nchal, nil, nil);
		s = sha1(chal, nchal, nil, s);
		sha1((uchar*)tr->uid, strlen(tr->uid), chash, s);
@@ -815,7 +817,27 @@
		mschalresp(resp, hash, chash);
		ntok = lmok = tsmemcmp(resp, reply.NTresp, MSresplen) == 0;
		dupe = 0;
+ } else if(tsmemcmp(reply.NTresp, zeros, MSresplen) == 0){
+ /* LMv2 */
+ safecpy(windom, tr->authdom, sizeof(windom));
+ for(;;){
+ ntv2hash(hash, secret, tr->uid, windom);
+
+ /*
+ * LmResponse = Cat(HMAC_MD5(LmHash, Cat(SC, CC)), CC)
+ */
+ s = hmac_md5(chal, nchal, hash, MShashlen, nil, nil);
+ hmac_md5((uchar*)reply.LMresp+16, nchal, hash, MShashlen, resp, s);
+ lmok = ntok = tsmemcmp(resp, reply.LMresp, 16) == 0;
+
+ if(lmok || windom[0] == '\0')
+ break;
+
+ windom[0] = '\0'; /* try NIL domain */
+ }
+ dupe = 0;
	} else {
+ /* LM+NTLM */
		lmhash(hash, secret);
		mschalresp(resp, hash, chal);
		lmok = tsmemcmp(resp, reply.LMresp, MSresplen) == 0;


Sun May 20 12:23:53 EDT 2018
0000 ff ff ff ff ff ff 52 54 00 ff db ad 08 00 45 00 ......RT......E.
0010 00 e5 78 9f 00 00 80 11 4a a6 c0 a8 7a 72 c0 a8 ..x.....J...zr..
0020 7a ff 00 8a 00 8a 00 d1 b3 87 11 02 82 ba c0 a8 z...............
0030 7a 72 00 8a 00 bb 00 00 20 46 48 45 4a 45 4f 44 zr......  FHEJEOD
0040 48 46 47 45 4e 43 41 43 41 43 41 43 41 43 41 43 HFGENCACACACACAC
0050 41 43 41 43 41 43 41 43 41 00 20 46 48 45 50 46 ACACACACA.  FHEPF
0060 43 45 4c 45 48 46 43 45 50 46 46 46 41 43 41 43 CELEHFCEPFFFACAC
0070 41 43 41 43 41 43 41 43 41 42 4f 00 ff 53 4d 42 ACACACACABO..SMB
0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %...............
0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 21 ...............!
00a0 00 00 00 00 00 00 00 00 00 e8 03 00 00 00 00 00 ................
00b0 00 00 00 21 00 56 00 03 00 01 00 00 00 02 00 32 ...!.V.........2
00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 42 52 4f 57 53 .\MAILSLOT\BROWS
00d0 45 00 0f 00 80 fc 0a 00 57 49 4e 37 56 4d 00 00 E.......WIN7VM..
00e0 00 00 00 00 00 00 00 00 06 01 03 10 05 00 0f 01 ................
00f0 55 aa 00 U..

No. Time Source Destination Protocol Length Info
    711 362.926417292 192.168.122.1 192.168.122.2 SMB 105 Negotiate Protocol
    Request

Frame 711: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on
interface 0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:48.078034372 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833128.078034372 seconds
    [Time delta from previous captured frame: 0.002629141 seconds]
    [Time delta from previous displayed frame: 362.926417292 seconds]
    [Time since reference or first frame: 424.130064592 seconds]
    Frame Number: 711
    Frame Length: 105 bytes (840 bits)
    Capture Length: 105 bytes (840 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_74:a0:d7 (52:54:00:74:a0:d7), Dst: RealtekU_f1:30:56
(52:54:00:f1:30:56)
    Destination: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.1, Dst: 192.168.122.2
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 91
    Identification: 0x9331 (37681)
    Flags: 0x02 (Don't Fragment)
	0...  ....  = Reserved bit: Not set
	.1..  ....  = Don't fragment: Set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x3217 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x3217]
    Source: 192.168.122.1
    Destination: 192.168.122.2
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 35832, Dst Port: 445, Seq: 1, Ack: 1,
Len: 51
    Source Port: 35832
    Destination Port: 445
    [Stream index: 5]
    [TCP Segment Len: 51]
    Sequence number: 1 (relative sequence number)
    [Next sequence number: 52 (relative sequence number)]
    Acknowledgment number: 1 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 229
    [Calculated window size: 29312]
    [Window size scaling factor: 128]
    Checksum: 0x75a2 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 51]
	[Bytes sent since last PSH flag: 51]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 47
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response in: 714]
	SMB Command: Negotiate Protocol (0x72)
	NT Status: STATUS_SUCCESS (0x00000000)
	Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
	    0...  ....  = Request/Response: Message is a request to the server
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc803, Unicode Strings, Error Code Type, Extended Security
	Negotiation, Extended Attributes, Long Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  1...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .0..  ....  = Long Names Used: Path names in request are
	    not long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..1.  = Extended Attributes: Extended attributes are
	    supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 0
	Multiplex ID: 1
    Negotiate Protocol Request (0x72)
	Word Count (WCT): 0
	Byte Count (BCC): 12
	Requested Dialects
	    Dialect: NT LM 0.12
		Buffer Format: Dialect (2)
		Name: NT LM 0.12

0000 52 54 00 f1 30 56 52 54 00 74 a0 d7 08 00 45 00 RT..0VRT.t....E.
0010 00 5b 93 31 40 00 40 06 32 17 c0 a8 7a 01 c0 a8 .[.1@.@.2...z...
0020 7a 02 8b f8 01 bd 1a f0 0f 65 9a 87 bc 5f 50 18 z........e..._P.
0030 00 e5 75 a2 00 00 00 00 00 2f ff 53 4d 42 72 00 ..u....../.SMBr.
0040 00 00 00 18 03 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 83 cf 00 00 01 00 00 0c 00 02 4e 54 ..............NT
0060 20 4c 4d 20 30 2e 31 32 00 LM 0.12.

No. Time Source Destination Protocol Length Info
    714 0.043813305 192.168.122.2 192.168.122.1 SMB 155 Negotiate Protocol
    Response

Frame 714: 155 bytes on wire (1240 bits), 155 bytes captured (1240 bits) on
interface 0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:48.121847677 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833128.121847677 seconds
    [Time delta from previous captured frame: 0.000108209 seconds]
    [Time delta from previous displayed frame: 0.043813305 seconds]
    [Time since reference or first frame: 424.173877897 seconds]
    Frame Number: 714
    Frame Length: 155 bytes (1240 bits)
    Capture Length: 155 bytes (1240 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_f1:30:56 (52:54:00:f1:30:56), Dst: RealtekU_74:a0:d7
(52:54:00:74:a0:d7)
    Destination: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.2, Dst: 192.168.122.1
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 141
    Identification: 0x5352 (21330)
    Flags: 0x00
	0...  ....  = Reserved bit: Not set
	.0..  ....  = Don't fragment: Not set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 255
    Protocol: TCP (6)
    Header checksum: 0xf2c3 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0xf2c3]
    Source: 192.168.122.2
    Destination: 192.168.122.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 445, Dst Port: 35832, Seq: 1, Ack: 52,
Len: 101
    Source Port: 445
    Destination Port: 35832
    [Stream index: 5]
    [TCP Segment Len: 101]
    Sequence number: 1 (relative sequence number)
    [Next sequence number: 102 (relative sequence number)]
    Acknowledgment number: 52 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 65535
    [Calculated window size: 1048560]
    [Window size scaling factor: 16]
    Checksum: 0x5ff6 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 101]
	[Bytes sent since last PSH flag: 101]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 97
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response to: 711]
	[Time from request: 0.043813305 seconds]
	SMB Command: Negotiate Protocol (0x72)
	NT Status: STATUS_SUCCESS (0x00000000)
	Flags: 0x98, Request/Response, Canonicalized Pathnames, Case Sensitivity
	    1...  ....  = Request/Response: Message is a response to the
	    client/redirector
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc041, Unicode Strings, Error Code Type, Long Names Used, Long
	Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  0...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is not supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .1..  ....  = Long Names Used: Path names in request are
	    long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..0.  = Extended Attributes: Extended attributes are
	    not supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 0
	Multiplex ID: 1
    Negotiate Protocol Response (0x72)
	Word Count (WCT): 17
	Selected Index: 0: NT LM 0.12
	Security Mode: 0x03, Mode, Password
	    ....  ...1 = Mode: USER security mode
	    ....  ..1.  = Password: ENCRYPTED password.  Use challenge/response
	    ....  .0..  = Signatures: Security signatures NOT enabled
	    ....  0...  = Sig Req: Security signatures NOT required
	Max Mpx Count: 50
	Max VCs: 1
	Max Buffer Size: 32768
	Max Raw Buffer: 65536
	Session Key: 0x00000fcf
	Capabilities: 0x0000025c, Unicode, Large Files, NT SMBs, NT Status Codes,
	NT Find
	    ....  ....  ....  ....  ....  ....  ....  ...0 = Raw Mode: Read Raw
	    and Write Raw are not supported
	    ....  ....  ....  ....  ....  ....  ....  ..0.  = MPX Mode: Read Mpx
	    and Write Mpx are not supported
	    ....  ....  ....  ....  ....  ....  ....  .1..  = Unicode: Unicode
	    strings are supported
	    ....  ....  ....  ....  ....  ....  ....  1...  = Large Files: Large
	    files are supported
	    ....  ....  ....  ....  ....  ....  ...1 ....  = NT SMBs: NT SMBs are
	    supported
	    ....  ....  ....  ....  ....  ....  ..0.  ....  = RPC Remote APIs: RPC
	    remote APIs are not supported
	    ....  ....  ....  ....  ....  ....  .1..  ....  = NT Status Codes: NT
	    status codes are supported
	    ....  ....  ....  ....  ....  ....  0...  ....  = Level 2 Oplocks:
	    Level 2 oplocks are not supported
	    ....  ....  ....  ....  ....  ...0 ....  ....  = Lock and Read: Lock
	    and Read is not supported
	    ....  ....  ....  ....  ....  ..1.  ....  ....  = NT Find: NT Find is
	    supported
	    ....  ....  ....  ....  ...0 ....  ....  ....  = Dfs: Dfs is not
	    supported
	    ....  ....  ....  ....  ..0.  ....  ....  ....  = Infolevel Passthru:
	    NT information level request passthrough is not supported
	    ....  ....  ....  ....  .0..  ....  ....  ....  = Large ReadX: Large
	    Read andX is not supported
	    ....  ....  ....  ....  0...  ....  ....  ....  = Large WriteX: Large
	    Write andX is not supported
	    ....  ....  ....  ...0 ....  ....  ....  ....  = LWIO: LWIO
	    ioctl/fsctl is not supported
	    ....  ....  0...  ....  ....  ....  ....  ....  = UNIX: UNIX
	    extensions are not supported
	    ....  ..0.  ....  ....  ....  ....  ....  ....  = Compressed Data:
	    Compressed data transfer is not supported
	    ..0.  ....  ....  ....  ....  ....  ....  ....  = Dynamic Reauth:
	    Dynamic Reauth is not supported
	    0...  ....  ....  ....  ....  ....  ....  ....  = Extended Security:
	    Extended security exchanges are not supported
	System Time: May 20, 2018 17:18:48.000000000 BST
	Server Time Zone: 0 min from UTC
	Challenge Length: 8
	Byte Count (BCC): 28
	Challenge: f915b211cb864e70
	Primary Domain: WORKGROUP

0000 52 54 00 74 a0 d7 52 54 00 f1 30 56 08 00 45 00 RT.t..RT..0V..E.
0010 00 8d 53 52 00 00 ff 06 f2 c3 c0 a8 7a 02 c0 a8 ..SR........z...
0020 7a 01 01 bd 8b f8 9a 87 bc 5f 1a f0 0f 98 50 18 z........_....P.
0030 ff ff 5f f6 00 00 00 00 00 61 ff 53 4d 42 72 00 .._......a.SMBr.
0040 00 00 00 98 41 c0 00 00 00 00 00 00 00 00 00 00 ....A...........
0050 00 00 00 00 83 cf 00 00 01 00 11 00 00 03 32 00 ..............2.
0060 01 00 00 80 00 00 00 00 01 00 cf 0f 00 00 5c 02 ..............\.
0070 00 00 00 64 80 3b 56 f0 d3 01 00 00 08 1c 00 f9 ...d.;V.........
0080 15 b2 11 cb 86 4e 70 57 00 4f 00 52 00 4b 00 47 .....NpW.O.R.K.G
0090 00 52 00 4f 00 55 00 50 00 00 00 .R.O.U.P...

No. Time Source Destination Protocol Length Info
    716 0.016228824 192.168.122.1 192.168.122.2 SMB 246 Session Setup AndX
    Request, User: ?\GUEST; Tree Connect AndX, Path: \\192.168.122.2\LOCAL

Frame 716: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) on
interface 0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:48.138076501 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833128.138076501 seconds
    [Time delta from previous captured frame: 0.016216707 seconds]
    [Time delta from previous displayed frame: 0.016228824 seconds]
    [Time since reference or first frame: 424.190106721 seconds]
    Frame Number: 716
    Frame Length: 246 bytes (1968 bits)
    Capture Length: 246 bytes (1968 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_74:a0:d7 (52:54:00:74:a0:d7), Dst: RealtekU_f1:30:56
(52:54:00:f1:30:56)
    Destination: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.1, Dst: 192.168.122.2
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 232
    Identification: 0x9333 (37683)
    Flags: 0x02 (Don't Fragment)
	0...  ....  = Reserved bit: Not set
	.1..  ....  = Don't fragment: Set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x3188 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x3188]
    Source: 192.168.122.1
    Destination: 192.168.122.2
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 35832, Dst Port: 445, Seq: 52, Ack: 102,
Len: 192
    Source Port: 35832
    Destination Port: 445
    [Stream index: 5]
    [TCP Segment Len: 192]
    Sequence number: 52 (relative sequence number)
    [Next sequence number: 244 (relative sequence number)]
    Acknowledgment number: 102 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 229
    [Calculated window size: 29312]
    [Window size scaling factor: 128]
    Checksum: 0x762f [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 192]
	[Bytes sent since last PSH flag: 192]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 188
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response in: 717]
	SMB Command: Session Setup AndX (0x73)
	NT Status: STATUS_SUCCESS (0x00000000)
	Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
	    0...  ....  = Request/Response: Message is a request to the server
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc803, Unicode Strings, Error Code Type, Extended Security
	Negotiation, Extended Attributes, Long Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  1...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .0..  ....  = Long Names Used: Path names in request are
	    not long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..1.  = Extended Attributes: Extended attributes are
	    supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 0
	Multiplex ID: 2
    Session Setup AndX Request (0x73)
	Word Count (WCT): 13
	AndXCommand: Tree Connect AndX (0x75)
	Reserved: 00
	AndXOffset: 126
	Max Buffer: 16644
	Max Mpx Count: 10
	VC Number: 1
	Session Key: 0x00000000
	ANSI Password Length: 24
	Unicode Password Length: 0
	Reserved: 00000000
	Capabilities: 0x00000054, Unicode, NT SMBs, NT Status Codes
	    ....  ....  ....  ....  ....  ....  ....  ...0 = Raw Mode: Read Raw
	    and Write Raw are not supported
	    ....  ....  ....  ....  ....  ....  ....  ..0.  = MPX Mode: Read Mpx
	    and Write Mpx are not supported
	    ....  ....  ....  ....  ....  ....  ....  .1..  = Unicode: Unicode
	    strings are supported
	    ....  ....  ....  ....  ....  ....  ....  0...  = Large Files: Large
	    files are not supported
	    ....  ....  ....  ....  ....  ....  ...1 ....  = NT SMBs: NT SMBs are
	    supported
	    ....  ....  ....  ....  ....  ....  ..0.  ....  = RPC Remote APIs: RPC
	    remote APIs are not supported
	    ....  ....  ....  ....  ....  ....  .1..  ....  = NT Status Codes: NT
	    status codes are supported
	    ....  ....  ....  ....  ....  ....  0...  ....  = Level 2 Oplocks:
	    Level 2 oplocks are not supported
	    ....  ....  ....  ....  ....  ...0 ....  ....  = Lock and Read: Lock
	    and Read is not supported
	    ....  ....  ....  ....  ....  ..0.  ....  ....  = NT Find: NT Find is
	    not supported
	    ....  ....  ....  ....  ...0 ....  ....  ....  = Dfs: Dfs is not
	    supported
	    ....  ....  ....  ....  ..0.  ....  ....  ....  = Infolevel Passthru:
	    NT information level request passthrough is not supported
	    ....  ....  ....  ....  .0..  ....  ....  ....  = Large ReadX: Large
	    Read andX is not supported
	    ....  ....  ....  ....  0...  ....  ....  ....  = Large WriteX: Large
	    Write andX is not supported
	    ....  ....  ....  ...0 ....  ....  ....  ....  = LWIO: LWIO
	    ioctl/fsctl is not supported
	    ....  ....  0...  ....  ....  ....  ....  ....  = UNIX: UNIX
	    extensions are not supported
	    ....  ..0.  ....  ....  ....  ....  ....  ....  = Compressed Data:
	    Compressed data transfer is not supported
	    ..0.  ....  ....  ....  ....  ....  ....  ....  = Dynamic Reauth:
	    Dynamic Reauth is not supported
	    0...  ....  ....  ....  ....  ....  ....  ....  = Extended Security:
	    Extended security exchanges are not supported
	Byte Count (BCC): 65
	ANSI Password: 0f59ccd921e0806f376bd1f728cac368a71612c1c15fe19e
	Account: GUEST
	Primary Domain: ?
	Native OS: Linux
	Native LAN Manager: jCIFS
    Tree Connect AndX Request (0x75)
	Word Count (WCT): 4
	AndXCommand: No further commands (0xff)
	Reserved: 00
	AndXOffset: 57054
	Flags: 0x0000
	    ....  ....  ....  ...0 = Disconnect TID: Do NOT disconnect TID
	    ....  ....  ....  .0..  = Extended Signature: NOT Extended Signature
	    ....  ....  ....  0...  = Extended Response: NOT Extended Response
	Password Length: 1
	Byte Count (BCC): 51
	Password: 00
	Path: \\192.168.122.2\LOCAL
	Service: ?????

0000 52 54 00 f1 30 56 52 54 00 74 a0 d7 08 00 45 00 RT..0VRT.t....E.
0010 00 e8 93 33 40 00 40 06 31 88 c0 a8 7a 01 c0 a8 ...3@.@.1...z...
0020 7a 02 8b f8 01 bd 1a f0 0f 98 9a 87 bc c4 50 18 z.............P.
0030 00 e5 76 2f 00 00 00 00 00 bc ff 53 4d 42 73 00 ..v/.......SMBs.
0040 00 00 00 18 03 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 83 cf 00 00 02 00 0d 75 00 7e 00 04 ...........u.~..
0060 41 0a 00 01 00 00 00 00 00 18 00 00 00 00 00 00 A...............
0070 00 54 00 00 00 41 00 0f 59 cc d9 21 e0 80 6f 37 .T...A..Y..!..o7
0080 6b d1 f7 28 ca c3 68 a7 16 12 c1 c1 5f e1 9e 00 k..(..h....._...
0090 47 00 55 00 45 00 53 00 54 00 00 00 3f 00 00 00 G.U.E.S.T...?...
00a0 4c 00 69 00 6e 00 75 00 78 00 00 00 6a 00 43 00 L.i.n.u.x...j.C.
00b0 49 00 46 00 53 00 00 00 04 ff 00 de de 00 00 01 I.F.S...........
00c0 00 33 00 00 5c 00 5c 00 31 00 39 00 32 00 2e 00 .3..\.\.1.9.2...
00d0 31 00 36 00 38 00 2e 00 31 00 32 00 32 00 2e 00 1.6.8...1.2.2...
00e0 32 00 5c 00 4c 00 4f 00 43 00 41 00 4c 00 00 00 2.\.L.O.C.A.L...
00f0 3f 3f 3f 3f 3f 00 ?????.

No. Time Source Destination Protocol Length Info
    717 0.000926530 192.168.122.2 192.168.122.1 SMB 93 Session Setup AndX
    Response, Error: STATUS_LOGON_FAILURE

Frame 717: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface
0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:48.139003031 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833128.139003031 seconds
    [Time delta from previous captured frame: 0.000926530 seconds]
    [Time delta from previous displayed frame: 0.000926530 seconds]
    [Time since reference or first frame: 424.191033251 seconds]
    Frame Number: 717
    Frame Length: 93 bytes (744 bits)
    Capture Length: 93 bytes (744 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_f1:30:56 (52:54:00:f1:30:56), Dst: RealtekU_74:a0:d7
(52:54:00:74:a0:d7)
    Destination: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.2, Dst: 192.168.122.1
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 79
    Identification: 0x5357 (21335)
    Flags: 0x00
	0...  ....  = Reserved bit: Not set
	.0..  ....  = Don't fragment: Not set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 255
    Protocol: TCP (6)
    Header checksum: 0xf2fc [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0xf2fc]
    Source: 192.168.122.2
    Destination: 192.168.122.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 445, Dst Port: 35832, Seq: 102, Ack: 244,
Len: 39
    Source Port: 445
    Destination Port: 35832
    [Stream index: 5]
    [TCP Segment Len: 39]
    Sequence number: 102 (relative sequence number)
    [Next sequence number: 141 (relative sequence number)]
    Acknowledgment number: 244 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 65535
    [Calculated window size: 1048560]
    [Window size scaling factor: 16]
    Checksum: 0x5c82 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[This is an ACK to the segment in frame: 716]
	[The RTT to ACK the segment was: 0.000926530 seconds]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 39]
	[Bytes sent since last PSH flag: 39]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 35
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response to: 716]
	[Time from request: 0.000926530 seconds]
	SMB Command: Session Setup AndX (0x73)
	NT Status: STATUS_LOGON_FAILURE (0xc000006d)
	Flags: 0x98, Request/Response, Canonicalized Pathnames, Case Sensitivity
	    1...  ....  = Request/Response: Message is a response to the
	    client/redirector
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc041, Unicode Strings, Error Code Type, Long Names Used, Long
	Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  0...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is not supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .1..  ....  = Long Names Used: Path names in request are
	    long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..0.  = Extended Attributes: Extended attributes are
	    not supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 13701
	Multiplex ID: 2
    Session Setup AndX Response (0x73)
	Word Count (WCT): 0
	Byte Count (BCC): 0

0000 52 54 00 74 a0 d7 52 54 00 f1 30 56 08 00 45 00 RT.t..RT..0V..E.
0010 00 4f 53 57 00 00 ff 06 f2 fc c0 a8 7a 02 c0 a8 .OSW........z...
0020 7a 01 01 bd 8b f8 9a 87 bc c4 1a f0 10 58 50 18 z............XP.
0030 ff ff 5c 82 00 00 00 00 00 23 ff 53 4d 42 73 6d ..\......#.SMBsm
0040 00 00 c0 98 41 c0 00 00 00 00 00 00 00 00 00 00 ....A...........
0050 00 00 00 00 83 cf 85 35 02 00 00 00 00 .......5.....

No. Time Source Destination Protocol Length Info
    721 4.144715130 192.168.122.1 192.168.122.2 SMB 248 Session Setup AndX
    Request, User: ?\glenda; Tree Connect AndX, Path: \\192.168.122.2\LOCAL

Frame 721: 248 bytes on wire (1984 bits), 248 bytes captured (1984 bits) on
interface 0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:52.283718161 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833132.283718161 seconds
    [Time delta from previous captured frame: 1.943355396 seconds]
    [Time delta from previous displayed frame: 4.144715130 seconds]
    [Time since reference or first frame: 428.335748381 seconds]
    Frame Number: 721
    Frame Length: 248 bytes (1984 bits)
    Capture Length: 248 bytes (1984 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_74:a0:d7 (52:54:00:74:a0:d7), Dst: RealtekU_f1:30:56
(52:54:00:f1:30:56)
    Destination: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.1, Dst: 192.168.122.2
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 234
    Identification: 0x9335 (37685)
    Flags: 0x02 (Don't Fragment)
	0...  ....  = Reserved bit: Not set
	.1..  ....  = Don't fragment: Set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x3184 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0x3184]
    Source: 192.168.122.1
    Destination: 192.168.122.2
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 35832, Dst Port: 445, Seq: 244, Ack: 141,
Len: 194
    Source Port: 35832
    Destination Port: 445
    [Stream index: 5]
    [TCP Segment Len: 194]
    Sequence number: 244 (relative sequence number)
    [Next sequence number: 438 (relative sequence number)]
    Acknowledgment number: 141 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 229
    [Calculated window size: 29312]
    [Window size scaling factor: 128]
    Checksum: 0x7631 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 194]
	[Bytes sent since last PSH flag: 194]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 190
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response in: 722]
	SMB Command: Session Setup AndX (0x73)
	NT Status: STATUS_SUCCESS (0x00000000)
	Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
	    0...  ....  = Request/Response: Message is a request to the server
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc803, Unicode Strings, Error Code Type, Extended Security
	Negotiation, Extended Attributes, Long Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  1...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .0..  ....  = Long Names Used: Path names in request are
	    not long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..1.  = Extended Attributes: Extended attributes are
	    supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 0
	Multiplex ID: 3
    Session Setup AndX Request (0x73)
	Word Count (WCT): 13
	AndXCommand: Tree Connect AndX (0x75)
	Reserved: 00
	AndXOffset: 128
	Max Buffer: 16644
	Max Mpx Count: 10
	VC Number: 1
	Session Key: 0x00000000
	ANSI Password Length: 24
	Unicode Password Length: 0
	Reserved: 00000000
	Capabilities: 0x00000054, Unicode, NT SMBs, NT Status Codes
	    ....  ....  ....  ....  ....  ....  ....  ...0 = Raw Mode: Read Raw
	    and Write Raw are not supported
	    ....  ....  ....  ....  ....  ....  ....  ..0.  = MPX Mode: Read Mpx
	    and Write Mpx are not supported
	    ....  ....  ....  ....  ....  ....  ....  .1..  = Unicode: Unicode
	    strings are supported
	    ....  ....  ....  ....  ....  ....  ....  0...  = Large Files: Large
	    files are not supported
	    ....  ....  ....  ....  ....  ....  ...1 ....  = NT SMBs: NT SMBs are
	    supported
	    ....  ....  ....  ....  ....  ....  ..0.  ....  = RPC Remote APIs: RPC
	    remote APIs are not supported
	    ....  ....  ....  ....  ....  ....  .1..  ....  = NT Status Codes: NT
	    status codes are supported
	    ....  ....  ....  ....  ....  ....  0...  ....  = Level 2 Oplocks:
	    Level 2 oplocks are not supported
	    ....  ....  ....  ....  ....  ...0 ....  ....  = Lock and Read: Lock
	    and Read is not supported
	    ....  ....  ....  ....  ....  ..0.  ....  ....  = NT Find: NT Find is
	    not supported
	    ....  ....  ....  ....  ...0 ....  ....  ....  = Dfs: Dfs is not
	    supported
	    ....  ....  ....  ....  ..0.  ....  ....  ....  = Infolevel Passthru:
	    NT information level request passthrough is not supported
	    ....  ....  ....  ....  .0..  ....  ....  ....  = Large ReadX: Large
	    Read andX is not supported
	    ....  ....  ....  ....  0...  ....  ....  ....  = Large WriteX: Large
	    Write andX is not supported
	    ....  ....  ....  ...0 ....  ....  ....  ....  = LWIO: LWIO
	    ioctl/fsctl is not supported
	    ....  ....  0...  ....  ....  ....  ....  ....  = UNIX: UNIX
	    extensions are not supported
	    ....  ..0.  ....  ....  ....  ....  ....  ....  = Compressed Data:
	    Compressed data transfer is not supported
	    ..0.  ....  ....  ....  ....  ....  ....  ....  = Dynamic Reauth:
	    Dynamic Reauth is not supported
	    0...  ....  ....  ....  ....  ....  ....  ....  = Extended Security:
	    Extended security exchanges are not supported
	Byte Count (BCC): 67
	ANSI Password: 86784a399991c2a7fc0390f5bfbc4fb7e354edc726153f7e
	Account: glenda
	Primary Domain: ?
	Native OS: Linux
	Native LAN Manager: jCIFS
    Tree Connect AndX Request (0x75)
	Word Count (WCT): 4
	AndXCommand: No further commands (0xff)
	Reserved: 00
	AndXOffset: 57054
	Flags: 0x0000
	    ....  ....  ....  ...0 = Disconnect TID: Do NOT disconnect TID
	    ....  ....  ....  .0..  = Extended Signature: NOT Extended Signature
	    ....  ....  ....  0...  = Extended Response: NOT Extended Response
	Password Length: 1
	Byte Count (BCC): 51
	Password: 00
	Path: \\192.168.122.2\LOCAL
	Service: ?????

0000 52 54 00 f1 30 56 52 54 00 74 a0 d7 08 00 45 00 RT..0VRT.t....E.
0010 00 ea 93 35 40 00 40 06 31 84 c0 a8 7a 01 c0 a8 ...5@.@.1...z...
0020 7a 02 8b f8 01 bd 1a f0 10 58 9a 87 bc eb 50 18 z........X....P.
0030 00 e5 76 31 00 00 00 00 00 be ff 53 4d 42 73 00 ..v1.......SMBs.
0040 00 00 00 18 03 c8 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 83 cf 00 00 03 00 0d 75 00 80 00 04 ...........u....
0060 41 0a 00 01 00 00 00 00 00 18 00 00 00 00 00 00 A...............
0070 00 54 00 00 00 43 00 86 78 4a 39 99 91 c2 a7 fc .T...C..xJ9.....
0080 03 90 f5 bf bc 4f b7 e3 54 ed c7 26 15 3f 7e 00 .....O..T..&.?~.
0090 67 00 6c 00 65 00 6e 00 64 00 61 00 00 00 3f 00 g.l.e.n.d.a...?.
00a0 00 00 4c 00 69 00 6e 00 75 00 78 00 00 00 6a 00 ..L.i.n.u.x...j.
00b0 43 00 49 00 46 00 53 00 00 00 04 ff 00 de de 00 C.I.F.S.........
00c0 00 01 00 33 00 00 5c 00 5c 00 31 00 39 00 32 00 ...3..\.\.1.9.2.
00d0 2e 00 31 00 36 00 38 00 2e 00 31 00 32 00 32 00 ..1.6.8...1.2.2.
00e0 2e 00 32 00 5c 00 4c 00 4f 00 43 00 41 00 4c 00 ..2.\.L.O.C.A.L.
00f0 00 00 3f 3f 3f 3f 3f 00 ..?????.

No. Time Source Destination Protocol Length Info
    722 0.000927170 192.168.122.2 192.168.122.1 SMB 93 Session Setup AndX
    Response, Error: STATUS_LOGON_FAILURE

Frame 722: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface
0
    Interface id: 0 (virbr0)
    Encapsulation type: Ethernet (1)
    Arrival Time: May 20, 2018 17:18:52.284645331 BST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1526833132.284645331 seconds
    [Time delta from previous captured frame: 0.000927170 seconds]
    [Time delta from previous displayed frame: 0.000927170 seconds]
    [Time since reference or first frame: 428.336675551 seconds]
    Frame Number: 722
    Frame Length: 93 bytes (744 bits)
    Capture Length: 93 bytes (744 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: RealtekU_f1:30:56 (52:54:00:f1:30:56), Dst: RealtekU_74:a0:d7
(52:54:00:74:a0:d7)
    Destination: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	Address: RealtekU_74:a0:d7 (52:54:00:74:a0:d7)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Source: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	Address: RealtekU_f1:30:56 (52:54:00:f1:30:56)
	....  ..1.  ....  ....  ....  ....  = LG bit: Locally administered address
	(this is NOT the factory default)
	....  ...0 ....  ....  ....  ....  = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.122.2, Dst: 192.168.122.1
    0100 ....  = Version: 4
    ....  0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
	0000 00..  = Differentiated Services Codepoint: Default (0)
	....  ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
	(0)
    Total Length: 79
    Identification: 0x535a (21338)
    Flags: 0x00
	0...  ....  = Reserved bit: Not set
	.0..  ....  = Don't fragment: Not set
	..0.  ....  = More fragments: Not set
    Fragment offset: 0
    Time to live: 255
    Protocol: TCP (6)
    Header checksum: 0xf2f9 [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0xf2f9]
    Source: 192.168.122.2
    Destination: 192.168.122.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 445, Dst Port: 35832, Seq: 141, Ack: 438,
Len: 39
    Source Port: 445
    Destination Port: 35832
    [Stream index: 5]
    [TCP Segment Len: 39]
    Sequence number: 141 (relative sequence number)
    [Next sequence number: 180 (relative sequence number)]
    Acknowledgment number: 438 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x018 (PSH, ACK)
	000.  ....  ....  = Reserved: Not set
	...0 ....  ....  = Nonce: Not set
	....  0...  ....  = Congestion Window Reduced (CWR): Not set
	....  .0..  ....  = ECN-Echo: Not set
	....  ..0.  ....  = Urgent: Not set
	....  ...1 ....  = Acknowledgment: Set
	....  ....  1...  = Push: Set
	....  ....  .0..  = Reset: Not set
	....  ....  ..0.  = Syn: Not set
	....  ....  ...0 = Fin: Not set
	[TCP Flags: ·······AP···]
    Window size value: 65535
    [Calculated window size: 1048560]
    [Window size scaling factor: 16]
    Checksum: 0x5a99 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
	[This is an ACK to the segment in frame: 721]
	[The RTT to ACK the segment was: 0.000927170 seconds]
	[iRTT: 0.000223920 seconds]
	[Bytes in flight: 39]
	[Bytes sent since last PSH flag: 39]
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 35
SMB (Server Message Block Protocol)
    SMB Header
	Server Component: SMB
	[Response to: 721]
	[Time from request: 0.000927170 seconds]
	SMB Command: Session Setup AndX (0x73)
	NT Status: STATUS_LOGON_FAILURE (0xc000006d)
	Flags: 0x98, Request/Response, Canonicalized Pathnames, Case Sensitivity
	    1...  ....  = Request/Response: Message is a response to the
	    client/redirector
	    .0..  ....  = Notify: Notify client only on open
	    ..0.  ....  = Oplocks: OpLock not requested/granted
	    ...1 ....  = Canonicalized Pathnames: Pathnames are canonicalized
	    ....  1...  = Case Sensitivity: Path names are caseless
	    ....  ..0.  = Receive Buffer Posted: Receive buffer has not been
	    posted
	    ....  ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
	Flags2: 0xc041, Unicode Strings, Error Code Type, Long Names Used, Long
	Names Allowed
	    1...  ....  ....  ....  = Unicode Strings: Strings are Unicode
	    .1..  ....  ....  ....  = Error Code Type: Error codes are NT error
	    codes
	    ..0.  ....  ....  ....  = Execute-only Reads: Don't permit reads if
	    execute-only
	    ...0 ....  ....  ....  = Dfs: Don't resolve pathnames with Dfs
	    ....  0...  ....  ....  = Extended Security Negotiation: Extended
	    security negotiation is not supported
	    ....  .0..  ....  ....  = Reparse Path: The request does not use a
	    @GMT reparse path
	    ....  ....  .1..  ....  = Long Names Used: Path names in request are
	    long file names
	    ....  ....  ...0 ....  = Security Signatures Required: Security
	    signatures are not required
	    ....  ....  ....  0...  = Compressed: Compression is not requested
	    ....  ....  ....  .0..  = Security Signatures: Security signatures are
	    not supported
	    ....  ....  ....  ..0.  = Extended Attributes: Extended attributes are
	    not supported
	    ....  ....  ....  ...1 = Long Names Allowed: Long file names are
	    allowed in the response
	Process ID High: 0
	Signature: 0000000000000000
	Reserved: 0000
	Tree ID: 0
	Process ID: 53123
	User ID: 13701
	Multiplex ID: 3
    Session Setup AndX Response (0x73)
	Word Count (WCT): 0
	Byte Count (BCC): 0

0000 52 54 00 74 a0 d7 52 54 00 f1 30 56 08 00 45 00 RT.t..RT..0V..E.
0010 00 4f 53 5a 00 00 ff 06 f2 f9 c0 a8 7a 02 c0 a8 .OSZ........z...
0020 7a 01 01 bd 8b f8 9a 87 bc eb 1a f0 11 1a 50 18 z.............P.
0030 ff ff 5a 99 00 00 00 00 00 23 ff 53 4d 42 73 6d ..Z......#.SMBsm
0040 00 00 c0 98 41 c0 00 00 00 00 00 00 00 00 00 00 ....A...........
0050 00 00 00 00 83 cf 85 35 03 00 00 00 00 .......5.....


Sun May 20 11:51:10 EDT 2018


Sun May 20 08:26:34 EDT 2018
#!/usr/bin/env python3

from time import sleep
import os
import operator


def pid_to_name(pid):
    try:
	with open('/proc/' + pid + '/status') as f:
	    for line in f:
		return line[:-1].split('\t')[1]
    except FileNotFoundError:
	return ''

while True:
    oom_list = []
    for i in os.listdir('/proc'):
	if i.isdigit() is not True:
	    continue
	try:
	    with open('/proc/' + i + '/oom_score') as file:
		oom_score = int(file.readlines()[0][:-1])
	except Exception:
	    print('exception oom!')
	oom_list.append((i, oom_score))

    oom_list_sorted = sorted(oom_list, key=operator.itemgetter(1), reverse=True)

    print("\033c")
    print('oom_score Pid Name')
    for i in oom_list_sorted[:10]:
	oom_score = i[1]
	pid = i[0]
	if int(oom_score) > 0:
	    print(
		'{}{} {}'.format(
		    str(oom_score).rjust(9),
		    str(pid).rjust(7),
		    str(pid_to_name(pid)).ljust(16)
		    )
		)
    sleep(1)




Sun May 20 04:43:23 EDT 2018
To: REDACTED
Subject: permanent failure

Your request ``mail net!hotmail.com REDACTED REDACTED REDACTED REDACTED '' failed
(code smtp 2528447: Permanent Failure).
The symptom was:

Sun May 20 18:38:09 EST 2018 connect to net!hotmail.com:
(hotmail-com.olc.protection.outlook.com:104.47.41.33) rcptto:
  mail to t265t failed: 452 4.5.3 Recipients belong to multiple regions ATTR38
  [DM3NAM03FT009.eop-NAM03.prod.protection.outlook.com]


Sun May 20 01:41:33 EDT 2018
// #include <u.h>
// #include <libc.h>

#include <stdio.h>
#include <stdlib.h>

#define nil ((void*)0)
#define print printf
typedef unsigned long uintptr;

void*
mallocz(uintptr sz, int clear)
{
	void *p;

	p = malloc(sz);
	if(clear && p)
		memset(p, 0, sz);
	return p;
}

void
sysfatal(char *s)
{
	exit(0);
}

void
exits(char *s)
{
	exit(0);
}

void*
emalloc(uintptr sz)
{
 void *p;

 if(!(p = mallocz(sz, 1)))
  sysfatal("failed malloc: %r");
 return p;
}

void
main(int argc, char *argv[])
{
 void *ptr1, *ptr2;
 uintptr addr;

 ptr1 = emalloc(sizeof(uintptr)*5);
 addr = (uintptr)emalloc(sizeof(uintptr)*5);
 ptr2 = (void*)addr;
 print("&ptr1 = %p, &ptr2 = %p, addr = %p\n", ptr1, ptr2, addr);
 exits(nil);
}


prev | next