It's netbios traffic (a name query), notice ......

212.x.x.x->200.x.x.x
Time 9:10:35:689
0000: 00 07 50 F6 0F 60 00 30 65 2E B5 C0 08 00 45 00 ..P..`.0e.....E.
0010: 00 4E EC 68 00 00 65 11 25 BE 44 A2 0B 22 C8 3E .N.h..e.%.D.."..
0020: 2B 76 04 04 00 89 00 3A 78 2B 01 00 00 10 00 01 +v.....:x+......
0030: 00 00 00 00 00 00 20 43 4B 41 41 41 41 41 41 41 ...... CKAAAAAAA
0040: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0050: 41 41 41 41 41 41 41 00 00 21 00 01 AAAAAAA..!..


which is a normal signiture of netbios traffic. Someone else may come along can give you a more detailed look at the packet or you can do a Google lookup on Netbios name query packets to port 137.


EDIT I belive this is SAMBA (Linux) netbios traffic rather than Windows nebios traffic because the source port is 1028 instead of 137.


DON Port 139 is used for netbios file sharing (session) not name queries.

http://www.iss.net/security_center/a...39/default.htm

http://www.iss.net/security_center/a...37/default.htm



Hope this helps :-)