No. Time Source Destination Protocol Length Info 168 9.631029000 192.168.100.112 192.168.100.2 TCP 54 49576 > microsoft-ds [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 Frame 168: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49576 (49576), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 451 27.619800000 192.168.100.112 192.168.100.2 TCP 66 49577 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 451: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 452 27.620097000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49577 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 452: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49577 (49577), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 453 27.620181000 192.168.100.112 192.168.100.2 TCP 54 49577 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 453: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 454 27.620208000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 454: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 455 27.620728000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 455: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49577 (49577), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 456 27.620770000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 456: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 457 27.621064000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 457: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49577 (49577), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 460 27.626211000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 460: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 461 27.626501000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 461: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49577 (49577), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 462 27.626804000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 462: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 463 27.628069000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 463: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49577 (49577), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 464 27.628133000 192.168.100.112 192.168.100.2 TCP 54 49577 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 464: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49577 (49577), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 465 27.628345000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 46 Fragment: Single opnum: 3 ctx_id: 1 Frame 465: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 46 Ctx: 1 No. Time Source Destination Protocol Length Info 466 27.628605000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 46 Fragment: Single ctx_id: 1 Frame 466: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1, Ack: 169, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 46 Ctx: 1 No. Time Source Destination Protocol Length Info 467 27.629324000 192.168.100.112 192.168.100.2 TCP 66 49578 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 467: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 468 27.629575000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49578 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 468: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 469 27.629628000 192.168.100.112 192.168.100.2 TCP 54 49578 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 469: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 470 27.634287000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 470: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 471 27.634607000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 471: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 472 27.634829000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 472: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 473 27.634853000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 473: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 474 27.635064000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49578 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 474: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 475 27.636151000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 475: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 476 27.636208000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 476: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #477] No. Time Source Destination Protocol Length Info 477 27.636365000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 477: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #476] No. Time Source Destination Protocol Length Info 478 27.636397000 192.168.100.112 192.168.100.2 TCP 54 49578 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 478: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49578 (49578), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 479 27.636450000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49578 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 479: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49578 (49578), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 480 27.636507000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 47 Fragment: Single opnum: 3 ctx_id: 1 Frame 480: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 169, Ack: 173, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 47 Ctx: 1 No. Time Source Destination Protocol Length Info 481 27.636701000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 47 Fragment: Single ctx_id: 1 Frame 481: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 173, Ack: 337, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 47 Ctx: 1 No. Time Source Destination Protocol Length Info 482 27.637211000 192.168.100.112 192.168.100.2 TCP 66 49579 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 482: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 483 27.637422000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49579 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 483: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 484 27.637463000 192.168.100.112 192.168.100.2 TCP 54 49579 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 484: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 485 27.640582000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 485: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 486 27.640818000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 486: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 487 27.641021000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 487: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 488 27.641051000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 488: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 489 27.641231000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49579 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 489: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 490 27.641859000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 490: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 491 27.641910000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 491: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #492] No. Time Source Destination Protocol Length Info 492 27.642045000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 492: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #491] No. Time Source Destination Protocol Length Info 493 27.642082000 192.168.100.112 192.168.100.2 TCP 54 49579 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 493: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49579 (49579), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 494 27.642102000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49579 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 494: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49579 (49579), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 495 27.643019000 192.168.100.112 192.168.100.2 TCP 66 49580 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 495: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 496 27.643169000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49580 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 496: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49580 (49580), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 497 27.643221000 192.168.100.112 192.168.100.2 TCP 54 49580 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 497: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 498 27.643278000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 498: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 499 27.643646000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 499: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49580 (49580), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 500 27.646879000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 500: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 501 27.647213000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 501: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49580 (49580), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 502 27.647423000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 502: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 503 27.648349000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 503: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49580 (49580), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 504 27.648405000 192.168.100.112 192.168.100.2 TCP 54 49580 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 504: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49580 (49580), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 505 27.649222000 192.168.100.112 192.168.100.2 TCP 66 49581 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 505: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 506 27.649427000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49581 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 506: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49581 (49581), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 507 27.649476000 192.168.100.112 192.168.100.2 TCP 54 49581 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 507: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 508 27.649502000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 508: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 509 27.649800000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 509: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49581 (49581), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 510 27.653063000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 510: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 511 27.653332000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 511: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49581 (49581), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 512 27.653522000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 512: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 513 27.654397000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 513: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49581 (49581), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 514 27.654446000 192.168.100.112 192.168.100.2 TCP 54 49581 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 514: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49581 (49581), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 515 27.655183000 192.168.100.112 192.168.100.2 TCP 66 49582 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 515: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 516 27.655350000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49582 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 516: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49582 (49582), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 517 27.655397000 192.168.100.112 192.168.100.2 TCP 54 49582 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 517: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 518 27.655450000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 518: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 519 27.655831000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 519: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49582 (49582), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 520 27.659021000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 520: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 521 27.659342000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 521: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49582 (49582), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 522 27.659552000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 522: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 523 27.660482000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 523: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49582 (49582), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 524 27.695959000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=337 Ack=345 Win=255 Len=0 Frame 524: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 337, Ack: 345, Len: 0 No. Time Source Destination Protocol Length Info 525 27.711551000 192.168.100.112 192.168.100.2 TCP 54 49582 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 525: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 703 39.645735000 192.168.100.112 192.168.100.2 TCP 54 49582 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 703: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49582 (49582), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 946 57.618706000 192.168.100.112 192.168.100.2 TCP 66 49583 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 946: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 947 57.618935000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49583 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 947: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49583 (49583), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 948 57.618999000 192.168.100.112 192.168.100.2 TCP 54 49583 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 948: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 949 57.619024000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 949: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 950 57.619569000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 950: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49583 (49583), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 951 57.619606000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 951: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 952 57.619907000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 952: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49583 (49583), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 953 57.624923000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 953: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 954 57.625249000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 954: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49583 (49583), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 955 57.625457000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 955: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 956 57.626744000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 956: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49583 (49583), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 957 57.626814000 192.168.100.112 192.168.100.2 TCP 54 49583 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 957: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49583 (49583), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 958 57.626972000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 48 Fragment: Single opnum: 3 ctx_id: 1 Frame 958: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 337, Ack: 345, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 48 Ctx: 1 No. Time Source Destination Protocol Length Info 959 57.627247000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 48 Fragment: Single ctx_id: 1 Frame 959: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 345, Ack: 505, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 48 Ctx: 1 No. Time Source Destination Protocol Length Info 960 57.627901000 192.168.100.112 192.168.100.2 TCP 66 49584 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 960: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 961 57.628086000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49584 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 961: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 962 57.628129000 192.168.100.112 192.168.100.2 TCP 54 49584 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 962: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 963 57.632724000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 963: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 964 57.633019000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 964: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 965 57.633234000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 965: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 966 57.633270000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 966: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 967 57.633449000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49584 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 967: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 968 57.634083000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 968: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 969 57.634135000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 969: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #970] No. Time Source Destination Protocol Length Info 970 57.634280000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 970: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #969] No. Time Source Destination Protocol Length Info 971 57.634322000 192.168.100.112 192.168.100.2 TCP 54 49584 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 971: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49584 (49584), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 972 57.634361000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49584 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 972: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49584 (49584), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 973 57.634431000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 49 Fragment: Single opnum: 3 ctx_id: 1 Frame 973: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 505, Ack: 517, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 49 Ctx: 1 No. Time Source Destination Protocol Length Info 974 57.634587000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 49 Fragment: Single ctx_id: 1 Frame 974: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 517, Ack: 673, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 49 Ctx: 1 No. Time Source Destination Protocol Length Info 975 57.635174000 192.168.100.112 192.168.100.2 TCP 66 49585 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 975: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 976 57.635329000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49585 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 976: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 977 57.635369000 192.168.100.112 192.168.100.2 TCP 54 49585 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 977: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 978 57.639927000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 978: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 979 57.640181000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 979: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 980 57.640376000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 980: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 981 57.640410000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 981: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 982 57.640594000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49585 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 982: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 983 57.641262000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 983: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 984 57.641314000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 984: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #985] No. Time Source Destination Protocol Length Info 985 57.641465000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 985: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #984] No. Time Source Destination Protocol Length Info 986 57.641504000 192.168.100.112 192.168.100.2 TCP 54 49585 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 986: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49585 (49585), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 987 57.641520000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49585 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 987: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49585 (49585), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 988 57.642764000 192.168.100.112 192.168.100.2 TCP 66 49586 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 988: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 989 57.642953000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49586 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 989: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49586 (49586), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 990 57.643000000 192.168.100.112 192.168.100.2 TCP 54 49586 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 990: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 991 57.643028000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 991: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 992 57.643315000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 992: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49586 (49586), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 993 57.647997000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 993: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 994 57.648269000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 994: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49586 (49586), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 995 57.648488000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 995: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 996 57.649537000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 996: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49586 (49586), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 997 57.649609000 192.168.100.112 192.168.100.2 TCP 54 49586 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 997: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 998 57.650637000 192.168.100.112 192.168.100.2 TCP 66 49587 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 998: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 999 57.650814000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49587 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 999: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49587 (49587), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1000 57.650863000 192.168.100.112 192.168.100.2 TCP 54 49587 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1000: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1001 57.650882000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 1001: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1002 57.651198000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 1002: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49587 (49587), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1003 57.655874000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 1003: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1004 57.656135000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 1004: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49587 (49587), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1005 57.656325000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1005: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1006 57.657456000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 1006: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49587 (49587), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1007 57.657516000 192.168.100.112 192.168.100.2 TCP 54 49587 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 1007: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49587 (49587), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 1008 57.658479000 192.168.100.112 192.168.100.2 TCP 66 49588 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1008: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1009 57.658665000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49588 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1009: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49588 (49588), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1010 57.658712000 192.168.100.112 192.168.100.2 TCP 54 49588 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1010: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1011 57.658745000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 1011: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1012 57.659150000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 1012: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49588 (49588), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1013 57.663819000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 1013: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1014 57.664194000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 1014: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49588 (49588), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1015 57.664399000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1015: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1017 57.665285000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 1017: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49588 (49588), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1018 57.695079000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=673 Ack=689 Win=253 Len=0 Frame 1018: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 673, Ack: 689, Len: 0 No. Time Source Destination Protocol Length Info 1020 57.726275000 192.168.100.112 192.168.100.2 TCP 54 49588 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 1020: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 1328 69.660475000 192.168.100.112 192.168.100.2 TCP 54 49588 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 1328: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49588 (49588), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 1626 87.617862000 192.168.100.112 192.168.100.2 TCP 66 49589 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1626: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1627 87.618104000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49589 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1627: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49589 (49589), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1628 87.618168000 192.168.100.112 192.168.100.2 TCP 54 49589 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1628: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1629 87.618203000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 1629: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1630 87.618658000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 1630: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49589 (49589), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1631 87.618696000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 1631: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1632 87.619019000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 1632: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49589 (49589), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1633 87.624058000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 1633: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1634 87.624373000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 1634: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49589 (49589), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1635 87.624606000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1635: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1636 87.625882000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 1636: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49589 (49589), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1637 87.625952000 192.168.100.112 192.168.100.2 TCP 54 49589 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 1637: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49589 (49589), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 1638 87.626104000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 50 Fragment: Single opnum: 3 ctx_id: 1 Frame 1638: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 673, Ack: 689, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 50 Ctx: 1 No. Time Source Destination Protocol Length Info 1639 87.626394000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 50 Fragment: Single ctx_id: 1 Frame 1639: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 689, Ack: 841, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 50 Ctx: 1 No. Time Source Destination Protocol Length Info 1640 87.627063000 192.168.100.112 192.168.100.2 TCP 66 49590 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1640: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1641 87.627318000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49590 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1641: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1642 87.627366000 192.168.100.112 192.168.100.2 TCP 54 49590 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1642: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1643 87.632006000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 1643: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 1644 87.632258000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 1644: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 1645 87.632471000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 1645: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 1646 87.632506000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 1646: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 1647 87.632668000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49590 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 1647: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 1648 87.633367000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 1648: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 1649 87.633422000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 1649: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #1650] No. Time Source Destination Protocol Length Info 1650 87.633596000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 1650: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #1649] No. Time Source Destination Protocol Length Info 1651 87.633639000 192.168.100.112 192.168.100.2 TCP 54 49590 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 1651: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49590 (49590), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 1652 87.633704000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49590 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 1652: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49590 (49590), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 1653 87.633822000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 51 Fragment: Single opnum: 3 ctx_id: 1 Frame 1653: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 841, Ack: 861, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 51 Ctx: 1 No. Time Source Destination Protocol Length Info 1654 87.634073000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 51 Fragment: Single ctx_id: 1 Frame 1654: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 861, Ack: 1009, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 51 Ctx: 1 No. Time Source Destination Protocol Length Info 1655 87.634680000 192.168.100.112 192.168.100.2 TCP 66 49591 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1655: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1656 87.634876000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49591 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1656: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1657 87.634924000 192.168.100.112 192.168.100.2 TCP 54 49591 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1657: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1658 87.639490000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 1658: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 1659 87.639741000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 1659: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 1660 87.639944000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 1660: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 1661 87.639980000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 1661: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 1662 87.640162000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49591 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 1662: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 1663 87.641220000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 1663: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 1664 87.641270000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 1664: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #1665] No. Time Source Destination Protocol Length Info 1665 87.641387000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 1665: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #1664] No. Time Source Destination Protocol Length Info 1666 87.641426000 192.168.100.112 192.168.100.2 TCP 54 49591 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 1666: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49591 (49591), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 1667 87.641440000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49591 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 1667: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49591 (49591), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 1668 87.642699000 192.168.100.112 192.168.100.2 TCP 66 49592 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1668: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1669 87.642938000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49592 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1669: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49592 (49592), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1670 87.642986000 192.168.100.112 192.168.100.2 TCP 54 49592 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1670: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1671 87.643012000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 1671: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1672 87.643369000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 1672: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49592 (49592), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1673 87.648075000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 1673: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1674 87.648365000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 1674: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49592 (49592), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1675 87.648570000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1675: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1676 87.649499000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 1676: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49592 (49592), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1677 87.649574000 192.168.100.112 192.168.100.2 TCP 54 49592 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 1677: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49592 (49592), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 1678 87.650621000 192.168.100.112 192.168.100.2 TCP 66 49593 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1678: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1679 87.650842000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49593 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1679: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49593 (49593), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1680 87.650892000 192.168.100.112 192.168.100.2 TCP 54 49593 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1680: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1681 87.650912000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 1681: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1682 87.651190000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 1682: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49593 (49593), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1683 87.655898000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 1683: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1684 87.656208000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 1684: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49593 (49593), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1685 87.656410000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1685: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1686 87.657295000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 1686: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49593 (49593), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 1687 87.657356000 192.168.100.112 192.168.100.2 TCP 54 49593 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 1687: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49593 (49593), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 1688 87.658317000 192.168.100.112 192.168.100.2 TCP 66 49594 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1688: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 1689 87.658500000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49594 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 1689: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49594 (49594), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1690 87.658548000 192.168.100.112 192.168.100.2 TCP 54 49594 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 1690: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 1691 87.658597000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 1691: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1692 87.658926000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 1692: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49594 (49594), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1693 87.663475000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 1693: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1694 87.663858000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 1694: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49594 (49594), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1695 87.664075000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 1695: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1696 87.665097000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 1696: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49594 (49594), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 1697 87.694205000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=1009 Ack=1033 Win=252 Len=0 Frame 1697: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1009, Ack: 1033, Len: 0 No. Time Source Destination Protocol Length Info 1698 87.725392000 192.168.100.112 192.168.100.2 TCP 54 49594 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 1698: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 1834 99.628441000 192.168.100.112 192.168.100.2 TCP 54 49594 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 1834: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49594 (49594), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 2069 117.616919000 192.168.100.112 192.168.100.2 TCP 66 49595 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2069: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2070 117.617147000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49595 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2070: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49595 (49595), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2071 117.617209000 192.168.100.112 192.168.100.2 TCP 54 49595 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2071: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2072 117.617243000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 2072: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2073 117.617760000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2073: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49595 (49595), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2074 117.617797000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2074: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2075 117.618107000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2075: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49595 (49595), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2076 117.623201000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 2076: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2077 117.623517000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 2077: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49595 (49595), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2078 117.623722000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2078: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2079 117.624950000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 2079: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49595 (49595), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2080 117.625020000 192.168.100.112 192.168.100.2 TCP 54 49595 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 2080: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49595 (49595), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 2081 117.625194000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 52 Fragment: Single opnum: 3 ctx_id: 1 Frame 2081: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1009, Ack: 1033, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 52 Ctx: 1 No. Time Source Destination Protocol Length Info 2082 117.625456000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 52 Fragment: Single ctx_id: 1 Frame 2082: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1033, Ack: 1177, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 52 Ctx: 1 No. Time Source Destination Protocol Length Info 2083 117.626109000 192.168.100.112 192.168.100.2 TCP 66 49596 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2083: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2084 117.626300000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49596 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2084: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2085 117.626343000 192.168.100.112 192.168.100.2 TCP 54 49596 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2085: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2086 117.630912000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 2086: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 2087 117.631219000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 2087: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 2088 117.631423000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 2088: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 2089 117.631461000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 2089: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 2090 117.631615000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49596 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 2090: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 2091 117.632350000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 2091: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 2092 117.632403000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 2092: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #2093] No. Time Source Destination Protocol Length Info 2093 117.632578000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 2093: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #2092] No. Time Source Destination Protocol Length Info 2094 117.632621000 192.168.100.112 192.168.100.2 TCP 54 49596 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 2094: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49596 (49596), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 2095 117.632655000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49596 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 2095: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49596 (49596), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 2096 117.632760000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 53 Fragment: Single opnum: 3 ctx_id: 1 Frame 2096: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1177, Ack: 1205, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 53 Ctx: 1 No. Time Source Destination Protocol Length Info 2097 117.632938000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 53 Fragment: Single ctx_id: 1 Frame 2097: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1205, Ack: 1345, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 53 Ctx: 1 No. Time Source Destination Protocol Length Info 2098 117.633521000 192.168.100.112 192.168.100.2 TCP 66 49597 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2098: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2099 117.633755000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49597 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2099: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2100 117.633795000 192.168.100.112 192.168.100.2 TCP 54 49597 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2100: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2101 117.638360000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 2101: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 2102 117.638641000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 2102: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 2103 117.638843000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 2103: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 2104 117.638877000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 2104: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 2105 117.639083000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49597 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 2105: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 2106 117.639710000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 2106: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 2107 117.639761000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 2107: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #2108] No. Time Source Destination Protocol Length Info 2108 117.639882000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 2108: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #2107] No. Time Source Destination Protocol Length Info 2109 117.639921000 192.168.100.112 192.168.100.2 TCP 54 49597 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 2109: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49597 (49597), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 2110 117.639936000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49597 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 2110: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49597 (49597), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 2111 117.641182000 192.168.100.112 192.168.100.2 TCP 66 49598 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2111: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2112 117.641330000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49598 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2112: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49598 (49598), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2113 117.641377000 192.168.100.112 192.168.100.2 TCP 54 49598 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2113: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2114 117.641405000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2114: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2115 117.641692000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2115: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49598 (49598), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2116 117.646391000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 2116: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2117 117.646695000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 2117: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49598 (49598), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2118 117.646915000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2118: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2119 117.647816000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 2119: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49598 (49598), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2120 117.647874000 192.168.100.112 192.168.100.2 TCP 54 49598 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 2120: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49598 (49598), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 2121 117.649126000 192.168.100.112 192.168.100.2 TCP 66 49599 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2121: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2122 117.649308000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49599 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2122: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49599 (49599), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2123 117.649367000 192.168.100.112 192.168.100.2 TCP 54 49599 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2123: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2124 117.649389000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2124: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2125 117.649769000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2125: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49599 (49599), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2126 117.654750000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 2126: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2127 117.655221000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 2127: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49599 (49599), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2128 117.655476000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2128: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2129 117.656459000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 2129: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49599 (49599), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2130 117.656513000 192.168.100.112 192.168.100.2 TCP 54 49599 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 2130: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49599 (49599), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 2131 117.657799000 192.168.100.112 192.168.100.2 TCP 66 49600 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2131: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2132 117.658070000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49600 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2132: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49600 (49600), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2133 117.658130000 192.168.100.112 192.168.100.2 TCP 54 49600 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2133: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2134 117.658155000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 2134: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2135 117.658655000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 2135: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49600 (49600), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2136 117.663119000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 2136: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2137 117.663526000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 2137: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49600 (49600), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2138 117.663690000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2138: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2139 117.665008000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 2139: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49600 (49600), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2140 117.693358000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=1345 Ack=1377 Win=251 Len=0 Frame 2140: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1345, Ack: 1377, Len: 0 No. Time Source Destination Protocol Length Info 2141 117.724525000 192.168.100.112 192.168.100.2 TCP 54 49600 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 2141: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 2159 119.500110000 192.168.100.2 192.168.100.112 NBSS 60 NBSS Continuation Message Frame 2159: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 1, Ack: 1, Len: 1 NetBIOS Session Service No. Time Source Destination Protocol Length Info 2160 119.500167000 192.168.100.112 192.168.100.2 TCP 66 49291 > microsoft-ds [ACK] Seq=1 Ack=2 Win=253 Len=0 SLE=1 SRE=2 Frame 2160: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 1, Ack: 2, Len: 0 No. Time Source Destination Protocol Length Info 2299 129.643167000 192.168.100.112 192.168.100.2 TCP 54 49600 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 2299: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49600 (49600), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 2942 147.613080000 192.168.100.112 192.168.100.2 TCP 66 49620 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2942: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2943 147.613297000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49620 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2943: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49620 (49620), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2944 147.613350000 192.168.100.112 192.168.100.2 TCP 54 49620 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2944: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2945 147.613400000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 2945: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 2946 147.613972000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2946: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49620 (49620), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2947 147.614005000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2947: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2948 147.614338000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2948: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49620 (49620), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2949 147.617944000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 2949: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2950 147.618243000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 2950: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49620 (49620), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2951 147.618423000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2951: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2953 147.619705000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 2953: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49620 (49620), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2954 147.619794000 192.168.100.112 192.168.100.2 TCP 54 49620 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 2954: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49620 (49620), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 2955 147.619985000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 54 Fragment: Single opnum: 3 ctx_id: 1 Frame 2955: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1345, Ack: 1377, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 54 Ctx: 1 No. Time Source Destination Protocol Length Info 2956 147.620234000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 54 Fragment: Single ctx_id: 1 Frame 2956: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1377, Ack: 1513, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 54 Ctx: 1 No. Time Source Destination Protocol Length Info 2958 147.620826000 192.168.100.112 192.168.100.2 TCP 66 49621 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2958: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2959 147.620969000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49621 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2959: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2960 147.621011000 192.168.100.112 192.168.100.2 TCP 54 49621 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2960: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2961 147.624317000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 2961: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 2962 147.624622000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 2962: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 2963 147.624807000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 2963: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 2964 147.624833000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 2964: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 2965 147.625002000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49621 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 2965: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 2966 147.625692000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 2966: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 2967 147.625734000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 2967: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #2968] No. Time Source Destination Protocol Length Info 2968 147.625865000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 2968: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #2967] No. Time Source Destination Protocol Length Info 2969 147.625909000 192.168.100.112 192.168.100.2 TCP 54 49621 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 2969: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49621 (49621), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 2970 147.625947000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49621 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 2970: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49621 (49621), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 2971 147.626025000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 55 Fragment: Single opnum: 3 ctx_id: 1 Frame 2971: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1513, Ack: 1549, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 55 Ctx: 1 No. Time Source Destination Protocol Length Info 2972 147.626199000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 55 Fragment: Single ctx_id: 1 Frame 2972: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1549, Ack: 1681, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 55 Ctx: 1 No. Time Source Destination Protocol Length Info 2973 147.626698000 192.168.100.112 192.168.100.2 TCP 66 49622 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2973: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2974 147.626857000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49622 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2974: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2975 147.626891000 192.168.100.112 192.168.100.2 TCP 54 49622 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2975: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2976 147.630486000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 2976: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 2977 147.630684000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 2977: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 2978 147.630852000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 2978: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 2979 147.630879000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 2979: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 2980 147.631058000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49622 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 2980: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 2981 147.631700000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 2981: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 2982 147.631755000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 2982: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #2983] No. Time Source Destination Protocol Length Info 2983 147.631921000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 2983: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #2982] No. Time Source Destination Protocol Length Info 2984 147.631966000 192.168.100.112 192.168.100.2 TCP 54 49622 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 2984: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49622 (49622), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 2985 147.631978000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49622 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 2985: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49622 (49622), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 2986 147.633221000 192.168.100.112 192.168.100.2 TCP 66 49623 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2986: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2987 147.633390000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49623 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2987: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49623 (49623), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2988 147.633440000 192.168.100.112 192.168.100.2 TCP 54 49623 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2988: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2989 147.633459000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2989: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2990 147.633767000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 2990: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49623 (49623), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2991 147.637738000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 2991: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2992 147.638010000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 2992: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49623 (49623), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2993 147.638179000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 2993: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2994 147.639078000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 2994: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49623 (49623), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 2995 147.639172000 192.168.100.112 192.168.100.2 TCP 54 49623 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 2995: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49623 (49623), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 2996 147.640105000 192.168.100.112 192.168.100.2 TCP 66 49624 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2996: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2997 147.640385000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49624 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 2997: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49624 (49624), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2998 147.640428000 192.168.100.112 192.168.100.2 TCP 54 49624 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 2998: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 2999 147.640445000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 2999: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3000 147.640751000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 3000: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49624 (49624), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3001 147.644406000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 3001: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3002 147.644665000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 3002: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49624 (49624), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3003 147.644856000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3003: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3004 147.645797000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 3004: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49624 (49624), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3005 147.645908000 192.168.100.112 192.168.100.2 TCP 54 49624 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 3005: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49624 (49624), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 3006 147.646807000 192.168.100.112 192.168.100.2 TCP 66 49625 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3006: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3007 147.647030000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49625 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3007: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49625 (49625), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3008 147.647074000 192.168.100.112 192.168.100.2 TCP 54 49625 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3008: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3009 147.647119000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 3009: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3010 147.647493000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 3010: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49625 (49625), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3012 147.650866000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 3012: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3013 147.651216000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 3013: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49625 (49625), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3014 147.651386000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3014: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3015 147.652318000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 3015: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49625 (49625), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3016 147.676990000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=1681 Ack=1721 Win=255 Len=0 Frame 3016: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1681, Ack: 1721, Len: 0 No. Time Source Destination Protocol Length Info 3017 147.705048000 192.168.100.112 192.168.100.2 TCP 54 49625 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 3017: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 3178 159.654844000 192.168.100.112 192.168.100.2 TCP 54 49625 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 3178: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49625 (49625), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 3437 177.612198000 192.168.100.112 192.168.100.2 TCP 66 49627 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3437: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3438 177.612461000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49627 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3438: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49627 (49627), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3439 177.612533000 192.168.100.112 192.168.100.2 TCP 54 49627 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3439: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3440 177.612559000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 3440: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3441 177.613163000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 3441: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49627 (49627), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3442 177.613199000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 3442: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3443 177.613522000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 3443: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49627 (49627), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3445 177.618542000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 3445: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3446 177.618800000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 3446: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49627 (49627), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3447 177.619005000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3447: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3448 177.620366000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 3448: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49627 (49627), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3449 177.620472000 192.168.100.112 192.168.100.2 TCP 54 49627 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 3449: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49627 (49627), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 3450 177.620556000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 56 Fragment: Single opnum: 3 ctx_id: 1 Frame 3450: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1681, Ack: 1721, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 56 Ctx: 1 No. Time Source Destination Protocol Length Info 3451 177.620826000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 56 Fragment: Single ctx_id: 1 Frame 3451: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1721, Ack: 1849, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 56 Ctx: 1 No. Time Source Destination Protocol Length Info 3452 177.621490000 192.168.100.112 192.168.100.2 TCP 66 49628 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3452: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3453 177.621649000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49628 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3453: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3454 177.621692000 192.168.100.112 192.168.100.2 TCP 54 49628 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3454: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3455 177.626265000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 3455: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 3456 177.626512000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 3456: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 3457 177.626727000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 3457: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 3458 177.626761000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 3458: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 3459 177.626955000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49628 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 3459: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 3460 177.627656000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 3460: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 3461 177.627711000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 3461: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #3462] No. Time Source Destination Protocol Length Info 3462 177.627875000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 3462: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #3461] No. Time Source Destination Protocol Length Info 3463 177.627916000 192.168.100.112 192.168.100.2 TCP 54 49628 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 3463: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49628 (49628), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 3464 177.627953000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49628 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 3464: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49628 (49628), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 3465 177.628059000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 57 Fragment: Single opnum: 3 ctx_id: 1 Frame 3465: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 1849, Ack: 1893, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 57 Ctx: 1 No. Time Source Destination Protocol Length Info 3466 177.628203000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 57 Fragment: Single ctx_id: 1 Frame 3466: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 1893, Ack: 2017, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 57 Ctx: 1 No. Time Source Destination Protocol Length Info 3467 177.628783000 192.168.100.112 192.168.100.2 TCP 66 49629 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3467: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3468 177.629072000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49629 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3468: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3469 177.629113000 192.168.100.112 192.168.100.2 TCP 54 49629 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3469: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3470 177.633659000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 3470: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 3471 177.633883000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 3471: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 3472 177.634085000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 3472: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 3473 177.634119000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 3473: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 3474 177.634300000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49629 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 3474: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 3475 177.635014000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 3475: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 3476 177.635066000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 3476: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #3477] No. Time Source Destination Protocol Length Info 3477 177.635195000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 3477: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #3476] No. Time Source Destination Protocol Length Info 3478 177.635234000 192.168.100.112 192.168.100.2 TCP 54 49629 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 3478: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49629 (49629), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 3479 177.635254000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49629 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 3479: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49629 (49629), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 3480 177.636470000 192.168.100.112 192.168.100.2 TCP 66 49630 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3480: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3481 177.636644000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49630 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3481: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49630 (49630), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3482 177.636691000 192.168.100.112 192.168.100.2 TCP 54 49630 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3482: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3483 177.636718000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 3483: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3484 177.637007000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 3484: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49630 (49630), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3485 177.641729000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 3485: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3486 177.642045000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 3486: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49630 (49630), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3487 177.642242000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3487: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3488 177.643176000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 3488: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49630 (49630), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3489 177.643274000 192.168.100.112 192.168.100.2 TCP 54 49630 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 3489: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49630 (49630), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 3490 177.643978000 192.168.100.112 192.168.100.2 TCP 66 49631 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3490: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3491 177.644133000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49631 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3491: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49631 (49631), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3492 177.644181000 192.168.100.112 192.168.100.2 TCP 54 49631 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3492: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3493 177.644201000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 3493: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3494 177.644493000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 3494: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49631 (49631), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3495 177.647739000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 3495: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3496 177.648044000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 3496: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49631 (49631), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3497 177.648234000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3497: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3498 177.649095000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 3498: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49631 (49631), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 3499 177.649193000 192.168.100.112 192.168.100.2 TCP 54 49631 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 3499: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49631 (49631), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 3500 177.649843000 192.168.100.112 192.168.100.2 TCP 66 49632 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3500: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3501 177.650052000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49632 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 3501: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49632 (49632), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3502 177.650100000 192.168.100.112 192.168.100.2 TCP 54 49632 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 3502: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3503 177.650132000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 3503: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3504 177.650530000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 3504: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49632 (49632), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3505 177.653717000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 3505: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3506 177.654031000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 3506: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49632 (49632), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3507 177.654235000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 3507: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3508 177.655102000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 3508: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49632 (49632), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 3509 177.672963000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=2017 Ack=2065 Win=254 Len=0 Frame 3509: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2017, Ack: 2065, Len: 0 No. Time Source Destination Protocol Length Info 3510 177.719758000 192.168.100.112 192.168.100.2 TCP 54 49632 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 3510: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 3686 189.622757000 192.168.100.112 192.168.100.2 TCP 54 49632 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 3686: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49632 (49632), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 4009 207.626832000 192.168.100.112 192.168.100.2 TCP 66 49633 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4009: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4010 207.627056000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49633 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4010: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49633 (49633), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4011 207.627122000 192.168.100.112 192.168.100.2 TCP 54 49633 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4011: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4012 207.627148000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 4012: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4013 207.627653000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4013: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49633 (49633), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4014 207.627690000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4014: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4015 207.627963000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4015: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49633 (49633), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4016 207.632983000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4016: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4017 207.633340000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4017: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49633 (49633), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4018 207.633546000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4018: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4019 207.634957000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4019: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49633 (49633), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4020 207.635083000 192.168.100.112 192.168.100.2 TCP 54 49633 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 4020: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49633 (49633), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 4021 207.635143000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 58 Fragment: Single opnum: 3 ctx_id: 1 Frame 4021: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2017, Ack: 2065, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 58 Ctx: 1 No. Time Source Destination Protocol Length Info 4022 207.635433000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 58 Fragment: Single ctx_id: 1 Frame 4022: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2065, Ack: 2185, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 58 Ctx: 1 No. Time Source Destination Protocol Length Info 4023 207.636094000 192.168.100.112 192.168.100.2 TCP 66 49634 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4023: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4024 207.636312000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49634 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4024: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4025 207.636360000 192.168.100.112 192.168.100.2 TCP 54 49634 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4025: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4027 207.640942000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 4027: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 4028 207.641203000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 4028: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 4029 207.641417000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 4029: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 4030 207.641453000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 4030: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 4031 207.641651000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49634 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 4031: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 4032 207.642407000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 4032: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 4033 207.642461000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 4033: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #4034] No. Time Source Destination Protocol Length Info 4034 207.642643000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 4034: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #4033] No. Time Source Destination Protocol Length Info 4035 207.642685000 192.168.100.112 192.168.100.2 TCP 54 49634 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 4035: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49634 (49634), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 4036 207.642726000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49634 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 4036: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49634 (49634), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 4037 207.642857000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 59 Fragment: Single opnum: 3 ctx_id: 1 Frame 4037: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2185, Ack: 2237, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 59 Ctx: 1 No. Time Source Destination Protocol Length Info 4038 207.643053000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 59 Fragment: Single ctx_id: 1 Frame 4038: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2237, Ack: 2353, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 59 Ctx: 1 No. Time Source Destination Protocol Length Info 4039 207.643632000 192.168.100.112 192.168.100.2 TCP 66 49635 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4039: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4040 207.643843000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49635 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4040: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4041 207.643884000 192.168.100.112 192.168.100.2 TCP 54 49635 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4041: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4042 207.648424000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 4042: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 4043 207.648634000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 4043: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 4044 207.648839000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 4044: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 4045 207.648875000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 4045: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 4046 207.649057000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49635 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 4046: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 4047 207.649810000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 4047: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 4048 207.649861000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 4048: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #4049] No. Time Source Destination Protocol Length Info 4049 207.650040000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 4049: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #4048] No. Time Source Destination Protocol Length Info 4050 207.650080000 192.168.100.112 192.168.100.2 TCP 54 49635 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 4050: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49635 (49635), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 4051 207.650112000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49635 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 4051: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49635 (49635), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 4052 207.651295000 192.168.100.112 192.168.100.2 TCP 66 49636 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4052: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4053 207.651473000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49636 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4053: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49636 (49636), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4054 207.651523000 192.168.100.112 192.168.100.2 TCP 54 49636 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4054: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4055 207.651545000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4055: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4056 207.651955000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4056: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49636 (49636), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4057 207.656666000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4057: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4058 207.657011000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4058: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49636 (49636), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4059 207.657222000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4059: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4060 207.658114000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4060: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49636 (49636), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4061 207.658213000 192.168.100.112 192.168.100.2 TCP 54 49636 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 4061: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49636 (49636), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 4062 207.658936000 192.168.100.112 192.168.100.2 TCP 66 49637 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4062: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4063 207.659128000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49637 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4063: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49637 (49637), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4064 207.659177000 192.168.100.112 192.168.100.2 TCP 54 49637 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4064: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4065 207.659197000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4065: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4066 207.659501000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4066: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49637 (49637), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4067 207.662734000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4067: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4068 207.663057000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4068: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49637 (49637), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4069 207.663246000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4069: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4070 207.664560000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4070: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49637 (49637), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4071 207.664655000 192.168.100.112 192.168.100.2 TCP 54 49637 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 4071: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49637 (49637), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 4072 207.665307000 192.168.100.112 192.168.100.2 TCP 66 49638 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4072: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4073 207.665520000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49638 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4073: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49638 (49638), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4074 207.665567000 192.168.100.112 192.168.100.2 TCP 54 49638 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4074: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4075 207.665617000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 4075: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4076 207.666051000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 4076: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49638 (49638), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4077 207.669242000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 4077: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4078 207.669750000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 4078: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49638 (49638), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4079 207.669953000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4079: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4080 207.671317000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 4080: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49638 (49638), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4081 207.703280000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=2353 Ack=2409 Win=253 Len=0 Frame 4081: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2353, Ack: 2409, Len: 0 No. Time Source Destination Protocol Length Info 4083 207.718878000 192.168.100.112 192.168.100.2 TCP 54 49638 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 4083: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 4275 219.699867000 192.168.100.112 192.168.100.2 TCP 54 49638 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 4275: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49638 (49638), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 4587 237.626001000 192.168.100.112 192.168.100.2 TCP 66 49639 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4587: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4588 237.626221000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49639 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4588: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49639 (49639), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4589 237.626287000 192.168.100.112 192.168.100.2 TCP 54 49639 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4589: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4590 237.626312000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 4590: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4591 237.626910000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4591: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49639 (49639), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4592 237.626947000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4592: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4593 237.627383000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4593: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49639 (49639), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4594 237.632531000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4594: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4595 237.632883000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4595: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49639 (49639), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4596 237.633100000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4596: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4597 237.634401000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4597: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49639 (49639), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4598 237.634455000 192.168.100.112 192.168.100.2 TCP 54 49639 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 4598: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49639 (49639), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 4599 237.634642000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 60 Fragment: Single opnum: 3 ctx_id: 1 Frame 4599: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2353, Ack: 2409, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 60 Ctx: 1 No. Time Source Destination Protocol Length Info 4600 237.634880000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 60 Fragment: Single ctx_id: 1 Frame 4600: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2409, Ack: 2521, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 60 Ctx: 1 No. Time Source Destination Protocol Length Info 4601 237.635544000 192.168.100.112 192.168.100.2 TCP 66 49640 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4601: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4602 237.635754000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49640 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4602: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4603 237.635799000 192.168.100.112 192.168.100.2 TCP 54 49640 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4603: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4604 237.640402000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 4604: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 4605 237.640674000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 4605: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 4606 237.640887000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 4606: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 4607 237.640923000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 4607: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 4608 237.641089000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49640 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 4608: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 4609 237.642141000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 4609: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 4610 237.642193000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 4610: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #4611] No. Time Source Destination Protocol Length Info 4611 237.642327000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 4611: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #4610] No. Time Source Destination Protocol Length Info 4612 237.642369000 192.168.100.112 192.168.100.2 TCP 54 49640 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 4612: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49640 (49640), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 4613 237.642418000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49640 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 4613: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49640 (49640), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 4614 237.642540000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 61 Fragment: Single opnum: 3 ctx_id: 1 Frame 4614: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2521, Ack: 2581, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 61 Ctx: 1 No. Time Source Destination Protocol Length Info 4615 237.642712000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 61 Fragment: Single ctx_id: 1 Frame 4615: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2581, Ack: 2689, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 61 Ctx: 1 No. Time Source Destination Protocol Length Info 4616 237.643285000 192.168.100.112 192.168.100.2 TCP 66 49641 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4616: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4617 237.643479000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49641 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4617: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4618 237.643519000 192.168.100.112 192.168.100.2 TCP 54 49641 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4618: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4619 237.648068000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 4619: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 4620 237.648288000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 4620: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 4621 237.648492000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 4621: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 4622 237.648528000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 4622: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 4623 237.648717000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49641 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 4623: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 4624 237.649362000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 4624: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 4625 237.649413000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 4625: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #4626] No. Time Source Destination Protocol Length Info 4626 237.649582000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 4626: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #4625] No. Time Source Destination Protocol Length Info 4627 237.649621000 192.168.100.112 192.168.100.2 TCP 54 49641 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 4627: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49641 (49641), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 4628 237.649646000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49641 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 4628: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49641 (49641), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 4629 237.650865000 192.168.100.112 192.168.100.2 TCP 66 49642 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4629: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4630 237.651068000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49642 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4630: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49642 (49642), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4631 237.651116000 192.168.100.112 192.168.100.2 TCP 54 49642 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4631: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4632 237.651143000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4632: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4633 237.651465000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4633: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49642 (49642), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4634 237.656180000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4634: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4635 237.656469000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4635: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49642 (49642), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4636 237.656663000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4636: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4637 237.657740000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4637: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49642 (49642), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4638 237.657797000 192.168.100.112 192.168.100.2 TCP 54 49642 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 4638: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49642 (49642), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 4639 237.658851000 192.168.100.112 192.168.100.2 TCP 66 49643 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4639: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4640 237.659045000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49643 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4640: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49643 (49643), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4641 237.659095000 192.168.100.112 192.168.100.2 TCP 54 49643 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4641: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4642 237.659114000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 4642: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4643 237.659408000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 4643: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49643 (49643), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4644 237.664104000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 4644: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4645 237.664375000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 4645: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49643 (49643), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4646 237.664564000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4646: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4647 237.665466000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 4647: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49643 (49643), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 4648 237.665515000 192.168.100.112 192.168.100.2 TCP 54 49643 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 4648: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49643 (49643), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 4649 237.666509000 192.168.100.112 192.168.100.2 TCP 66 49644 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4649: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4650 237.666657000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49644 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 4650: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49644 (49644), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4651 237.666703000 192.168.100.112 192.168.100.2 TCP 54 49644 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 4651: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4652 237.666757000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 4652: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4653 237.667163000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 4653: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49644 (49644), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4654 237.671713000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 4654: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4655 237.672092000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 4655: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49644 (49644), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4656 237.672302000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 4656: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4657 237.673285000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 4657: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49644 (49644), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 4658 237.707651000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=2689 Ack=2753 Win=251 Len=0 Frame 4658: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2689, Ack: 2753, Len: 0 No. Time Source Destination Protocol Length Info 4659 237.733598000 192.168.100.112 192.168.100.2 TCP 54 49644 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 4659: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 4685 239.506374000 192.168.100.2 192.168.100.112 TCP 60 [TCP Keep-Alive] microsoft-ds > 49291 [ACK] Seq=1 Ack=1 Win=252 Len=1 Frame 4685: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 1, Ack: 1, Len: 1 Data (1 byte) 0000 00 . No. Time Source Destination Protocol Length Info 4686 239.506430000 192.168.100.112 192.168.100.2 TCP 66 [TCP Keep-Alive ACK] 49291 > microsoft-ds [ACK] Seq=1 Ack=2 Win=253 Len=0 SLE=1 SRE=2 Frame 4686: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 1, Ack: 2, Len: 0 No. Time Source Destination Protocol Length Info 4807 249.698989000 192.168.100.112 192.168.100.2 TCP 54 49644 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 4807: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49644 (49644), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 5024 267.625120000 192.168.100.112 192.168.100.2 TCP 66 49645 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5024: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5025 267.625361000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49645 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5025: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49645 (49645), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5026 267.625426000 192.168.100.112 192.168.100.2 TCP 54 49645 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5026: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5027 267.625460000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 5027: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5028 267.626006000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5028: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49645 (49645), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5029 267.626044000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5029: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5030 267.626331000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5030: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49645 (49645), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5031 267.631348000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5031: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5032 267.631656000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5032: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49645 (49645), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5033 267.631899000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5033: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5034 267.633207000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5034: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49645 (49645), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5035 267.633262000 192.168.100.112 192.168.100.2 TCP 54 49645 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 5035: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49645 (49645), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 5036 267.633456000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 62 Fragment: Single opnum: 3 ctx_id: 1 Frame 5036: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2689, Ack: 2753, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 62 Ctx: 1 No. Time Source Destination Protocol Length Info 5037 267.633757000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 62 Fragment: Single ctx_id: 1 Frame 5037: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2753, Ack: 2857, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 62 Ctx: 1 No. Time Source Destination Protocol Length Info 5038 267.634432000 192.168.100.112 192.168.100.2 TCP 66 49646 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5038: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5039 267.634663000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49646 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5039: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5040 267.634714000 192.168.100.112 192.168.100.2 TCP 54 49646 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5040: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5041 267.639436000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 5041: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 5042 267.639782000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 5042: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 5043 267.639985000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 5043: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 5044 267.640024000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 5044: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 5045 267.640229000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49646 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 5045: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 5046 267.640882000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 5046: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 5047 267.640935000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 5047: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #5048] No. Time Source Destination Protocol Length Info 5048 267.641127000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 5048: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #5047] No. Time Source Destination Protocol Length Info 5049 267.641169000 192.168.100.112 192.168.100.2 TCP 54 49646 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 5049: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49646 (49646), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 5050 267.641206000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49646 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 5050: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49646 (49646), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 5051 267.641357000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 63 Fragment: Single opnum: 3 ctx_id: 1 Frame 5051: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 2857, Ack: 2925, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 63 Ctx: 1 No. Time Source Destination Protocol Length Info 5052 267.641630000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 63 Fragment: Single ctx_id: 1 Frame 5052: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 2925, Ack: 3025, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 63 Ctx: 1 No. Time Source Destination Protocol Length Info 5053 267.642220000 192.168.100.112 192.168.100.2 TCP 66 49647 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5053: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5054 267.642406000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49647 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5054: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5055 267.642447000 192.168.100.112 192.168.100.2 TCP 54 49647 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5055: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5056 267.647023000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 5056: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 5057 267.647268000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 5057: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 5058 267.647478000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 5058: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 5059 267.647514000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 5059: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 5060 267.647711000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49647 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 5060: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 5061 267.648430000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 5061: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 5062 267.648481000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 5062: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #5063] No. Time Source Destination Protocol Length Info 5063 267.648675000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 5063: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #5062] No. Time Source Destination Protocol Length Info 5064 267.648714000 192.168.100.112 192.168.100.2 TCP 54 49647 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 5064: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49647 (49647), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 5065 267.648729000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49647 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 5065: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49647 (49647), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 5066 267.649972000 192.168.100.112 192.168.100.2 TCP 66 49648 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5066: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5067 267.650123000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49648 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5067: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49648 (49648), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5068 267.650172000 192.168.100.112 192.168.100.2 TCP 54 49648 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5068: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5069 267.650199000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5069: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5070 267.650589000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5070: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49648 (49648), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5071 267.655315000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5071: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5072 267.655735000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5072: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49648 (49648), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5073 267.655944000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5073: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5074 267.657268000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5074: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49648 (49648), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5075 267.657331000 192.168.100.112 192.168.100.2 TCP 54 49648 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 5075: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49648 (49648), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 5076 267.658399000 192.168.100.112 192.168.100.2 TCP 66 49649 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5076: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5077 267.658581000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49649 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5077: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49649 (49649), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5078 267.658632000 192.168.100.112 192.168.100.2 TCP 54 49649 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5078: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5079 267.658652000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5079: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5080 267.658989000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5080: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49649 (49649), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5081 267.663693000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5081: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5082 267.663988000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5082: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49649 (49649), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5083 267.664181000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5083: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5084 267.665088000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5084: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49649 (49649), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5085 267.665138000 192.168.100.112 192.168.100.2 TCP 54 49649 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 5085: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49649 (49649), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 5086 267.666124000 192.168.100.112 192.168.100.2 TCP 66 49650 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5086: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5087 267.666295000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49650 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5087: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49650 (49650), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5088 267.666344000 192.168.100.112 192.168.100.2 TCP 54 49650 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5088: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5089 267.666378000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 5089: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5090 267.666725000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 5090: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49650 (49650), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5091 267.671139000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 5091: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5092 267.671514000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 5092: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49650 (49650), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5093 267.671726000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5093: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5094 267.672659000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 5094: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49650 (49650), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5095 267.685926000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=3025 Ack=3097 Win=256 Len=0 Frame 5095: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3025, Ack: 3097, Len: 0 No. Time Source Destination Protocol Length Info 5096 267.717125000 192.168.100.112 192.168.100.2 TCP 54 49650 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 5096: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 5375 279.666941000 192.168.100.112 192.168.100.2 TCP 54 49650 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 5375: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49650 (49650), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 5683 297.624212000 192.168.100.112 192.168.100.2 TCP 66 49664 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5683: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5684 297.624425000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49664 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5684: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49664 (49664), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5685 297.624488000 192.168.100.112 192.168.100.2 TCP 54 49664 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5685: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5686 297.624522000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 5686: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5687 297.625081000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5687: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49664 (49664), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5688 297.625119000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5688: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5689 297.625427000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5689: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49664 (49664), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5690 297.630441000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5690: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5691 297.630759000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5691: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49664 (49664), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5692 297.630965000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5692: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5693 297.632419000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5693: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49664 (49664), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5694 297.632472000 192.168.100.112 192.168.100.2 TCP 54 49664 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 5694: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49664 (49664), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 5695 297.632650000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 64 Fragment: Single opnum: 3 ctx_id: 1 Frame 5695: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3025, Ack: 3097, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 64 Ctx: 1 No. Time Source Destination Protocol Length Info 5696 297.632912000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 64 Fragment: Single ctx_id: 1 Frame 5696: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3097, Ack: 3193, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 64 Ctx: 1 No. Time Source Destination Protocol Length Info 5697 297.633563000 192.168.100.112 192.168.100.2 TCP 66 49665 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5697: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5698 297.633728000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49665 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5698: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5699 297.633773000 192.168.100.112 192.168.100.2 TCP 54 49665 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5699: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5700 297.638365000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 5700: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 5701 297.638674000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 5701: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 5702 297.638931000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 5702: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 5703 297.638978000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 5703: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 5704 297.639096000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49665 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 5704: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 5705 297.640059000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 5705: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 5706 297.640114000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 5706: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #5707] No. Time Source Destination Protocol Length Info 5707 297.640247000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 5707: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #5706] No. Time Source Destination Protocol Length Info 5708 297.640291000 192.168.100.112 192.168.100.2 TCP 54 49665 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 5708: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49665 (49665), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 5709 297.640327000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49665 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 5709: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49665 (49665), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 5710 297.640440000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 65 Fragment: Single opnum: 3 ctx_id: 1 Frame 5710: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3193, Ack: 3269, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 65 Ctx: 1 No. Time Source Destination Protocol Length Info 5711 297.640630000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 65 Fragment: Single ctx_id: 1 Frame 5711: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3269, Ack: 3361, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 65 Ctx: 1 No. Time Source Destination Protocol Length Info 5712 297.641238000 192.168.100.112 192.168.100.2 TCP 66 49666 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5712: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5713 297.641415000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49666 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5713: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5714 297.641457000 192.168.100.112 192.168.100.2 TCP 54 49666 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5714: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5715 297.646060000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 5715: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 5716 297.646269000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 5716: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 5717 297.646474000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 5717: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 5718 297.646515000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 5718: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 5719 297.646693000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49666 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 5719: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 5720 297.647331000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 5720: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 5721 297.647380000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 5721: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #5722] No. Time Source Destination Protocol Length Info 5722 297.647502000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 5722: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #5721] No. Time Source Destination Protocol Length Info 5723 297.647541000 192.168.100.112 192.168.100.2 TCP 54 49666 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 5723: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49666 (49666), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 5724 297.647562000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49666 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 5724: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49666 (49666), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 5725 297.648818000 192.168.100.112 192.168.100.2 TCP 66 49667 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5725: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5726 297.648961000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49667 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5726: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49667 (49667), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5727 297.649010000 192.168.100.112 192.168.100.2 TCP 54 49667 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5727: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5728 297.649039000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5728: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5729 297.649384000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5729: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49667 (49667), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5730 297.654126000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5730: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5731 297.654436000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5731: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49667 (49667), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5732 297.654633000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5732: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5733 297.655548000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5733: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49667 (49667), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5734 297.655599000 192.168.100.112 192.168.100.2 TCP 54 49667 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 5734: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49667 (49667), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 5735 297.656653000 192.168.100.112 192.168.100.2 TCP 66 49668 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5735: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5736 297.656883000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49668 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5736: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49668 (49668), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5737 297.656932000 192.168.100.112 192.168.100.2 TCP 54 49668 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5737: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5738 297.656952000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 5738: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5739 297.657244000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 5739: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49668 (49668), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5740 297.661931000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 5740: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5741 297.662211000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 5741: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49668 (49668), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5742 297.662400000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5742: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5743 297.663315000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 5743: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49668 (49668), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 5744 297.663365000 192.168.100.112 192.168.100.2 TCP 54 49668 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 5744: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49668 (49668), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 5745 297.664345000 192.168.100.112 192.168.100.2 TCP 66 49669 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5745: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5746 297.664516000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49669 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 5746: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49669 (49669), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5747 297.664563000 192.168.100.112 192.168.100.2 TCP 54 49669 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 5747: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5748 297.664612000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 5748: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5749 297.665121000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 5749: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49669 (49669), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5750 297.669798000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 5750: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5751 297.670147000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 5751: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49669 (49669), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5752 297.670312000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 5752: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5753 297.671221000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 5753: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49669 (49669), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 5754 297.698396000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=3361 Ack=3441 Win=255 Len=0 Frame 5754: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3361, Ack: 3441, Len: 0 No. Time Source Destination Protocol Length Info 5757 297.716242000 192.168.100.112 192.168.100.2 TCP 54 49669 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 5757: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 5979 309.650439000 192.168.100.112 192.168.100.2 TCP 54 49669 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 5979: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49669 (49669), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 6221 327.623381000 192.168.100.112 192.168.100.2 TCP 66 49670 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6221: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6222 327.623606000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49670 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6222: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49670 (49670), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6223 327.623676000 192.168.100.112 192.168.100.2 TCP 54 49670 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6223: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6224 327.623702000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 6224: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6225 327.624253000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6225: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49670 (49670), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6226 327.624291000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6226: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6227 327.624616000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6227: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49670 (49670), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6228 327.629645000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6228: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6229 327.629990000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6229: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49670 (49670), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6230 327.630200000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6230: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6231 327.631502000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6231: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49670 (49670), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6232 327.631575000 192.168.100.112 192.168.100.2 TCP 54 49670 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 6232: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49670 (49670), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 6233 327.631728000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 66 Fragment: Single opnum: 3 ctx_id: 1 Frame 6233: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3361, Ack: 3441, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 66 Ctx: 1 No. Time Source Destination Protocol Length Info 6234 327.631982000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 66 Fragment: Single ctx_id: 1 Frame 6234: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3441, Ack: 3529, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 66 Ctx: 1 No. Time Source Destination Protocol Length Info 6235 327.632636000 192.168.100.112 192.168.100.2 TCP 66 49671 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6235: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6236 327.632789000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49671 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6236: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6237 327.632836000 192.168.100.112 192.168.100.2 TCP 54 49671 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6237: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6238 327.637461000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 6238: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 6239 327.637756000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 6239: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 6240 327.637978000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 6240: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 6241 327.638013000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 6241: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 6242 327.638163000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49671 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 6242: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 6243 327.638902000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 6243: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 6244 327.638958000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 6244: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #6245] No. Time Source Destination Protocol Length Info 6245 327.639136000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 6245: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #6244] No. Time Source Destination Protocol Length Info 6246 327.639180000 192.168.100.112 192.168.100.2 TCP 54 49671 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 6246: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49671 (49671), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 6247 327.639223000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49671 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 6247: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49671 (49671), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 6248 327.639289000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 67 Fragment: Single opnum: 3 ctx_id: 1 Frame 6248: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3529, Ack: 3613, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 67 Ctx: 1 No. Time Source Destination Protocol Length Info 6249 327.639457000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 67 Fragment: Single ctx_id: 1 Frame 6249: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3613, Ack: 3697, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 67 Ctx: 1 No. Time Source Destination Protocol Length Info 6250 327.640048000 192.168.100.112 192.168.100.2 TCP 66 49672 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6250: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6251 327.640299000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49672 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6251: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6252 327.640338000 192.168.100.112 192.168.100.2 TCP 54 49672 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6252: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6254 327.644917000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 6254: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 6255 327.645205000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 6255: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 6256 327.645411000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 6256: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 6257 327.645449000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 6257: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 6258 327.645593000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49672 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 6258: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 6259 327.646235000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 6259: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 6260 327.646284000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 6260: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #6261] No. Time Source Destination Protocol Length Info 6261 327.646446000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 6261: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #6260] No. Time Source Destination Protocol Length Info 6262 327.646485000 192.168.100.112 192.168.100.2 TCP 54 49672 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 6262: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49672 (49672), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 6263 327.646506000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49672 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 6263: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49672 (49672), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 6264 327.647723000 192.168.100.112 192.168.100.2 TCP 66 49673 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6264: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6265 327.647887000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49673 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6265: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49673 (49673), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6266 327.647936000 192.168.100.112 192.168.100.2 TCP 54 49673 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6266: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6267 327.647964000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6267: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6268 327.648270000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6268: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49673 (49673), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6269 327.653110000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6269: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6270 327.653370000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6270: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49673 (49673), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6271 327.653587000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6271: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6272 327.654541000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6272: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49673 (49673), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6273 327.654611000 192.168.100.112 192.168.100.2 TCP 54 49673 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 6273: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49673 (49673), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 6274 327.655697000 192.168.100.112 192.168.100.2 TCP 66 49674 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6274: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6275 327.655860000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49674 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6275: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49674 (49674), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6276 327.655910000 192.168.100.112 192.168.100.2 TCP 54 49674 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6276: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6277 327.655958000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6277: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6278 327.656269000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6278: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49674 (49674), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6279 327.660994000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6279: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6280 327.661274000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6280: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49674 (49674), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6281 327.661470000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6281: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6282 327.662395000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6282: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49674 (49674), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6283 327.662457000 192.168.100.112 192.168.100.2 TCP 54 49674 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 6283: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49674 (49674), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 6284 327.663452000 192.168.100.112 192.168.100.2 TCP 66 49675 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6284: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6285 327.664164000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49675 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6285: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49675 (49675), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6286 327.664212000 192.168.100.112 192.168.100.2 TCP 54 49675 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6286: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6287 327.664246000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 6287: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6288 327.664666000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 6288: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49675 (49675), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6289 327.669178000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 6289: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6290 327.669527000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 6290: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49675 (49675), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6291 327.669730000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6291: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6292 327.670601000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 6292: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49675 (49675), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6293 327.684168000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=3697 Ack=3785 Win=253 Len=0 Frame 6293: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3697, Ack: 3785, Len: 0 No. Time Source Destination Protocol Length Info 6294 327.730955000 192.168.100.112 192.168.100.2 TCP 54 49675 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 6294: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 6491 339.680771000 192.168.100.112 192.168.100.2 TCP 54 49675 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 6491: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49675 (49675), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 6754 357.622612000 192.168.100.112 192.168.100.2 TCP 66 49677 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6754: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6755 357.622886000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49677 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6755: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49677 (49677), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6756 357.622953000 192.168.100.112 192.168.100.2 TCP 54 49677 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6756: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6757 357.622989000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 6757: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6758 357.623541000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6758: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49677 (49677), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6759 357.623578000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6759: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6760 357.623867000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6760: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49677 (49677), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6761 357.628880000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6761: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6762 357.629230000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6762: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49677 (49677), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6763 357.629448000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6763: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6764 357.630740000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6764: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49677 (49677), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6765 357.630839000 192.168.100.112 192.168.100.2 TCP 54 49677 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 6765: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49677 (49677), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 6766 357.630954000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 68 Fragment: Single opnum: 3 ctx_id: 1 Frame 6766: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3697, Ack: 3785, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 68 Ctx: 1 No. Time Source Destination Protocol Length Info 6767 357.631205000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 68 Fragment: Single ctx_id: 1 Frame 6767: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3785, Ack: 3865, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 68 Ctx: 1 No. Time Source Destination Protocol Length Info 6768 357.631879000 192.168.100.112 192.168.100.2 TCP 66 49678 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6768: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6769 357.632117000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49678 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6769: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6770 357.632160000 192.168.100.112 192.168.100.2 TCP 54 49678 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6770: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6771 357.636819000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 6771: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 6772 357.637135000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 6772: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 6773 357.637340000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 6773: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 6774 357.637377000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 6774: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 6775 357.637569000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49678 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 6775: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 6776 357.638225000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 6776: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 6777 357.638274000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 6777: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #6778] No. Time Source Destination Protocol Length Info 6778 357.638408000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 6778: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #6777] No. Time Source Destination Protocol Length Info 6779 357.638451000 192.168.100.112 192.168.100.2 TCP 54 49678 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 6779: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49678 (49678), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 6780 357.638494000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49678 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 6780: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49678 (49678), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 6781 357.638563000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 69 Fragment: Single opnum: 3 ctx_id: 1 Frame 6781: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 3865, Ack: 3957, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 69 Ctx: 1 No. Time Source Destination Protocol Length Info 6782 357.638711000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 69 Fragment: Single ctx_id: 1 Frame 6782: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 3957, Ack: 4033, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 69 Ctx: 1 No. Time Source Destination Protocol Length Info 6783 357.639302000 192.168.100.112 192.168.100.2 TCP 66 49679 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6783: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6784 357.639471000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49679 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6784: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6785 357.639511000 192.168.100.112 192.168.100.2 TCP 54 49679 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6785: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6786 357.644031000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 6786: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 6787 357.644246000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 6787: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 6788 357.644449000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 6788: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 6789 357.644485000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 6789: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 6790 357.644644000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49679 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 6790: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 6791 357.645378000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 6791: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 6792 357.645428000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 6792: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #6793] No. Time Source Destination Protocol Length Info 6793 357.645570000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 6793: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #6792] No. Time Source Destination Protocol Length Info 6794 357.645608000 192.168.100.112 192.168.100.2 TCP 54 49679 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 6794: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49679 (49679), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 6795 357.645639000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49679 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 6795: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49679 (49679), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 6796 357.646877000 192.168.100.112 192.168.100.2 TCP 66 49680 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6796: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6797 357.647043000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49680 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6797: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49680 (49680), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6798 357.647095000 192.168.100.112 192.168.100.2 TCP 54 49680 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6798: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6799 357.647118000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6799: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6800 357.647492000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6800: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49680 (49680), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6801 357.652306000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6801: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6802 357.652611000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6802: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49680 (49680), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6803 357.652823000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6803: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6804 357.653699000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6804: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49680 (49680), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6805 357.653808000 192.168.100.112 192.168.100.2 TCP 54 49680 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 6805: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49680 (49680), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 6806 357.654896000 192.168.100.112 192.168.100.2 TCP 66 49681 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6806: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6807 357.655072000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49681 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6807: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49681 (49681), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6808 357.655130000 192.168.100.112 192.168.100.2 TCP 54 49681 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6808: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6809 357.655151000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 6809: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6810 357.655420000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 6810: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49681 (49681), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6811 357.660262000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 6811: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6812 357.660516000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 6812: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49681 (49681), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6813 357.660735000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6813: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6814 357.661685000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 6814: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49681 (49681), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 6815 357.661787000 192.168.100.112 192.168.100.2 TCP 54 49681 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 6815: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49681 (49681), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 6816 357.662806000 192.168.100.112 192.168.100.2 TCP 66 49682 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6816: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6817 357.662987000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49682 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 6817: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49682 (49682), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6818 357.663040000 192.168.100.112 192.168.100.2 TCP 54 49682 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 6818: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6819 357.663074000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 6819: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6820 357.663408000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 6820: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49682 (49682), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6821 357.668288000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 6821: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6822 357.668716000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 6822: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49682 (49682), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6823 357.668949000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 6823: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6824 357.669840000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 6824: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49682 (49682), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6825 357.696946000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=4033 Ack=4129 Win=252 Len=0 Frame 6825: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4033, Ack: 4129, Len: 0 No. Time Source Destination Protocol Length Info 6826 357.730090000 192.168.100.112 192.168.100.2 TCP 54 49682 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 6826: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 6868 359.511662000 192.168.100.2 192.168.100.112 TCP 60 [TCP Keep-Alive] microsoft-ds > 49291 [ACK] Seq=1 Ack=1 Win=252 Len=1 Frame 6868: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 1, Ack: 1, Len: 1 Data (1 byte) 0000 00 . No. Time Source Destination Protocol Length Info 6869 359.511713000 192.168.100.112 192.168.100.2 TCP 66 [TCP Keep-Alive ACK] 49291 > microsoft-ds [ACK] Seq=1 Ack=2 Win=253 Len=0 SLE=1 SRE=2 Frame 6869: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 1, Ack: 2, Len: 0 No. Time Source Destination Protocol Length Info 7078 371.583087000 192.168.100.112 192.168.100.2 TCP 54 49682 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 7078: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49682 (49682), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 7317 387.621623000 192.168.100.112 192.168.100.2 TCP 66 49683 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7317: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7318 387.621841000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49683 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7318: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49683 (49683), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7319 387.621904000 192.168.100.112 192.168.100.2 TCP 54 49683 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7319: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7320 387.621938000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 7320: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7321 387.622478000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7321: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49683 (49683), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7322 387.622515000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7322: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7323 387.622898000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7323: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49683 (49683), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7324 387.627905000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7324: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7325 387.628205000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7325: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49683 (49683), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7326 387.628410000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7326: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7327 387.629715000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7327: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49683 (49683), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7328 387.629770000 192.168.100.112 192.168.100.2 TCP 54 49683 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 7328: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49683 (49683), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 7329 387.629944000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 70 Fragment: Single opnum: 3 ctx_id: 1 Frame 7329: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4033, Ack: 4129, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 70 Ctx: 1 No. Time Source Destination Protocol Length Info 7330 387.630219000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 70 Fragment: Single ctx_id: 1 Frame 7330: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4129, Ack: 4201, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 70 Ctx: 1 No. Time Source Destination Protocol Length Info 7331 387.630868000 192.168.100.112 192.168.100.2 TCP 66 49684 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7331: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7332 387.631020000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49684 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7332: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7333 387.631068000 192.168.100.112 192.168.100.2 TCP 54 49684 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7333: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7334 387.635793000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 7334: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 7335 387.636080000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 7335: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 7336 387.636300000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 7336: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 7337 387.636336000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 7337: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 7338 387.636519000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49684 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 7338: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 7339 387.637188000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 7339: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 7340 387.637244000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 7340: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #7341] No. Time Source Destination Protocol Length Info 7341 387.637367000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 7341: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #7340] No. Time Source Destination Protocol Length Info 7342 387.637410000 192.168.100.112 192.168.100.2 TCP 54 49684 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 7342: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49684 (49684), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 7343 387.637451000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49684 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 7343: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49684 (49684), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 7344 387.637583000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 71 Fragment: Single opnum: 3 ctx_id: 1 Frame 7344: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4201, Ack: 4301, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 71 Ctx: 1 No. Time Source Destination Protocol Length Info 7345 387.637848000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 71 Fragment: Single ctx_id: 1 Frame 7345: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4301, Ack: 4369, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 71 Ctx: 1 No. Time Source Destination Protocol Length Info 7346 387.638455000 192.168.100.112 192.168.100.2 TCP 66 49685 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7346: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7347 387.638675000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49685 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7347: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7348 387.638714000 192.168.100.112 192.168.100.2 TCP 54 49685 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7348: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7349 387.643270000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 7349: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 7350 387.643528000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 7350: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 7351 387.643734000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 7351: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 7352 387.643767000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 7352: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 7353 387.643946000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49685 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 7353: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 7354 387.644604000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 7354: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 7355 387.644655000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 7355: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #7356] No. Time Source Destination Protocol Length Info 7356 387.644806000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 7356: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #7355] No. Time Source Destination Protocol Length Info 7357 387.644845000 192.168.100.112 192.168.100.2 TCP 54 49685 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 7357: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49685 (49685), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 7358 387.644869000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49685 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 7358: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49685 (49685), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 7359 387.646100000 192.168.100.112 192.168.100.2 TCP 66 49686 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7359: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7360 387.646260000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49686 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7360: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49686 (49686), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7361 387.646308000 192.168.100.112 192.168.100.2 TCP 54 49686 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7361: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7362 387.646334000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7362: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7363 387.646658000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7363: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49686 (49686), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7364 387.651362000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7364: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7365 387.651734000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7365: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49686 (49686), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7366 387.651945000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7366: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7367 387.652921000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7367: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49686 (49686), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7368 387.652971000 192.168.100.112 192.168.100.2 TCP 54 49686 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 7368: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49686 (49686), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 7369 387.654046000 192.168.100.112 192.168.100.2 TCP 66 49687 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7369: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7370 387.654229000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49687 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7370: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49687 (49687), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7371 387.654278000 192.168.100.112 192.168.100.2 TCP 54 49687 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7371: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7372 387.654295000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7372: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7373 387.654677000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7373: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49687 (49687), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7374 387.659371000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7374: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7375 387.659617000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7375: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49687 (49687), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7376 387.659805000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7376: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7377 387.660700000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7377: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49687 (49687), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7378 387.660750000 192.168.100.112 192.168.100.2 TCP 54 49687 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 7378: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49687 (49687), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 7379 387.661713000 192.168.100.112 192.168.100.2 TCP 66 49688 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7379: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7380 387.661946000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49688 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7380: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49688 (49688), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7381 387.661992000 192.168.100.112 192.168.100.2 TCP 54 49688 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7381: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7382 387.662044000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 7382: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7383 387.662518000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 7383: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49688 (49688), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7384 387.667140000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 7384: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7385 387.667555000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 7385: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49688 (49688), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7386 387.667756000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7386: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7387 387.669065000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 7387: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49688 (49688), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7388 387.698002000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=4369 Ack=4473 Win=251 Len=0 Frame 7388: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4369, Ack: 4473, Len: 0 No. Time Source Destination Protocol Length Info 7389 387.729245000 192.168.100.112 192.168.100.2 TCP 54 49688 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 7389: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 7567 399.710197000 192.168.100.112 192.168.100.2 TCP 54 49688 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 7567: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49688 (49688), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 7840 417.620739000 192.168.100.112 192.168.100.2 TCP 66 49689 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7840: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7841 417.620973000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49689 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7841: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49689 (49689), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7842 417.621035000 192.168.100.112 192.168.100.2 TCP 54 49689 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7842: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7843 417.621070000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 7843: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7844 417.621615000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7844: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49689 (49689), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7845 417.621652000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7845: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7846 417.621940000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7846: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49689 (49689), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7847 417.626956000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7847: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7848 417.627279000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7848: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49689 (49689), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7849 417.627487000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7849: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7850 417.628807000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7850: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49689 (49689), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7851 417.628893000 192.168.100.112 192.168.100.2 TCP 54 49689 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 7851: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49689 (49689), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 7852 417.629079000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 72 Fragment: Single opnum: 3 ctx_id: 1 Frame 7852: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4369, Ack: 4473, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 72 Ctx: 1 No. Time Source Destination Protocol Length Info 7853 417.629337000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 72 Fragment: Single ctx_id: 1 Frame 7853: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4473, Ack: 4537, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 72 Ctx: 1 No. Time Source Destination Protocol Length Info 7854 417.630005000 192.168.100.112 192.168.100.2 TCP 66 49690 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7854: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7855 417.630235000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49690 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7855: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7856 417.630279000 192.168.100.112 192.168.100.2 TCP 54 49690 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7856: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7857 417.634906000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 7857: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 7858 417.635209000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 7858: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 7859 417.635422000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 7859: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 7860 417.635460000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 7860: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 7861 417.635602000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49690 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 7861: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 7862 417.636317000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 7862: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 7863 417.636379000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 7863: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #7864] No. Time Source Destination Protocol Length Info 7864 417.636529000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 7864: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #7863] No. Time Source Destination Protocol Length Info 7865 417.636606000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49690 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 7865: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 7866 417.636630000 192.168.100.112 192.168.100.2 TCP 54 49690 > 49176 [ACK] Seq=1049 Ack=418 Win=65280 Len=0 Frame 7866: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 1049, Ack: 418, Len: 0 No. Time Source Destination Protocol Length Info 7867 417.636637000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 73 Fragment: Single opnum: 3 ctx_id: 1 Frame 7867: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4537, Ack: 4645, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 73 Ctx: 1 No. Time Source Destination Protocol Length Info 7868 417.636670000 192.168.100.112 192.168.100.2 TCP 54 49690 > 49176 [FIN, ACK] Seq=1049 Ack=418 Win=65280 Len=0 Frame 7868: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49690 (49690), Dst Port: 49176 (49176), Seq: 1049, Ack: 418, Len: 0 No. Time Source Destination Protocol Length Info 7869 417.636804000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49690 [ACK] Seq=418 Ack=1050 Win=64768 Len=0 Frame 7869: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49690 (49690), Seq: 418, Ack: 1050, Len: 0 No. Time Source Destination Protocol Length Info 7870 417.636836000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 73 Fragment: Single ctx_id: 1 Frame 7870: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4645, Ack: 4705, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 73 Ctx: 1 No. Time Source Destination Protocol Length Info 7871 417.637484000 192.168.100.112 192.168.100.2 TCP 66 49691 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7871: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7872 417.637657000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49691 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7872: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7873 417.637707000 192.168.100.112 192.168.100.2 TCP 54 49691 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7873: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7874 417.642356000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 7874: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 7875 417.642595000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 7875: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 7876 417.642809000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 7876: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 7877 417.642842000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 7877: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 7878 417.643033000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49691 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 7878: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 7879 417.643613000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 7879: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 7880 417.643723000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 7880: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #7881] No. Time Source Destination Protocol Length Info 7881 417.643885000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 7881: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #7880] No. Time Source Destination Protocol Length Info 7882 417.643930000 192.168.100.112 192.168.100.2 TCP 54 49691 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 7882: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49691 (49691), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 7883 417.643945000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49691 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 7883: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49691 (49691), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 7884 417.645280000 192.168.100.112 192.168.100.2 TCP 66 49692 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7884: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7885 417.645443000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49692 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7885: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49692 (49692), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7886 417.645495000 192.168.100.112 192.168.100.2 TCP 54 49692 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7886: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7887 417.645552000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7887: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7888 417.645879000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7888: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49692 (49692), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7889 417.650670000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7889: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7890 417.650970000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7890: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49692 (49692), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7891 417.651165000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7891: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7892 417.652056000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7892: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49692 (49692), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7893 417.652163000 192.168.100.112 192.168.100.2 TCP 54 49692 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 7893: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49692 (49692), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 7894 417.653195000 192.168.100.112 192.168.100.2 TCP 66 49693 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7894: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7895 417.653342000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49693 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7895: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49693 (49693), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7896 417.653393000 192.168.100.112 192.168.100.2 TCP 54 49693 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7896: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7897 417.653413000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 7897: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7898 417.653683000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 7898: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49693 (49693), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7899 417.658398000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 7899: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7900 417.658695000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 7900: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49693 (49693), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7901 417.658887000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7901: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7902 417.659801000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 7902: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49693 (49693), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 7903 417.659901000 192.168.100.112 192.168.100.2 TCP 54 49693 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 7903: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49693 (49693), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 7904 417.660850000 192.168.100.112 192.168.100.2 TCP 66 49694 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7904: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7905 417.661002000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49694 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 7905: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49694 (49694), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7906 417.661051000 192.168.100.112 192.168.100.2 TCP 54 49694 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 7906: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7907 417.661084000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 7907: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7908 417.661479000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 7908: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49694 (49694), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7909 417.666268000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 7909: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7910 417.666696000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 7910: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49694 (49694), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7911 417.666923000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 7911: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7912 417.667915000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 7912: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49694 (49694), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 7913 417.699669000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=4705 Ack=4817 Win=255 Len=0 Frame 7913: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4705, Ack: 4817, Len: 0 No. Time Source Destination Protocol Length Info 7914 417.728329000 192.168.100.112 192.168.100.2 TCP 54 49694 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 7914: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 8131 429.662517000 192.168.100.112 192.168.100.2 TCP 54 49694 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 8131: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49694 (49694), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 8509 447.620068000 192.168.100.112 192.168.100.2 TCP 66 49695 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8509: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8510 447.620288000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49695 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8510: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49695 (49695), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8511 447.620359000 192.168.100.112 192.168.100.2 TCP 54 49695 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8511: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8512 447.620397000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 8512: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8513 447.620982000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 8513: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49695 (49695), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8514 447.621021000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 8514: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8515 447.621361000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 8515: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49695 (49695), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8516 447.626432000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 8516: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8517 447.626761000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 8517: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49695 (49695), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8518 447.626969000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 8518: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8519 447.628324000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 8519: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49695 (49695), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8520 447.628395000 192.168.100.112 192.168.100.2 TCP 54 49695 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 8520: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49695 (49695), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 8521 447.628570000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 74 Fragment: Single opnum: 3 ctx_id: 1 Frame 8521: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4705, Ack: 4817, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 74 Ctx: 1 No. Time Source Destination Protocol Length Info 8522 447.628810000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 74 Fragment: Single ctx_id: 1 Frame 8522: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4817, Ack: 4873, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 74 Ctx: 1 No. Time Source Destination Protocol Length Info 8523 447.629513000 192.168.100.112 192.168.100.2 TCP 66 49696 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8523: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8524 447.629700000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49696 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8524: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8525 447.629750000 192.168.100.112 192.168.100.2 TCP 54 49696 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8525: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8526 447.634350000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 8526: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 8527 447.634594000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 8527: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 8528 447.634826000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 8528: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 8529 447.634861000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 8529: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 8530 447.635032000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49696 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 8530: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 8531 447.635669000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 8531: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 8532 447.635764000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 8532: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #8533] No. Time Source Destination Protocol Length Info 8533 447.635940000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 8533: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #8532] No. Time Source Destination Protocol Length Info 8534 447.635997000 192.168.100.112 192.168.100.2 TCP 54 49696 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 8534: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49696 (49696), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 8535 447.636032000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49696 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 8535: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49696 (49696), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 8536 447.636151000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 75 Fragment: Single opnum: 3 ctx_id: 1 Frame 8536: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 4873, Ack: 4989, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 75 Ctx: 1 No. Time Source Destination Protocol Length Info 8537 447.636339000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 75 Fragment: Single ctx_id: 1 Frame 8537: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 4989, Ack: 5041, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 75 Ctx: 1 No. Time Source Destination Protocol Length Info 8538 447.637149000 192.168.100.112 192.168.100.2 TCP 66 49697 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8538: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8539 447.637358000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49697 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8539: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8540 447.637407000 192.168.100.112 192.168.100.2 TCP 54 49697 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8540: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8541 447.642072000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 8541: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 8542 447.642285000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 8542: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 8543 447.642494000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 8543: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 8544 447.642530000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 8544: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 8545 447.642703000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49697 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 8545: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 8546 447.643313000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 8546: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 8547 447.643360000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 8547: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #8548] No. Time Source Destination Protocol Length Info 8548 447.643484000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 8548: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #8547] No. Time Source Destination Protocol Length Info 8549 447.643525000 192.168.100.112 192.168.100.2 TCP 54 49697 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 8549: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49697 (49697), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 8550 447.643552000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49697 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 8550: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49697 (49697), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 8551 447.644867000 192.168.100.112 192.168.100.2 TCP 66 49698 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8551: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8552 447.645043000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49698 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8552: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49698 (49698), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8553 447.645093000 192.168.100.112 192.168.100.2 TCP 54 49698 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8553: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8554 447.645121000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 8554: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8555 447.645542000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 8555: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49698 (49698), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8556 447.650266000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 8556: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8557 447.650578000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 8557: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49698 (49698), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8558 447.650787000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 8558: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8559 447.651716000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 8559: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49698 (49698), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8560 447.651781000 192.168.100.112 192.168.100.2 TCP 54 49698 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 8560: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49698 (49698), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 8561 447.652836000 192.168.100.112 192.168.100.2 TCP 66 49699 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8561: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8562 447.652984000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49699 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8562: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49699 (49699), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8563 447.653033000 192.168.100.112 192.168.100.2 TCP 54 49699 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8563: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8564 447.653053000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 8564: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8565 447.653403000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 8565: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49699 (49699), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8566 447.658250000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 8566: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8567 447.658546000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 8567: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49699 (49699), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8568 447.658749000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 8568: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8569 447.659650000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 8569: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49699 (49699), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8570 447.659713000 192.168.100.112 192.168.100.2 TCP 54 49699 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 8570: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49699 (49699), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 8571 447.660738000 192.168.100.112 192.168.100.2 TCP 66 49700 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8571: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8572 447.660918000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49700 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 8572: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49700 (49700), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8573 447.660968000 192.168.100.112 192.168.100.2 TCP 54 49700 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 8573: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8574 447.661001000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 8574: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8575 447.661342000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 8575: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49700 (49700), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8576 447.665794000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 8576: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8577 447.666203000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 8577: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49700 (49700), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8578 447.666406000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 8578: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8579 447.667351000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 8579: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49700 (49700), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 8580 447.696281000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=5041 Ack=5161 Win=254 Len=0 Frame 8580: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5041, Ack: 5161, Len: 0 No. Time Source Destination Protocol Length Info 8581 447.727463000 192.168.100.112 192.168.100.2 TCP 54 49700 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 8581: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 8649 451.677728000 192.168.100.112 192.168.100.2 SMB2 346 Create Request File: desktop.ini Frame 8649: 346 bytes on wire (2768 bits), 346 bytes captured (2768 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 1, Ack: 2, Len: 292 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8650 451.678037000 192.168.100.2 192.168.100.112 SMB2 131 Create Response, Error: STATUS_OBJECT_NAME_NOT_FOUND Frame 8650: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 2, Ack: 293, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 8653 451.736704000 192.168.100.112 192.168.100.2 TCP 54 49291 > microsoft-ds [ACK] Seq=293 Ack=79 Win=253 Len=0 Frame 8653: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 293, Ack: 79, Len: 0 No. Time Source Destination Protocol Length Info 8797 459.708432000 192.168.100.112 192.168.100.2 TCP 54 49700 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 8797: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49700 (49700), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 9059 477.618964000 192.168.100.112 192.168.100.2 TCP 66 49701 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9059: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9060 477.619216000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49701 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9060: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49701 (49701), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9061 477.619283000 192.168.100.112 192.168.100.2 TCP 54 49701 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9061: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9062 477.619308000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 9062: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9063 477.619824000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9063: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49701 (49701), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9064 477.619862000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9064: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9065 477.620178000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9065: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49701 (49701), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9066 477.625189000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9066: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9067 477.625520000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9067: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49701 (49701), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9068 477.625737000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9068: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9069 477.627057000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9069: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49701 (49701), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9070 477.627126000 192.168.100.112 192.168.100.2 TCP 54 49701 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 9070: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49701 (49701), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 9071 477.627274000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 76 Fragment: Single opnum: 3 ctx_id: 1 Frame 9071: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5041, Ack: 5161, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 76 Ctx: 1 No. Time Source Destination Protocol Length Info 9072 477.627495000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 76 Fragment: Single ctx_id: 1 Frame 9072: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 5161, Ack: 5209, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 76 Ctx: 1 No. Time Source Destination Protocol Length Info 9073 477.628142000 192.168.100.112 192.168.100.2 TCP 66 49702 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9073: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9074 477.628349000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49702 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9074: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9075 477.628391000 192.168.100.112 192.168.100.2 TCP 54 49702 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9075: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9076 477.632964000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 9076: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 9077 477.633201000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 9077: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 9078 477.633398000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 9078: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 9079 477.633436000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 9079: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 9080 477.633624000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49702 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 9080: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 9081 477.634316000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 9081: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 9082 477.634368000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 9082: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #9083] No. Time Source Destination Protocol Length Info 9083 477.634554000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 9083: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #9082] No. Time Source Destination Protocol Length Info 9084 477.634597000 192.168.100.112 192.168.100.2 TCP 54 49702 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 9084: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49702 (49702), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 9085 477.634647000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49702 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 9085: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49702 (49702), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 9086 477.634777000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 77 Fragment: Single opnum: 3 ctx_id: 1 Frame 9086: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5209, Ack: 5333, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 77 Ctx: 1 No. Time Source Destination Protocol Length Info 9087 477.634939000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 77 Fragment: Single ctx_id: 1 Frame 9087: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 5333, Ack: 5377, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 77 Ctx: 1 No. Time Source Destination Protocol Length Info 9088 477.635519000 192.168.100.112 192.168.100.2 TCP 66 49703 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9088: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9089 477.635675000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49703 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9089: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9090 477.635715000 192.168.100.112 192.168.100.2 TCP 54 49703 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9090: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9092 477.640309000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 9092: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 9093 477.640542000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 9093: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 9094 477.640742000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 9094: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 9095 477.640777000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 9095: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 9096 477.640928000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49703 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 9096: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 9097 477.641601000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 9097: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 9098 477.641652000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 9098: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #9099] No. Time Source Destination Protocol Length Info 9099 477.641772000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 9099: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #9098] No. Time Source Destination Protocol Length Info 9100 477.641810000 192.168.100.112 192.168.100.2 TCP 54 49703 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 9100: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49703 (49703), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 9101 477.641835000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49703 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 9101: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49703 (49703), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 9102 477.643074000 192.168.100.112 192.168.100.2 TCP 66 49704 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9102: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9103 477.643337000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49704 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9103: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49704 (49704), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9104 477.643384000 192.168.100.112 192.168.100.2 TCP 54 49704 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9104: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9105 477.643411000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9105: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9106 477.643710000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9106: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49704 (49704), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9107 477.648397000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9107: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9108 477.648704000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9108: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49704 (49704), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9109 477.648908000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9109: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9110 477.649811000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9110: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49704 (49704), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9111 477.649877000 192.168.100.112 192.168.100.2 TCP 54 49704 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 9111: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49704 (49704), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 9112 477.650930000 192.168.100.112 192.168.100.2 TCP 66 49705 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9112: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9113 477.651148000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49705 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9113: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49705 (49705), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9114 477.651197000 192.168.100.112 192.168.100.2 TCP 54 49705 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9114: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9115 477.651216000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9115: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9116 477.651490000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9116: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49705 (49705), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9117 477.656168000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9117: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9118 477.656411000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9118: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49705 (49705), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9119 477.656600000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9119: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9120 477.657434000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9120: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49705 (49705), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9121 477.657494000 192.168.100.112 192.168.100.2 TCP 54 49705 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 9121: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49705 (49705), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 9122 477.658476000 192.168.100.112 192.168.100.2 TCP 66 49706 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9122: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9123 477.658669000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49706 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9123: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49706 (49706), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9124 477.658716000 192.168.100.112 192.168.100.2 TCP 54 49706 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9124: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9125 477.658765000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 9125: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9126 477.659207000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 9126: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49706 (49706), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9127 477.663869000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 9127: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9128 477.664254000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 9128: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49706 (49706), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9129 477.664432000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9129: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9130 477.665388000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 9130: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49706 (49706), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9131 477.695364000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=5377 Ack=5505 Win=253 Len=0 Frame 9131: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5377, Ack: 5505, Len: 0 No. Time Source Destination Protocol Length Info 9133 477.726561000 192.168.100.112 192.168.100.2 TCP 54 49706 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 9133: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 9184 481.689040000 192.168.100.112 192.168.100.2 TCP 55 [TCP Keep-Alive] 49291 > microsoft-ds [ACK] Seq=292 Ack=79 Win=253 Len=1 Frame 9184: 55 bytes on wire (440 bits), 55 bytes captured (440 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 292, Ack: 79, Len: 1 Data (1 byte) 0000 00 . No. Time Source Destination Protocol Length Info 9185 481.689248000 192.168.100.2 192.168.100.112 TCP 66 [TCP Keep-Alive ACK] microsoft-ds > 49291 [ACK] Seq=79 Ack=293 Win=251 Len=0 SLE=292 SRE=293 Frame 9185: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 79, Ack: 293, Len: 0 No. Time Source Destination Protocol Length Info 9290 489.691950000 192.168.100.112 192.168.100.2 TCP 54 49706 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 9290: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49706 (49706), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 9564 507.618056000 192.168.100.112 192.168.100.2 TCP 66 49707 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9564: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9565 507.618321000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49707 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9565: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49707 (49707), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9566 507.618389000 192.168.100.112 192.168.100.2 TCP 54 49707 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9566: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9567 507.618449000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 9567: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9568 507.618972000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9568: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49707 (49707), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9569 507.619012000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9569: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9570 507.619347000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9570: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49707 (49707), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9571 507.624354000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9571: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9572 507.624794000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9572: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49707 (49707), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9573 507.625002000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9573: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9574 507.626547000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9574: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49707 (49707), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9575 507.626615000 192.168.100.112 192.168.100.2 TCP 54 49707 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 9575: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49707 (49707), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 9576 507.626795000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 78 Fragment: Single opnum: 3 ctx_id: 1 Frame 9576: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5377, Ack: 5505, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 78 Ctx: 1 No. Time Source Destination Protocol Length Info 9577 507.627059000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 78 Fragment: Single ctx_id: 1 Frame 9577: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 5505, Ack: 5545, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 78 Ctx: 1 No. Time Source Destination Protocol Length Info 9578 507.627711000 192.168.100.112 192.168.100.2 TCP 66 49708 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9578: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9579 507.627946000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49708 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9579: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9580 507.627993000 192.168.100.112 192.168.100.2 TCP 54 49708 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9580: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9581 507.632595000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 9581: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 9582 507.632897000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 9582: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 9583 507.633095000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 9583: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 9584 507.633133000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 9584: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 9585 507.633294000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49708 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 9585: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 9586 507.634238000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 9586: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 9587 507.634291000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 9587: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #9588] No. Time Source Destination Protocol Length Info 9588 507.634463000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 9588: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #9587] No. Time Source Destination Protocol Length Info 9589 507.634505000 192.168.100.112 192.168.100.2 TCP 54 49708 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 9589: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49708 (49708), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 9590 507.634553000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49708 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 9590: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49708 (49708), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 9591 507.634612000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 79 Fragment: Single opnum: 3 ctx_id: 1 Frame 9591: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5545, Ack: 5677, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 79 Ctx: 1 No. Time Source Destination Protocol Length Info 9592 507.634804000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 79 Fragment: Single ctx_id: 1 Frame 9592: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 5677, Ack: 5713, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 79 Ctx: 1 No. Time Source Destination Protocol Length Info 9593 507.635395000 192.168.100.112 192.168.100.2 TCP 66 49709 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9593: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9594 507.635634000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49709 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9594: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9595 507.635674000 192.168.100.112 192.168.100.2 TCP 54 49709 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9595: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9596 507.640235000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 9596: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 9597 507.640512000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 9597: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 9598 507.640706000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 9598: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 9599 507.640739000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 9599: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 9600 507.640918000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49709 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 9600: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 9601 507.641554000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 9601: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 9602 507.641605000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 9602: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #9603] No. Time Source Destination Protocol Length Info 9603 507.641741000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 9603: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #9602] No. Time Source Destination Protocol Length Info 9604 507.641780000 192.168.100.112 192.168.100.2 TCP 54 49709 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 9604: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49709 (49709), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 9605 507.641810000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49709 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 9605: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49709 (49709), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 9606 507.643017000 192.168.100.112 192.168.100.2 TCP 66 49710 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9606: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9607 507.643190000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49710 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9607: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49710 (49710), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9608 507.643239000 192.168.100.112 192.168.100.2 TCP 54 49710 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9608: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9609 507.643262000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9609: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9610 507.643603000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9610: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49710 (49710), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9611 507.648324000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9611: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9612 507.648615000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9612: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49710 (49710), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9613 507.648824000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9613: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9614 507.649729000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9614: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49710 (49710), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9615 507.649834000 192.168.100.112 192.168.100.2 TCP 54 49710 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 9615: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49710 (49710), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 9616 507.650707000 192.168.100.112 192.168.100.2 TCP 66 49711 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9616: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9617 507.650863000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49711 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9617: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49711 (49711), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9618 507.650910000 192.168.100.112 192.168.100.2 TCP 54 49711 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9618: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9619 507.650955000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9619: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9620 507.651302000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9620: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49711 (49711), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9621 507.655976000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9621: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9622 507.656262000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9622: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49711 (49711), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9623 507.656452000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9623: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9624 507.657308000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9624: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49711 (49711), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9625 507.657405000 192.168.100.112 192.168.100.2 TCP 54 49711 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 9625: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 9626 507.658386000 192.168.100.112 192.168.100.2 TCP 66 49712 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9626: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9627 507.658566000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49712 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9627: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49712 (49712), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9628 507.658613000 192.168.100.112 192.168.100.2 TCP 54 49712 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9628: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9629 507.658658000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 9629: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9630 507.658978000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 9630: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49712 (49712), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9631 507.663612000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 9631: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9632 507.663925000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 9632: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49712 (49712), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9633 507.664113000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9633: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9634 507.664994000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 9634: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49712 (49712), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 9635 507.665097000 192.168.100.112 192.168.100.2 TCP 54 49712 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 9635: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49712 (49712), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 9636 507.665731000 192.168.100.112 192.168.100.2 TCP 66 49713 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9636: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9637 507.665916000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49713 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 9637: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49713 (49713), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9638 507.665960000 192.168.100.112 192.168.100.2 TCP 54 49713 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 9638: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9639 507.666013000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 9639: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9640 507.666457000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 9640: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49713 (49713), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9641 507.669647000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 9641: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9642 507.670002000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 9642: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49713 (49713), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9643 507.670204000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 9643: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9644 507.671179000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 9644: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49713 (49713), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 9645 507.685038000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=5713 Ack=5849 Win=251 Len=0 Frame 9645: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5713, Ack: 5849, Len: 0 No. Time Source Destination Protocol Length Info 9646 507.725682000 192.168.100.112 192.168.100.2 TCP 54 49713 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 9646: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 9704 511.688156000 192.168.100.112 192.168.100.2 TCP 55 [TCP Keep-Alive] 49291 > microsoft-ds [ACK] Seq=292 Ack=79 Win=253 Len=1 Frame 9704: 55 bytes on wire (440 bits), 55 bytes captured (440 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49291 (49291), Dst Port: microsoft-ds (445), Seq: 292, Ack: 79, Len: 1 Data (1 byte) 0000 00 . No. Time Source Destination Protocol Length Info 9705 511.688363000 192.168.100.2 192.168.100.112 TCP 66 [TCP Keep-Alive ACK] microsoft-ds > 49291 [ACK] Seq=79 Ack=293 Win=251 Len=0 SLE=292 SRE=293 Frame 9705: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49291 (49291), Seq: 79, Ack: 293, Len: 0 No. Time Source Destination Protocol Length Info 9842 519.659886000 192.168.100.112 192.168.100.2 TCP 54 49713 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 9842: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49713 (49713), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 10197 537.617255000 192.168.100.112 192.168.100.2 TCP 66 49714 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10197: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10198 537.617502000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49714 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10198: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49714 (49714), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10199 537.617571000 192.168.100.112 192.168.100.2 TCP 54 49714 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10199: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10200 537.617597000 192.168.100.112 192.168.100.2 SMB 213 Negotiate Protocol Request Frame 10200: 213 bytes on wire (1704 bits), 213 bytes captured (1704 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 159 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10201 537.618143000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 10201: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49714 (49714), Seq: 1, Ack: 160, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10202 537.618180000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 10202: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 160, Ack: 253, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10203 537.618515000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 10203: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49714 (49714), Seq: 253, Ack: 270, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10204 537.623541000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 10204: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 270, Ack: 505, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10205 537.623892000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 10205: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49714 (49714), Seq: 505, Ack: 436, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10206 537.624098000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 10206: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 436, Ack: 824, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10207 537.625446000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 10207: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49714 (49714), Seq: 824, Ack: 1077, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10208 537.625517000 192.168.100.112 192.168.100.2 TCP 54 49714 > microsoft-ds [RST, ACK] Seq=1077 Ack=901 Win=0 Len=0 Frame 10208: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49714 (49714), Dst Port: microsoft-ds (445), Seq: 1077, Ack: 901, Len: 0 No. Time Source Destination Protocol Length Info 10209 537.625694000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 80 Fragment: Single opnum: 3 ctx_id: 1 Frame 10209: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5713, Ack: 5849, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 80 Ctx: 1 No. Time Source Destination Protocol Length Info 10210 537.625977000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 80 Fragment: Single ctx_id: 1 Frame 10210: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 5849, Ack: 5881, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 80 Ctx: 1 No. Time Source Destination Protocol Length Info 10211 537.626628000 192.168.100.112 192.168.100.2 TCP 66 49715 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10211: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10213 537.626789000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49715 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10213: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10214 537.626831000 192.168.100.112 192.168.100.2 TCP 54 49715 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10214: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10216 537.631415000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 10216: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 10217 537.631685000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 10217: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 10218 537.631888000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 10218: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 10219 537.631927000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 10219: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 10220 537.632131000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49715 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 10220: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 10221 537.632829000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 10221: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 10222 537.632881000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 10222: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #10223] No. Time Source Destination Protocol Length Info 10223 537.633074000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 10223: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #10222] No. Time Source Destination Protocol Length Info 10224 537.633115000 192.168.100.112 192.168.100.2 TCP 54 49715 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 10224: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49715 (49715), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 10225 537.633164000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49715 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 10225: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49715 (49715), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 10226 537.633294000 192.168.100.112 192.168.100.2 DCERPC 222 Request: call_id: 81 Fragment: Single opnum: 3 ctx_id: 1 Frame 10226: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 5881, Ack: 6021, Len: 168 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 168, Call: 81 Ctx: 1 No. Time Source Destination Protocol Length Info 10227 537.633498000 192.168.100.2 192.168.100.112 DCERPC 226 Response: call_id: 81 Fragment: Single ctx_id: 1 Frame 10227: 226 bytes on wire (1808 bits), 226 bytes captured (1808 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: epmap (135), Dst Port: 49200 (49200), Seq: 6021, Ack: 6049, Len: 172 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 172, Call: 81 Ctx: 1 No. Time Source Destination Protocol Length Info 10228 537.634079000 192.168.100.112 192.168.100.2 TCP 66 49716 > 49176 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10228: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10229 537.634292000 192.168.100.2 192.168.100.112 TCP 66 49176 > 49716 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10229: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10230 537.634333000 192.168.100.112 192.168.100.2 TCP 54 49716 > 49176 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10230: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10231 537.638888000 192.168.100.112 192.168.100.2 DCERPC 262 Bind: call_id: 2 Fragment: Single, 3 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (64bit NDR), 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (bind time feature negotiation), NTLMSSP_NEGOTIATE Frame 10231: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 1, Ack: 1, Len: 208 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 208, Call: 2 No. Time Source Destination Protocol Length Info 10232 537.639153000 192.168.100.2 192.168.100.112 DCERPC 382 Bind_ack: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 3 results: Provider rejection, Acceptance, Negotiate ACK, NTLMSSP_CHALLENGE Frame 10232: 382 bytes on wire (3056 bits), 382 bytes captured (3056 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 1, Ack: 209, Len: 328 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 328, Call: 2 No. Time Source Destination Protocol Length Info 10233 537.639352000 192.168.100.112 192.168.100.2 DCERPC 566 AUTH3: call_id: 2 Fragment: Single, NTLMSSP_AUTH, User: windows8test\test Frame 10233: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 209, Ack: 329, Len: 512 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 512, Call: 2 No. Time Source Destination Protocol Length Info 10234 537.639385000 192.168.100.112 192.168.100.2 DCERPC 126 Alter_context: call_id: 2 Fragment: Single, 1 context items: 76f03f96-cdfd-44fc-a22c-64950a001209 V1.0 (32bit NDR) Frame 10234: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 721, Ack: 329, Len: 72 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 2 No. Time Source Destination Protocol Length Info 10235 537.639584000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49716 [ACK] Seq=329 Ack=793 Win=65024 Len=0 Frame 10235: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 329, Ack: 793, Len: 0 No. Time Source Destination Protocol Length Info 10236 537.640230000 192.168.100.2 192.168.100.112 DCERPC 110 Alter_context_resp: call_id: 2 Fragment: Single, max_xmit: 5840 max_recv: 5840, 1 results: Acceptance Frame 10236: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 329, Ack: 793, Len: 56 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 2 No. Time Source Destination Protocol Length Info 10237 537.640280000 192.168.100.112 192.168.100.2 DCERPC 310 Request: call_id: 2 Fragment: Single opnum: 0 ctx_id: 0 76f03f96-cdfd-44fc-a22c-64950a001209 V1 Frame 10237: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 793, Ack: 385, Len: 256 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 256, Call: 2 Ctx: 0, [Resp: #10238] No. Time Source Destination Protocol Length Info 10238 537.640438000 192.168.100.2 192.168.100.112 DCERPC 86 Fault: call_id: 2 Fragment: Single ctx_id: 0 status: nca_s_fault_access_denied Frame 10238: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 385, Ack: 1049, Len: 32 Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Fault, Fragment: Single, FragLen: 32, Call: 2, [Req: #10237] No. Time Source Destination Protocol Length Info 10239 537.640476000 192.168.100.112 192.168.100.2 TCP 54 49716 > 49176 [RST, ACK] Seq=1049 Ack=417 Win=0 Len=0 Frame 10239: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49716 (49716), Dst Port: 49176 (49176), Seq: 1049, Ack: 417, Len: 0 No. Time Source Destination Protocol Length Info 10240 537.640500000 192.168.100.2 192.168.100.112 TCP 60 49176 > 49716 [FIN, ACK] Seq=417 Ack=1049 Win=64768 Len=0 Frame 10240: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: 49176 (49176), Dst Port: 49716 (49716), Seq: 417, Ack: 1049, Len: 0 No. Time Source Destination Protocol Length Info 10241 537.641737000 192.168.100.112 192.168.100.2 TCP 66 49717 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10241: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10242 537.641899000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49717 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10242: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49717 (49717), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10243 537.641948000 192.168.100.112 192.168.100.2 TCP 54 49717 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10243: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10244 537.641974000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 10244: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10245 537.642318000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 10245: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49717 (49717), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10246 537.647035000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 10246: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10247 537.647299000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 10247: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49717 (49717), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10248 537.647506000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 10248: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10249 537.648476000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 10249: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49717 (49717), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10250 537.648540000 192.168.100.112 192.168.100.2 TCP 54 49717 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 10250: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49717 (49717), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 10251 537.649471000 192.168.100.112 192.168.100.2 TCP 66 49718 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10251: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10252 537.649665000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49718 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10252: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49718 (49718), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10253 537.649711000 192.168.100.112 192.168.100.2 TCP 54 49718 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10253: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10254 537.649756000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 10254: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10255 537.650047000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 10255: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49718 (49718), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10256 537.654717000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 10256: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10257 537.654974000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 10257: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49718 (49718), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10258 537.655162000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 10258: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10259 537.656055000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 10259: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49718 (49718), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10260 537.656115000 192.168.100.112 192.168.100.2 TCP 54 49718 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 10260: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49718 (49718), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 10261 537.657128000 192.168.100.112 192.168.100.2 TCP 66 49719 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10261: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10262 537.657361000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49719 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10262: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49719 (49719), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10263 537.657407000 192.168.100.112 192.168.100.2 TCP 54 49719 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10263: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10264 537.657452000 192.168.100.112 192.168.100.2 SMB2 164 NegotiateProtocol Request Frame 10264: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 110 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10265 537.657782000 192.168.100.2 192.168.100.112 SMB2 306 NegotiateProtocol Response Frame 10265: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49719 (49719), Seq: 1, Ack: 111, Len: 252 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10266 537.662462000 192.168.100.112 192.168.100.2 SMB2 220 SessionSetup Request, NTLMSSP_NEGOTIATE Frame 10266: 220 bytes on wire (1760 bits), 220 bytes captured (1760 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 111, Ack: 253, Len: 166 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10267 537.662745000 192.168.100.2 192.168.100.112 SMB2 373 SessionSetup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Frame 10267: 373 bytes on wire (2984 bits), 373 bytes captured (2984 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49719 (49719), Seq: 253, Ack: 277, Len: 319 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10268 537.662936000 192.168.100.112 192.168.100.2 SMB2 695 SessionSetup Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 10268: 695 bytes on wire (5560 bits), 695 bytes captured (5560 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 277, Ack: 572, Len: 641 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10269 537.663937000 192.168.100.2 192.168.100.112 SMB2 131 SessionSetup Response, Error: STATUS_LOGON_FAILURE Frame 10269: 131 bytes on wire (1048 bits), 131 bytes captured (1048 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49719 (49719), Seq: 572, Ack: 918, Len: 77 NetBIOS Session Service SMB2 (Server Message Block Protocol version 2) No. Time Source Destination Protocol Length Info 10270 537.664033000 192.168.100.112 192.168.100.2 TCP 54 49719 > microsoft-ds [RST, ACK] Seq=918 Ack=649 Win=0 Len=0 Frame 10270: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49719 (49719), Dst Port: microsoft-ds (445), Seq: 918, Ack: 649, Len: 0 No. Time Source Destination Protocol Length Info 10271 537.664692000 192.168.100.112 192.168.100.2 TCP 66 49720 > microsoft-ds [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10271: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10272 537.664877000 192.168.100.2 192.168.100.112 TCP 66 microsoft-ds > 49720 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 10272: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49720 (49720), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10273 537.664924000 192.168.100.112 192.168.100.2 TCP 54 49720 > microsoft-ds [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 10273: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10274 537.664957000 192.168.100.112 192.168.100.2 SMB 191 Negotiate Protocol Request Frame 10274: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10275 537.665358000 192.168.100.2 192.168.100.112 SMB 263 Negotiate Protocol Response Frame 10275: 263 bytes on wire (2104 bits), 263 bytes captured (2104 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49720 (49720), Seq: 1, Ack: 138, Len: 209 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10276 537.668556000 192.168.100.112 192.168.100.2 SMB 196 Session Setup AndX Request, NTLMSSP_NEGOTIATE Frame 10276: 196 bytes on wire (1568 bits), 196 bytes captured (1568 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 138, Ack: 210, Len: 142 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10277 537.668856000 192.168.100.2 192.168.100.112 SMB 490 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 10277: 490 bytes on wire (3920 bits), 490 bytes captured (3920 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49720 (49720), Seq: 210, Ack: 280, Len: 436 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10278 537.669056000 192.168.100.112 192.168.100.2 SMB 670 Session Setup AndX Request, NTLMSSP_AUTH, User: windows8test\test, Unknown message type Frame 10278: 670 bytes on wire (5360 bits), 670 bytes captured (5360 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 280, Ack: 646, Len: 616 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10279 537.669999000 192.168.100.2 192.168.100.112 SMB 93 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Frame 10279: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface 0 Ethernet II, Src: Dell_43:cf:41 (00:1e:c9:43:cf:41), Dst: Dell_57:dd:68 (00:23:ae:57:dd:68) Internet Protocol Version 4, Src: 192.168.100.2 (192.168.100.2), Dst: 192.168.100.112 (192.168.100.112) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 49720 (49720), Seq: 646, Ack: 896, Len: 39 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 10280 537.693614000 192.168.100.112 192.168.100.2 TCP 54 49200 > epmap [ACK] Seq=6049 Ack=6193 Win=256 Len=0 Frame 10280: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49200 (49200), Dst Port: epmap (135), Seq: 6049, Ack: 6193, Len: 0 No. Time Source Destination Protocol Length Info 10283 537.724800000 192.168.100.112 192.168.100.2 TCP 54 49720 > microsoft-ds [ACK] Seq=896 Ack=685 Win=64768 Len=0 Frame 10283: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0 No. Time Source Destination Protocol Length Info 10698 549.674601000 192.168.100.112 192.168.100.2 TCP 54 49720 > microsoft-ds [RST, ACK] Seq=896 Ack=685 Win=0 Len=0 Frame 10698: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Dell_57:dd:68 (00:23:ae:57:dd:68), Dst: Dell_43:cf:41 (00:1e:c9:43:cf:41) Internet Protocol Version 4, Src: 192.168.100.112 (192.168.100.112), Dst: 192.168.100.2 (192.168.100.2) Transmission Control Protocol, Src Port: 49720 (49720), Dst Port: microsoft-ds (445), Seq: 896, Ack: 685, Len: 0