Frame 10: Packet, 245 bytes on wire (1960 bits), 245 bytes captured (1960 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:44:55.664506000 UTC UTC Arrival Time: Mar 19, 2019 01:44:55.664506000 UTC Epoch Arrival Time: 1552959895.664506000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 130.000 microseconds] [Time since reference or first frame: 27.740000 milliseconds] Frame Number: 10 Frame Length: 245 bytes (1960 bits) Capture Length: 245 bytes (1960 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:cldap] Character encoding: ASCII (0) Ethernet II, Src: Dell_c2:09:6a (a4:1f:72:c2:09:6a), Dst: Intel_57:2b:42 (64:32:a8:57:2b:42) Destination: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.9, Dst: 10.0.90.215 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 231 Identification: 0x267f (9855) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: UDP (17) Header Checksum: 0x96f7 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.9 Destination Address: 10.0.90.215 [Stream index: 1] User Datagram Protocol, Src Port: 389, Dst Port: 55335 Source Port: 389 Destination Port: 55335 Length: 211 Checksum: 0xbc72 [unverified] [Checksum Status: Unverified] [Stream index: 4] [Stream Packet Number: 2] [Timestamps] [Time since first frame: 194.000 microseconds] [Time since previous frame: 194.000 microseconds] UDP payload (203 bytes) Connectionless Lightweight Directory Access Protocol LDAPMessage searchResEntry(2) "" [1 result] messageID: 2 protocolOp: searchResEntry (4) searchResEntry objectName: attributes: 1 item PartialAttributeList item netlogon type: netlogon vals: 1 item Operation code: LOGON_SAM_LOGON_RESPONSE_EX (23) Flags […]: 0x000033fd, WDC: Domain controller is a Windows 2008 writable NC, Good Time Serv: This dc has a GOOD TIME SERVICE (i.e. hardware clock), Writable: This dc is WRITABLE, Closest: This server is in the same site as the client, Ti 0... .... .... .... .... .... .... .... = FDC: The NC is not the default forest NC (Windows 2008) .0.. .... .... .... .... .... .... .... = DNC: The NC is not the default NC (Windows 2008) ..0. .... .... .... .... .... .... .... = DNS: Server name is not in DNS format (Windows 2008) .... .... .... .... ...1 .... .... .... = WDC: Domain controller is a Windows 2008 writable NC .... .... .... .... .... 0... .... .... = RODC: Domain controller is not a Windows 2008 RODC .... .... .... .... .... .0.. .... .... = NDNC: Domain is NOT non-domain nc serviced by ldap server .... .... .... .... .... ..1. .... .... = Good Time Serv: This dc has a GOOD TIME SERVICE (i.e. hardware clock) .... .... .... .... .... ...1 .... .... = Writable: This dc is WRITABLE .... .... .... .... .... .... 1... .... = Closest: This server is in the same site as the client .... .... .... .... .... .... .1.. .... = Time Serv: This dc is running TIME SERVICES (ntp) .... .... .... .... .... .... ..1. .... = KDC: This is a KDC (kerberos) .... .... .... .... .... .... ...1 .... = DS: This dc supports DS .... .... .... .... .... .... .... 1... = LDAP: This is an LDAP server .... .... .... .... .... .... .... .1.. = GC: This is a GLOBAL CATALOGUE of forest .... .... .... .... .... .... .... ...1 = PDC: This is a PDC Domain GUID: a17a7bf6-4421-4d0e-bf41-825efa7e1b99 Forest: littletigers.info Domain: littletigers.info Hostname: LittleTigers-DC.littletigers.info NetBIOS Domain: LITTLETIGERS NetBIOS Hostname: LITTLETIGERS-DC Username: Server Site: Default-First-Site-Name Client Site: Default-First-Site-Name Version Flags: 0x00000005, V1: Client requested version 1 netlogon response, V5EX: Client requested version 5 extended netlogon response .... .... .... .... .... .... .... ...1 = V1: Client requested version 1 netlogon response .... .... .... .... .... .... .... ..0. = V5: Version 5 netlogon response not requested .... .... .... .... .... .... .... .1.. = V5EX: Client requested version 5 extended netlogon response .... .... .... .... .... .... .... 0... = V5EP: IP address of server not requested .... .... .... .... .... .... ...0 .... = VCS: Closest site information not requested .... ...0 .... .... .... .... .... .... = VNT4: Only full AD DS requested ...0 .... .... .... .... .... .... .... = VPDC: Primary Domain Controller not requested ..0. .... .... .... .... .... .... .... = VIP: IP details not requested (obsolete) .0.. .... .... .... .... .... .... .... = VL: Client is not the local machine 0... .... .... .... .... .... .... .... = VGC: Global Catalog not requested LM Token: 0xffff NT Token: 0xffff [Response To: 8] [Time: 194.000 microseconds] LDAPMessage searchResDone(2) success [1 result] messageID: 2 protocolOp: searchResDone (5) searchResDone resultCode: success (0) matchedDN: errorMessage: [Response To: 8] [Time: 194.000 microseconds]