Frame 18: 322 bytes on wire (2576 bits), 322 bytes captured (2576 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:44:55.766776000 UTC UTC Arrival Time: Mar 19, 2019 01:44:55.766776000 UTC Epoch Arrival Time: 1552959895.766776000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.000252000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.130010000 seconds] Frame Number: 18 Frame Length: 322 bytes (2576 bits) Capture Length: 322 bytes (2576 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:dcerpc] Ethernet II, Src: Dell_c2:09:6a (a4:1f:72:c2:09:6a), Dst: Intel_57:2b:42 (64:32:a8:57:2b:42) Destination: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.9, Dst: 10.0.90.215 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 308 Identification: 0x2682 (9858) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0x96b2 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.9 Destination Address: 10.0.90.215 [Stream index: 1] Transmission Control Protocol, Src Port: 135, Dst Port: 49155, Seq: 109, Ack: 329, Len: 268 Source Port: 135 Destination Port: 49155 [Stream index: 0] [Stream Packet Number: 7] [Conversation completeness: Incomplete, DATA (15)] ..0. .... = RST: Absent ...0 .... = FIN: Absent .... 1... = Data: Present .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: ··DASS] [TCP Segment Len: 268] Sequence Number: 109 (relative sequence number) Sequence Number (raw): 2278782265 [Next Sequence Number: 377 (relative sequence number)] Acknowledgment Number: 329 (relative ack number) Acknowledgment number (raw): 2231733891 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 255 [Calculated window size: 65280] [Window size scaling factor: 256] Checksum: 0x2a1c [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.005203000 seconds] [Time since previous frame in this TCP stream: 0.000252000 seconds] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 17] [The RTT to ACK the segment was: 0.000252000 seconds] [iRTT: 0.001762000 seconds] [Bytes in flight: 268] [Bytes sent since last PSH flag: 268] TCP payload (268 bytes) [PDU Size: 268] Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 268, Call: 2, Ctx: 1, [Req: #17] Version: 5 Version (minor): 0 Packet type: Response (2) Packet Flags: 0x03 0... .... = Object: Not set .0.. .... = Maybe: Not set ..0. .... = Did Not Execute: Not set ...0 .... = Multiplex: Not set .... 0... = Reserved: Not set .... .0.. = Cancel Pending: Not set .... ..1. = Last Frag: Set .... ...1 = First Frag: Set Data Representation: 10000000 (Order: Little-endian, Char: ASCII, Float: IEEE) Byte order: Little-endian (1) Character: ASCII (0) Floating-point: IEEE (0) Frag Length: 268 Auth Length: 0 Call ID: 2 Alloc hint: 244 Context ID: 1 Cancel count: 0 [Opnum: 3] [Request in frame: 17] [Time from request: 0.000252000 seconds] Complete stub data (244 bytes) Payload stub data (244 bytes) DCE/RPC Endpoint Mapper, Map Operation: Map (3) [Request in frame: 17] Handle: 0000000000000000000000000000000000000000 Num Towers: 2 Tower array: Max Count: 4 Offset: 0 Actual Count: 2 Tower pointer: Referent ID: 0x0000000000000003 Length: 75 Length: 75 Number of floors: 5 Floor 1 UUID: RPC_NETLOGON LHS Length: 19 Protocol: UUID (0x0d) UUID: RPC_NETLOGON (12345678-1234-abcd-ef00-01234567cffb) Version: 1.00 RHS Length: 2 Version Minor: 0 Floor 2 UUID: 32bit NDR LHS Length: 19 Protocol: UUID (0x0d) UUID: 32bit NDR (8a885d04-1ceb-11c9-9fe8-08002b104860) Version: 2.00 RHS Length: 2 Version Minor: 0 Floor 3 RPC connection-oriented protocol LHS Length: 1 Protocol: RPC connection-oriented protocol (0x0b) RHS Length: 2 Floor 4 TCP Port:49158 LHS Length: 1 Protocol: DOD TCP (0x07) RHS Length: 2 TCP Port: 49158 Floor 5 IP:10.0.90.9 LHS Length: 1 Protocol: DOD IP (0x09) RHS Length: 4 IP: 10.0.90.9 Tower pointer: Referent ID: 0x0000000000000004 NDR-Padding: 00 Length: 75 Length: 75 Number of floors: 5 Floor 1 UUID: RPC_NETLOGON LHS Length: 19 Protocol: UUID (0x0d) UUID: RPC_NETLOGON (12345678-1234-abcd-ef00-01234567cffb) Version: 1.00 RHS Length: 2 Version Minor: 0 Floor 2 UUID: 32bit NDR LHS Length: 19 Protocol: UUID (0x0d) UUID: 32bit NDR (8a885d04-1ceb-11c9-9fe8-08002b104860) Version: 2.00 RHS Length: 2 Version Minor: 0 Floor 3 RPC connection-oriented protocol LHS Length: 1 Protocol: RPC connection-oriented protocol (0x0b) RHS Length: 2 Floor 4 TCP Port:49155 LHS Length: 1 Protocol: DOD TCP (0x07) RHS Length: 2 TCP Port: 49155 Floor 5 IP:10.0.90.9 LHS Length: 1 Protocol: DOD IP (0x09) RHS Length: 4 IP: 10.0.90.9 Return code: 0x00000000