Frame 219: 280 bytes on wire (2240 bits), 280 bytes captured (2240 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar 19, 2019 01:44:56.230758000 UTC
    UTC Arrival Time: Mar 19, 2019 01:44:56.230758000 UTC
    Epoch Arrival Time: 1552959896.230758000
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.000363000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.593992000 seconds]
    Frame Number: 219
    Frame Length: 280 bytes (2240 bits)
    Capture Length: 280 bytes (2240 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb2]
Ethernet II, Src: Dell_c2:09:6a (a4:1f:72:c2:09:6a), Dst: Intel_57:2b:42 (64:32:a8:57:2b:42)
    Destination: Intel_57:2b:42 (64:32:a8:57:2b:42)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Dell_c2:09:6a (a4:1f:72:c2:09:6a)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
    [Stream index: 1]
Internet Protocol Version 4, Src: 10.0.90.9, Dst: 10.0.90.215
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 266
    Identification: 0x26e2 (9954)
    010. .... = Flags: 0x2, Don't fragment
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: TCP (6)
    Header Checksum: 0x967c [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 10.0.90.9
    Destination Address: 10.0.90.215
    [Stream index: 1]
Transmission Control Protocol, Src Port: 445, Dst Port: 49157, Seq: 1075, Ack: 3972, Len: 226
    Source Port: 445
    Destination Port: 49157
    [Stream index: 2]
    [Stream Packet Number: 19]
    [Conversation completeness: Incomplete, DATA (15)]
        ..0. .... = RST: Absent
        ...0 .... = FIN: Absent
        .... 1... = Data: Present
        .... .1.. = ACK: Present
        .... ..1. = SYN-ACK: Present
        .... ...1 = SYN: Present
        [Completeness Flags: ··DASS]
    [TCP Segment Len: 226]
    Sequence Number: 1075    (relative sequence number)
    Sequence Number (raw): 3641736550
    [Next Sequence Number: 1301    (relative sequence number)]
    Acknowledgment Number: 3972    (relative ack number)
    Acknowledgment number (raw): 1248739998
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Accurate ECN: Not set
        .... 0... .... = Congestion Window Reduced: Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······AP···]
    Window: 253
    [Calculated window size: 64768]
    [Window size scaling factor: 256]
    Checksum: 0x3ea5 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [Timestamps]
        [Time since first frame in this TCP stream: 0.457928000 seconds]
        [Time since previous frame in this TCP stream: 0.000363000 seconds]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 218]
        [The RTT to ACK the segment was: 0.000363000 seconds]
        [iRTT: 0.001068000 seconds]
        [Bytes in flight: 226]
        [Bytes sent since last PSH flag: 226]
    TCP payload (226 bytes)
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 222
SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 1
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Ioctl (11)
        Credits granted: 1
        Flags: 0x00000009, Response, Signing
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 5
        Reserved: 0x0000feff
        Tree Id: 0x00000001  \\LittleTigers-DC.littletigers.info\IPC$
            [Tree: \\LittleTigers-DC.littletigers.info\IPC$]
            [Share Type: Named pipe (0x02)]
            [Connected in Frame: 136]
        Session Id: 0x000004000400007d
            [Authenticated in Frame: 132]
        Signature: 181066397f7b2acfa7d879a193d0eb03
        [Response to: 218]
        [Time from request: 0.000363000 seconds]
    Ioctl Response (0x0b)
        StructureSize: 0x0031
            0000 0000 0011 000. = Fixed Part Length: 24
            .... .... .... ...1 = Dynamic Part: True
        Reserved: 0000
        Function: FSCTL_DFS_GET_REFERRALS (0x00060194)
            0000 0000 0000 0110 .... .... .... .... = Device: DFS (0x0006)
            .... .... .... .... 00.. .... .... .... = Access: FILE_ANY_ACCESS (0x0)
            .... .... .... .... ..00 0001 1001 01.. = Function: 0x065
            .... .... .... .... .... .... .... ..00 = Method: METHOD_BUFFERED (0x0)
        GUID handle
            File Id: ffffffff-ffff-ffff-ffff-ffffffffffff
        Flags: 0x00000000
        Reserved: 00000000
        Blob Offset: 0x00000070
        Blob Length: 0
        In Data: NO DATA
        Blob Offset: 0x00000070
        Blob Length: 110
        Out Data
            Path Consumed: 0
            Num Referrals: 2
            Flags: 0x0000
                .... .... .... ..0. = Hold Storage: Referral server does NOT hold storage for the file
                .... .... .... ...0 = Fielding: The server in referrals is NOT fielding capable
            Padding: 0000
            Referrals
                Referral
                    Version: 3
                    Size: 18
                    Server Type: Non-root targets returned (0)
                    Flags: 0x0002, NameListReferral
                        .... .... .... ..1. = NameListReferral: A domain/DC referral response
                        .... .... .... .0.. = TargetSetBoundary: NOT the first target in the target set
                    TTL: 600
                    Domain Offset: 36
                    Number of Expanded Names: 0
                    Expanded Names Offset: 0
                    Domain Name: \littletigers.info
                Referral
                    Version: 3
                    Size: 18
                    Server Type: Non-root targets returned (0)
                    Flags: 0x0002, NameListReferral
                        .... .... .... ..1. = NameListReferral: A domain/DC referral response
                        .... .... .... .0.. = TargetSetBoundary: NOT the first target in the target set
                    TTL: 600
                    Domain Offset: 56
                    Number of Expanded Names: 0
                    Expanded Names Offset: 0
                    Domain Name: \LITTLETIGERS