Frame 6711: Packet, 314 bytes on wire (2512 bits), 314 bytes captured (2512 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar 19, 2019 02:44:56.336651000 UTC
    UTC Arrival Time: Mar 19, 2019 02:44:56.336651000 UTC
    Epoch Arrival Time: 1552963496.336651000
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 626.000 microseconds]
    [Time since reference or first frame: 1 hour, 699.885000 milliseconds]
    Frame Number: 6711
    Frame Length: 314 bytes (2512 bits)
    Capture Length: 314 bytes (2512 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:nbss:smb2:gss-api:spnego:spnego-krb5]
    Character encoding: ASCII (0)
Ethernet II, Src: Dell_c2:09:6a (a4:1f:72:c2:09:6a), Dst: Intel_57:2b:42 (64:32:a8:57:2b:42)
    Destination: Intel_57:2b:42 (64:32:a8:57:2b:42)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Dell_c2:09:6a (a4:1f:72:c2:09:6a)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
    [Stream index: 1]
Internet Protocol Version 4, Src: 10.0.90.9, Dst: 10.0.90.215
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 300
    Identification: 0x3251 (12881)
    010. .... = Flags: 0x2, Don't fragment
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: TCP (6)
    Header Checksum: 0x8aeb [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 10.0.90.9
    Destination Address: 10.0.90.215
    [Stream index: 1]
Transmission Control Protocol, Src Port: 445, Dst Port: 49240, Seq: 505, Ack: 3560, Len: 260
    Source Port: 445
    Destination Port: 49240
    [Stream index: 84]
    [Stream Packet Number: 12]
    [Conversation completeness: Incomplete, DATA (15)]
        ..0. .... = RST: Absent
        ...0 .... = FIN: Absent
        .... 1... = Data: Present
        .... .1.. = ACK: Present
        .... ..1. = SYN-ACK: Present
        .... ...1 = SYN: Present
        [Completeness Flags: ··DASS]
    [TCP Segment Len: 260]
    Sequence Number: 505    (relative sequence number)
    Sequence Number (raw): 3532815476
    [Next Sequence Number: 765    (relative sequence number)]
    Acknowledgment Number: 3560    (relative ack number)
    Acknowledgment number (raw): 2502892136
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Accurate ECN: Not set
        .... 0... .... = Congestion Window Reduced: Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······AP···]
    Window: 255
    [Calculated window size: 65280]
    [Window size scaling factor: 256]
    Checksum: 0xc899 [unverified]
    [Checksum Status: Unverified]
    Urgent Pointer: 0
    [Timestamps]
        [Time since first frame in this TCP stream: 3.460000 milliseconds]
        [Time since previous frame in this TCP stream: 626.000 microseconds]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 6710]
        [The RTT to ACK the segment was: 626.000 microseconds]
        [iRTT: 569.000 microseconds]
        [Bytes in flight: 260]
        [Bytes sent since last PSH flag: 260]
    [Client Contiguous Streams: 1]
    [Server Contiguous Streams: 1]
    TCP payload (260 bytes)
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 256
SMB2 (Server Message Block Protocol version 2), Session Setup Response, MessageId 2
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 1
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Session Setup (1)
        Credits granted: 31
        Flags: 0x00000009, Response, Signing
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 2
        Reserved: 0x0000feff
        Tree Id: 0x00000000
        Session Id: 0x000004000c00000d
        Signature: c2d1343477bbf689f77f78ad4299abcb
        [Response to: 6707]
        [Time from request: 929.000 microseconds]
    Session Setup Response (0x01)
        [Preauth Hash: e6e8faf7ab8d7dced6d0f5f180f1fc60d80667814ab7f15c8c72df925af566c7b65ad6d8ffc35e5dbb160205a71205643d9f7c66d6827a19fab387303c008059]
        StructureSize: 0x0009
            0000 0000 0000 100. = Fixed Part Length: 4
            .... .... .... ...1 = Dynamic Part: True
        Session Flags: 0x0000
            .... .... .... ...0 = Guest: False
            .... .... .... ..0. = Null: False
            .... .... .... .0.. = Encrypt: False
        Blob Offset: 0x00000048
        Blob Length: 184
        Security Blob […]: a181b53081b2a0030a0100a10b06092a864882f712010202a2819d04819a60819706092a864886f71201020202006f8187308184a003020105a10302010fa2783076a003020112a26f046d4200689f8aba7e4dbb5fc4bc0cf3f3ca2e262ff6e8b78f77c9221121db3bae020eab
            GSS-API Generic Security Service Application Program Interface
                Simple Protected Negotiation
                    negTokenTarg
                        negResult: accept-completed (0)
                        supportedMech: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
                        responseToken […]: 60819706092a864886f71201020202006f8187308184a003020105a10302010fa2783076a003020112a26f046d4200689f8aba7e4dbb5fc4bc0cf3f3ca2e262ff6e8b78f77c9221121db3bae020eab6a9003a91e94e02e56d2368513e11bd663a1bc065d132c15a9aa5e97244b
                        krb5_blob […]: 60819706092a864886f71201020202006f8187308184a003020105a10302010fa2783076a003020112a26f046d4200689f8aba7e4dbb5fc4bc0cf3f3ca2e262ff6e8b78f77c9221121db3bae020eab6a9003a91e94e02e56d2368513e11bd663a1bc065d132c15a9aa5e97244ba1b7
                            KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                            krb5_tok_id: KRB5_AP_REP (0x0002)
                            Kerberos
                                ap-rep
                                    pvno: 5
                                    msg-type: krb-ap-rep (15)
                                    enc-part
                                        etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
                                        cipher: 4200689f8aba7e4dbb5fc4bc0cf3f3ca2e262ff6e8b78f77c9221121db3bae020eab6a9003a91e94e02e56d2368513e11bd663a1bc065d132c15a9aa5e97244ba1b7399f950f4111a3a1c5c7ae1757c0213103719e7c65397325cfaa60227781098d2b62acc0bbf5dc435060a2