No. Time Source Destination Protocol Info
246 160.296246 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362521 TSER=783152
Frame 246 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
247 160.569445 172.16.0.83 172.16.0.41 TCP 58851 > epmap [FIN, ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362794 TSER=783152
Frame 247 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
248 160.569751 172.16.0.41 172.16.0.83 TCP epmap > 58851 [ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 248 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
249 160.569765 172.16.0.41 172.16.0.83 TCP epmap > 58851 [FIN, ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 249 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
250 160.569771 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=570 Ack=920 Win=8320 Len=0 TSV=1627362795 TSER=783155
Frame 250 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 570, Ack: 920, Len: 0
No. Time Source Destination Protocol Info
251 160.629534 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1627362854 TSER=0 WS=7
Frame 251 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
252 160.629716 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 252 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
253 160.629734 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=1627362855 TSER=0
Frame 253 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
254 160.650307 172.16.0.83 172.16.0.41 DCERPC Bind: call_id: 0 IRemUnknown2 V0.0, NTLMSSP_NEGOTIATE
Frame 254 (200 bytes on wire, 200 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 134
DCE RPC Bind, Fragment: Single, FragLen: 134, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 134
Auth Length: 54
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Ctx Item[1]: ID:0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207
Calling workstation domain: SG5.TKN
Calling workstation name: JCIFS200_185_22
No. Time Source Destination Protocol Info
255 160.672469 172.16.0.41 172.16.0.83 DCERPC Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
Frame 255 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 1, Ack: 135, Len: 206
DCE RPC Bind_ack, Fragment: Single, FragLen: 206, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 206
Auth Length: 138
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0001212f
Scndry Addr len: 5
Scndry Addr: 2903
Num results: 1
Context ID[1]
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: SG5
Flags: 0xa0898205
NTLM Challenge: 2491D4F2BCF59323
Reserved: 0000000000000000
Address List
Length: 84
Maxlen: 84
Offset: 54
Domain NetBIOS Name: SG5
Server NetBIOS Name: AA01CS1
Domain DNS Name: SG5.TKN
Server DNS Name: AA01CS1.SG5.TKN
List Terminator
No. Time Source Destination Protocol Info
256 160.672493 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=135 Ack=207 Win=6912 Len=0 TSV=1627362897 TSER=783156
Frame 256 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 0
No. Time Source Destination Protocol Info
257 160.723453 172.16.0.83 172.16.0.41 DCERPC AUTH3: call_id: 0, NTLMSSP_AUTH, User: SG5.TKN\Administrator
Frame 257 (276 bytes on wire, 276 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 210
DCE RPC AUTH3, Fragment: Single, FragLen: 210, Call: 0
Version: 5
Version (minor): 0
Packet type: AUTH3 (16)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 210
Auth Length: 182
Call ID: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: F3A1D61EAE62838D00000000000000000000000000000000
NTLM Response: 9DDA9E2ADBE00C13ADD86086B925C5BC971F7A6AA6E3A26A
Domain name: SG5.TKN
User name: Administrator
Host name: JCIFS200_185_22
Session Key: Empty
Flags: 0xa0898205
No. Time Source Destination Protocol Info
258 160.921286 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=207 Ack=345 Win=63896 Len=0 TSV=783159 TSER=1627362948
Frame 258 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 345, Len: 0
No. Time Source Destination Protocol Info
259 160.921304 172.16.0.83 172.16.0.41 IRemUnknown2 RemAddRef request
Frame 259 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 345, Ack: 207, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 1 Ctx: 0, [Resp: #260]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 1
Alloc hint: 80
Context ID: 0
Opnum: 4
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 260]
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
260 160.923548 172.16.0.41 172.16.0.83 IRemUnknown2 RemAddRef response
Frame 260 (146 bytes on wire, 146 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 465, Len: 80
DCE RPC Response, Fragment: Single, FragLen: 80, Call: 1 Ctx: 0, [Req: #259]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 80
Auth Length: 16
Call ID: 1
Alloc hint: 20
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 12
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 4
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 259]
[Time from request: 0.002244000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
261 160.923566 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=465 Ack=287 Win=6912 Len=0 TSV=1627363148 TSER=783159
Frame 261 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 0
No. Time Source Destination Protocol Info
264 161.044701 172.16.0.83 172.16.0.41 IRemUnknown2 RemRelease request Cnt=1 Refs=10-0[Long frame (16 bytes)]
Frame 264 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 2 Ctx: 0, [Resp: #265]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 2
Alloc hint: 80
Context ID: 0
Opnum: 5
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 265]
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
265 161.046438 172.16.0.41 172.16.0.83 IRemUnknown2 RemRelease response -> S_OK
Frame 265 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 287, Ack: 585, Len: 64
DCE RPC Response, Fragment: Single, FragLen: 64, Call: 2 Ctx: 0, [Req: #264]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 64
Auth Length: 16
Call ID: 2
Alloc hint: 12
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 4
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 5
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 264]
[Time from request: 0.001737000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
266 161.046454 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363271 TSER=783160
Frame 266 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
267 161.065776 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [FIN, ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 267 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
268 161.065940 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 268 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
269 161.065948 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [FIN, ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 269 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
270 161.065953 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=586 Ack=352 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 270 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 586, Ack: 352, Len: 0