Access to ABB IndustrialIT
129 views
Skip to first unread message
Josef Rick
Jul 14, 2014, 9:35:37 AM7/14/14
to open...@googlegroups.com
Comming back to the question: Does some have a running application ?
Thanks for answeres
Josef
Thanks for answeres
Josef
Jens Reimann
Jul 14, 2014, 10:30:34 AM7/14/14
to open...@googlegroups.com
Hi,
If you mean a working connection with Utgard to ABB 800xA? Then the answer is: yes!
If you mean a working connection with Utgard to ABB 800xA? Then the answer is: yes!
--
You received this message because you are subscribed to the Google Groups "openSCADA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openscada+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Josef Rick
Jul 14, 2014, 11:36:49 AM7/14/14
to open...@googlegroups.com
Hi,
yes that my question.
I heard from some other OPC Client Application, which now use a bridge to connect.
ABB: Do you use utgrad from the same system, where the OPC server runs ?
Or do you use a remote system, like me ?
with regrads
Josef
Date: Mon, 14 Jul 2014 16:30:33 +0200
Subject: Re: [openSCADA] Access to ABB IndustrialIT
From: ctro...@gmail.com
To: open...@googlegroups.com
yes that my question.
I heard from some other OPC Client Application, which now use a bridge to connect.
ABB: Do you use utgrad from the same system, where the OPC server runs ?
Or do you use a remote system, like me ?
with regrads
Josef
Date: Mon, 14 Jul 2014 16:30:33 +0200
Subject: Re: [openSCADA] Access to ABB IndustrialIT
From: ctro...@gmail.com
To: open...@googlegroups.com
Jens Reimann
Jul 14, 2014, 11:53:58 AM7/14/14
to open...@googlegroups.com
Hi,
there is no bridge involved. The OPC Utgard application runs on a Linux (RHEL) machine an connects to some ABB server. However I don't know much about their setup since this is not our part. I think it sine version of windows server.
Jens
Josef Rick
Jul 14, 2014, 12:35:34 PM7/14/14
to open...@googlegroups.com
hm,
running utgard on a linux server: thats the final solution, where we are going.
In first step I tried to use a Windows Client, thinking this way is easier to setup, but I stopped here.
Do you think, it is easier to connect from Linux ?
Josef
Date: Mon, 14 Jul 2014 17:53:58 +0200
Subject: RE: [openSCADA] Access to ABB IndustrialIT
running utgard on a linux server: thats the final solution, where we are going.
In first step I tried to use a Windows Client, thinking this way is easier to setup, but I stopped here.
Do you think, it is easier to connect from Linux ?
Josef
Date: Mon, 14 Jul 2014 17:53:58 +0200
Subject: RE: [openSCADA] Access to ABB IndustrialIT
Jens Reimann
Jul 14, 2014, 12:37:40 PM7/14/14
to open...@googlegroups.com
Well if you access then it is irrelevant from my point of view. You do need remote dcom access anyway. It is best to use the ClassId instead of the prog id . so you don't need to worry about remote registry support.
Josef Rick
Jul 14, 2014, 12:56:40 PM7/14/14
to open...@googlegroups.com
at the moment, it does not work ...all the time.
I tried some configuration, with info from here, but no access -- and no success
Date: Mon, 14 Jul 2014 18:37:39 +0200
I tried some configuration, with info from here, but no access -- and no success
Date: Mon, 14 Jul 2014 18:37:39 +0200
Jens Reimann
Jul 14, 2014, 1:05:12 PM7/14/14
to open...@googlegroups.com
Well no access is a Problem on the Server side.
http://stackoverflow.com/questions/18076924/utgard-acces-denied
http://j-interop.org/quickstart.html
https://wiki.jenkins-ci.org/display/JENKINS/Windows+slaves+fail+to+start+via+DCOM
I would suggest you make a test example setup. Open up all barriers (firewall, dcom access, ...) And try again. Maybe even without ABB. Just for testing. Once you got it, compare setting by setting to fix your server setup.
Josef Rick
Jul 14, 2014, 1:21:37 PM7/14/14
to open...@googlegroups.com
Thats a nice idea,
We copy the system, so we can test it.
We will inform you.
Thanks
Josef
Date: Mon, 14 Jul 2014 19:05:11 +0200
We copy the system, so we can test it.
We will inform you.
Thanks
Josef
Date: Mon, 14 Jul 2014 19:05:11 +0200
Josef Rick
Aug 7, 2014, 10:17:22 AM8/7/14
to open...@googlegroups.com
Hi to all,
actual state:
the server ist still windows
the client is now Centos (RHel) running utgard.
but the results are still the same...bad.
it seems the RemoteActivation is the first problem, the connection ist closed and reestablished
the connection works up to RemAddRef and after theresponse, the client closed the connection second.
I change to ClassId and do some checks:
The classId from the client must be right. If I use the wrong ClassId, the result was CLASSNOTREG (0x80040154)
if I used the right ClassId I got:
DCOM IRemoteActivation, RemoteActivation
Operation: RemoteActivation (0)
[Request in frame: 39]
DCOM, ORPCThat
OXID: 0x40b7ee030000019f
OxidBindings: STRINGBINDINGs=3, SECURITYBINDINGs=5
IPID: 00000003-04e0-059c-bea1-2ee50b04e16c
AuthnHint: 4
VersionMajor: 5
VersionMinor: 6
HResult: S_OK (0x00000000)
InterfaceData
HResult[1]: S_OK (0x00000000)
HResult[2]: E_NOINTERFACE (0x80004002)
HResult: S_OK (0x00000000)
So my question: what about E_NOINTERFACE (0x80004002) ????
Thats a lot for answere
Josef
actual state:
the server ist still windows
the client is now Centos (RHel) running utgard.
but the results are still the same...bad.
it seems the RemoteActivation is the first problem, the connection ist closed and reestablished
the connection works up to RemAddRef and after theresponse, the client closed the connection second.
I change to ClassId and do some checks:
The classId from the client must be right. If I use the wrong ClassId, the result was CLASSNOTREG (0x80040154)
if I used the right ClassId I got:
DCOM IRemoteActivation, RemoteActivation
Operation: RemoteActivation (0)
[Request in frame: 39]
DCOM, ORPCThat
OXID: 0x40b7ee030000019f
OxidBindings: STRINGBINDINGs=3, SECURITYBINDINGs=5
IPID: 00000003-04e0-059c-bea1-2ee50b04e16c
AuthnHint: 4
VersionMajor: 5
VersionMinor: 6
HResult: S_OK (0x00000000)
InterfaceData
HResult[1]: S_OK (0x00000000)
HResult[2]: E_NOINTERFACE (0x80004002)
HResult: S_OK (0x00000000)
So my question: what about E_NOINTERFACE (0x80004002) ????
Thats a lot for answere
Josef
Subject: RE: [openSCADA] Access to ABB IndustrialIT
Date: Mon, 14 Jul 2014 16:56:39 +0000
Jens Reimann
Aug 7, 2014, 12:36:25 PM8/7/14
to open...@googlegroups.com
Hi.
So maybe it is a valid DCOM class but no OPC server?
Josef Rick
Aug 7, 2014, 5:09:36 PM8/7/14
to open...@googlegroups.com
thx for the fast repley.
In the past, I checked it with the matrikon explorer - its possible to retrieve there.
or
do you mean: the CallId is a valid CallsId, but this is not the OPC Server ?
If this is your opion: how to check/verify the CallsId ?
do you have a hint ?
with regrads
Josef
Date: Thu, 7 Aug 2014 18:36:24 +0200
In the past, I checked it with the matrikon explorer - its possible to retrieve there.
or
do you mean: the CallId is a valid CallsId, but this is not the OPC Server ?
If this is your opion: how to check/verify the CallsId ?
do you have a hint ?
with regrads
Josef
Date: Thu, 7 Aug 2014 18:36:24 +0200
Jens Reimann
Aug 8, 2014, 2:06:46 AM8/8/14
to open...@googlegroups.com
Hi.
If you take the "ProgId" of the OPC server and look up the "ClassId" manually in the registry, the you are sure it is the right one.
However you should really compare those IDs character by character since the sometimes look the same, but one character differs.
Also I remember a situation were ABB gave us a wrong "ProgId" which worked internally but not from external.
Jens
Josef Rick
Aug 8, 2014, 12:40:16 PM8/8/14
to open...@googlegroups.com
Hi,
I did it, but no differnce. But:
On the Communications server desktop there is a icon "OPC-Server 3.2"
When I try to start the application, I get the message: "Could not access system regsitry"
So I think, the problem may be the server themself.
Will will restart the server next week
and we will clone the system to have a easy test equipment.
Do you think, this message cames from the same issue ?
with regards
Josef
Date: Fri, 8 Aug 2014 08:06:44 +0200
I did it, but no differnce. But:
On the Communications server desktop there is a icon "OPC-Server 3.2"
When I try to start the application, I get the message: "Could not access system regsitry"
So I think, the problem may be the server themself.
Will will restart the server next week
and we will clone the system to have a easy test equipment.
Do you think, this message cames from the same issue ?
with regards
Josef
Date: Fri, 8 Aug 2014 08:06:44 +0200
Jens Reimann
Aug 8, 2014, 12:44:06 PM8/8/14
to open...@googlegroups.com
Since I have no clue what that icon means. What the internal reason for such a message is. I can say with confidence: Maybe! ;-)
Josef Rick
Aug 8, 2014, 1:02:02 PM8/8/14
to open...@googlegroups.com
think,
I had to check with the electricians.
It is their system, and I did not want to reboot it.
My mysterical is: in the Past, the matrikon Explorer can access, utgard not. Both installed onthe same system(win)
Now utgard is running on a Centos system, with is not member of the domain.
I will come back, if there any news.
Josef
Date: Fri, 8 Aug 2014 18:44:05 +0200
I had to check with the electricians.
It is their system, and I did not want to reboot it.
My mysterical is: in the Past, the matrikon Explorer can access, utgard not. Both installed onthe same system(win)
Now utgard is running on a Centos system, with is not member of the domain.
I will come back, if there any news.
Josef
Date: Fri, 8 Aug 2014 18:44:05 +0200
Josef Rick
Aug 26, 2014, 3:54:51 AM8/26/14
to open...@googlegroups.com
ok,
after waiting to a planed breakdown, here is the result:
For mee, it seems bo changes.
My Question: Can someone check the Clsid for ABB ?
Thanks for help
Josef
##############################################################
Output UTGARD
5808 [main] INFO org.openscada.opc.lib.da.Server - Socket timeout: 0
Aug 26, 2014 9:07:18 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: j-Interop Version = null
Aug 26, 2014 9:07:19 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: java.runtime.name = Java(TM) SE Runtime Environment
sun.boot.library.path = /usr/java/jre1.8.0_11/lib/i386
java.vm.version = 25.11-b03
java.vm.vendor = Oracle Corporation
java.vendor.url = http://java.oracle.com/
path.separator = :
java.vm.name = Java HotSpot(TM) Server VM
file.encoding.pkg = sun.io
user.country = US
sun.java.launcher = SUN_STANDARD
sun.os.patch.level = unknown
java.vm.specification.name = Java Virtual Machine Specification
user.dir = /home/kl2/workspace/OPCK/opck
java.runtime.version = 1.8.0_11-b12
java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
java.endorsed.dirs = /usr/java/jre1.8.0_11/lib/endorsed
os.arch = i386
java.io.tmpdir = /tmp
line.separator =
java.vm.specification.vendor = Oracle Corporation
os.name = Linux
sun.jnu.encoding = ANSI_X3.4-1968
java.library.path = /usr/java/jre1.8.0_11/lib/i386/server:/usr/java/jre1.8.0_11/lib/i386:/usr/java/jre1.8.0_11/../lib/i386:/usr/java/jre1.8.0_11/lib/i386/client:/usr/java/jre1.8.0_11/lib/i386:/u01/app/oracle/product/11.2.01/rdbms/lib:/u01/app/oracle/product/11.2.01/lib:/u01/app/oracle/product/11.2.01/rdbms/lib:/u01/app/oracle/product/11.2.01/lib::/home/kl2/lib:/usr/lib/qt-3.3/lib:/usr/lib/qt3/lib:/home/kl2/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
java.specification.name = Java Platform API Specification
java.class.version = 52.0
sun.management.compiler = HotSpot Tiered Compilers
os.version = 2.6.18-308.4.1.el5
user.home = /home/kl2
user.timezone = Europe/Berlin
java.awt.printerjob = sun.print.PSPrinterJob
file.encoding = ANSI_X3.4-1968
java.specification.version = 1.8
java.class.path = /home/kl2/workspace/OPCK/opck/bin:/home/kl2/workspace/lib/opctest/jcifs-1.2.25.jar:/home/kl2/workspace/lib/opctest/slf4j-api-1.6.99.jar:/home/kl2/workspace/lib/opctest/slf4j-simple-1.6.99.jar:/home/kl2/workspace/lib/opctest/org.openscada.opc.lib_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.jinterop.core_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.jinterop.deps_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.opc.dcom_1.1.0.v20130529.jar
user.name = kl2
java.vm.specification.version = 1.8
sun.java.command = testing.UtgardTutorial1
java.home = /usr/java/jre1.8.0_11
sun.arch.data.model = 32
user.language = en
java.specification.vendor = Oracle Corporation
awt.toolkit = sun.awt.X11.XToolkit
java.vm.info = mixed mode
java.version = 1.8.0_11
java.ext.dirs = /usr/java/jre1.8.0_11/lib/ext:/usr/java/packages/lib/ext
sun.boot.class.path = /usr/java/jre1.8.0_11/lib/resources.jar:/usr/java/jre1.8.0_11/lib/rt.jar:/usr/java/jre1.8.0_11/lib/sunrsasign.jar:/usr/java/jre1.8.0_11/lib/jsse.jar:/usr/java/jre1.8.0_11/lib/jce.jar:/usr/java/jre1.8.0_11/lib/charsets.jar:/usr/java/jre1.8.0_11/lib/jfr.jar:/usr/java/jre1.8.0_11/classes
java.vendor = Oracle Corporation
file.separator = /
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.cpu.isalist =
6042 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
6042 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
6069 [main] INFO org.jinterop.dcom.core.JISession - Created Session: 1973674528
Aug 26, 2014 9:07:19 AM org.jinterop.dcom.common.JISystem internal_dumpMap
INFO: mapOfHostnamesVsIPs: {}
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Aug 26, 2014 9:07:50 AM rpc.DefaultConnection processOutgoing
INFO:
Sending ALTER_CTX
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved ALTER_CTX_RESP
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38396 [main] INFO org.jinterop.dcom.core.JIComOxidRuntime - addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 41 2D 8D 1A 00 01 04 96 |A-...... |
, hasExpired false }
38397 [main] INFO org.jinterop.dcom.core.JISession - [addToSession] Adding IPID: 00019c00-0518-0614-b112-91b350199137 to session: 1973674528
38397 [main] INFO org.jinterop.dcom.core.JISession - for IID: 00000000-0000-0000-c000-000000000046
38400 [main] INFO org.jinterop.dcom.core.JIComObjectImpl - addRef: Adding 5 references for 00019c00-0518-0614-b112-91b350199137 session: 1973674528
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38727 [main] INFO org.openscada.opc.lib.da.Server - Failed to connect to server
org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]
at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:177)
at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:199)
at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:125)
at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:876)
at org.openscada.opc.lib.da.Server.connect(Server.java:130)
at testing.UtgardTutorial1.main(UtgardTutorial1.java:43)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied. [0x80070005]
at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1289)
at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:1166)
at ndr.NdrObject.decode(NdrObject.java:41)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:141)
at rpc.Stub.call(Stub.java:134)
at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:164)
... 5 more
38775 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
38780 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
38787 [OPCSessionDestructor] WARN org.jinterop.dcom.core.JISession - prepareForReleaseRef: Releasing numInstancesfirsttime + 5 references of IPID: 00019c00-0518-0614-b112-91b350199137 session: 1973674528 , numInstancesfirsttime is 5
38792 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - In releaseRefs for session : 1973674528 , array length is: 1
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38838 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - clearIPIDsforSession: holder.currentSetOIDs's size is 1
38839 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - Destroyed Session: 1973674528
38840 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - About to destroy 0 sessesion which are linked to this session: 1973674528
38841 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - destroySessionOIDs for session: 1973674528
38841 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Destructed DCOM session
38848 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Session destruction took 61 ms
246070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
486068 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
486096 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
726070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
966070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
966096 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
1206069 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
######################################################################################
Output wireshark:
No. Time Source Destination Protocol Info
189 128.444247 172.16.0.41 172.16.0.83 TCP epmap > 58851 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 189 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
190 128.444263 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=1627330668 TSER=0
Frame 190 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
192 128.729885 172.16.0.83 172.16.0.41 DCERPC Bind: call_id: 0 IOXIDResolver V0.0, NTLMSSP_NEGOTIATE
Frame 192 (200 bytes on wire, 200 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 134
DCE RPC Bind, Fragment: Single, FragLen: 134, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 134
Auth Length: 54
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Ctx Item[1]: ID:0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207
Calling workstation domain: SG5.TKN
Calling workstation name: JCIFS200_185_22
No. Time Source Destination Protocol Info
193 128.730553 172.16.0.41 172.16.0.83 DCERPC Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
Frame 193 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 1, Ack: 135, Len: 206
DCE RPC Bind_ack, Fragment: Single, FragLen: 206, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 206
Auth Length: 138
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Scndry Addr len: 4
Scndry Addr: 135
Num results: 1
Context ID[1]
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: SG5
Flags: 0xa0898205
NTLM Challenge: 2FB44D66BB0688C0
Reserved: 0000000000000000
Address List
Length: 84
Maxlen: 84
Offset: 54
Domain NetBIOS Name: SG5
Server NetBIOS Name: AA01CS1
Domain DNS Name: SG5.TKN
Server DNS Name: AA01CS1.SG5.TKN
List Terminator
No. Time Source Destination Protocol Info
194 128.730562 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=135 Ack=207 Win=6912 Len=0 TSV=1627330954 TSER=782836
Frame 194 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 135, Ack: 207, Len: 0
No. Time Source Destination Protocol Info
239 160.010636 172.16.0.83 172.16.0.41 DCERPC AUTH3: call_id: 0, NTLMSSP_AUTH, User: SG5.TKN\Administrator
Frame 239 (276 bytes on wire, 276 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 135, Ack: 207, Len: 210
DCE RPC AUTH3, Fragment: Single, FragLen: 210, Call: 0
Version: 5
Version (minor): 0
Packet type: AUTH3 (16)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 210
Auth Length: 182
Call ID: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: 9368ACE28A8DA22800000000000000000000000000000000
NTLM Response: 0D7172D62A4EFB82B22E88BE4A52389A58F7A9CD477F3606
Domain name: SG5.TKN
User name: Administrator
Host name: JCIFS200_185_22
Session Key: Empty
Flags: 0xa0898205
No. Time Source Destination Protocol Info
240 160.116815 172.16.0.41 172.16.0.83 TCP epmap > 58851 [ACK] Seq=207 Ack=345 Win=63896 Len=0 TSV=783151 TSER=1627362235
Frame 240 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 207, Ack: 345, Len: 0
No. Time Source Destination Protocol Info
241 160.116833 172.16.0.83 172.16.0.41 DCERPC Alter_context: call_id: 1 REMACT V0.0
Frame 241 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 345, Ack: 207, Len: 72
DCE RPC Alter_context, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Alter_context (14)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Num Ctx Items: 1
Ctx Item[1]: ID:1
No. Time Source Destination Protocol Info
242 160.117060 172.16.0.41 172.16.0.83 DCERPC Alter_context_resp: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 242 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 207, Ack: 417, Len: 56
DCE RPC Alter_context_resp, Fragment: Single, FragLen: 56, Call: 1
Version: 5
Version (minor): 0
Packet type: Alter_context_resp (15)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 56
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Scndry Addr len: 0
Num results: 1
Context ID[1]
No. Time Source Destination Protocol Info
243 160.117075 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=417 Ack=263 Win=6912 Len=0 TSV=1627362342 TSER=783151
Frame 243 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 417, Ack: 263, Len: 0
No. Time Source Destination Protocol Info
244 160.200283 172.16.0.83 172.16.0.41 REMACT RemoteActivation request CLSID=??? IID[1]=IUnknown IID[2]=IDispatch[Long frame (10 bytes)]
Frame 244 (218 bytes on wire, 218 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 417, Ack: 263, Len: 152
DCE RPC Request, Fragment: Single, FragLen: 152, Call: 2 Ctx: 1, [Resp: #245]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 152
Auth Length: 0
Call ID: 2
Alloc hint: 128
Context ID: 1
Opnum: 0
[Response in frame: 245]
after waiting to a planed breakdown, here is the result:
For mee, it seems bo changes.
My Question: Can someone check the Clsid for ABB ?
Thanks for help
Josef
##############################################################
Output UTGARD
5808 [main] INFO org.openscada.opc.lib.da.Server - Socket timeout: 0
Aug 26, 2014 9:07:18 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: j-Interop Version = null
Aug 26, 2014 9:07:19 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: java.runtime.name = Java(TM) SE Runtime Environment
sun.boot.library.path = /usr/java/jre1.8.0_11/lib/i386
java.vm.version = 25.11-b03
java.vm.vendor = Oracle Corporation
java.vendor.url = http://java.oracle.com/
path.separator = :
java.vm.name = Java HotSpot(TM) Server VM
file.encoding.pkg = sun.io
user.country = US
sun.java.launcher = SUN_STANDARD
sun.os.patch.level = unknown
java.vm.specification.name = Java Virtual Machine Specification
user.dir = /home/kl2/workspace/OPCK/opck
java.runtime.version = 1.8.0_11-b12
java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
java.endorsed.dirs = /usr/java/jre1.8.0_11/lib/endorsed
os.arch = i386
java.io.tmpdir = /tmp
line.separator =
java.vm.specification.vendor = Oracle Corporation
os.name = Linux
sun.jnu.encoding = ANSI_X3.4-1968
java.library.path = /usr/java/jre1.8.0_11/lib/i386/server:/usr/java/jre1.8.0_11/lib/i386:/usr/java/jre1.8.0_11/../lib/i386:/usr/java/jre1.8.0_11/lib/i386/client:/usr/java/jre1.8.0_11/lib/i386:/u01/app/oracle/product/11.2.01/rdbms/lib:/u01/app/oracle/product/11.2.01/lib:/u01/app/oracle/product/11.2.01/rdbms/lib:/u01/app/oracle/product/11.2.01/lib::/home/kl2/lib:/usr/lib/qt-3.3/lib:/usr/lib/qt3/lib:/home/kl2/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
java.specification.name = Java Platform API Specification
java.class.version = 52.0
sun.management.compiler = HotSpot Tiered Compilers
os.version = 2.6.18-308.4.1.el5
user.home = /home/kl2
user.timezone = Europe/Berlin
java.awt.printerjob = sun.print.PSPrinterJob
file.encoding = ANSI_X3.4-1968
java.specification.version = 1.8
java.class.path = /home/kl2/workspace/OPCK/opck/bin:/home/kl2/workspace/lib/opctest/jcifs-1.2.25.jar:/home/kl2/workspace/lib/opctest/slf4j-api-1.6.99.jar:/home/kl2/workspace/lib/opctest/slf4j-simple-1.6.99.jar:/home/kl2/workspace/lib/opctest/org.openscada.opc.lib_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.jinterop.core_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.jinterop.deps_1.1.0.v20130529.jar:/home/kl2/workspace/lib/opctest/org.openscada.opc.dcom_1.1.0.v20130529.jar
user.name = kl2
java.vm.specification.version = 1.8
sun.java.command = testing.UtgardTutorial1
java.home = /usr/java/jre1.8.0_11
sun.arch.data.model = 32
user.language = en
java.specification.vendor = Oracle Corporation
awt.toolkit = sun.awt.X11.XToolkit
java.vm.info = mixed mode
java.version = 1.8.0_11
java.ext.dirs = /usr/java/jre1.8.0_11/lib/ext:/usr/java/packages/lib/ext
sun.boot.class.path = /usr/java/jre1.8.0_11/lib/resources.jar:/usr/java/jre1.8.0_11/lib/rt.jar:/usr/java/jre1.8.0_11/lib/sunrsasign.jar:/usr/java/jre1.8.0_11/lib/jsse.jar:/usr/java/jre1.8.0_11/lib/jce.jar:/usr/java/jre1.8.0_11/lib/charsets.jar:/usr/java/jre1.8.0_11/lib/jfr.jar:/usr/java/jre1.8.0_11/classes
java.vendor = Oracle Corporation
file.separator = /
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.cpu.isalist =
6042 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
6042 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
6069 [main] INFO org.jinterop.dcom.core.JISession - Created Session: 1973674528
Aug 26, 2014 9:07:19 AM org.jinterop.dcom.common.JISystem internal_dumpMap
INFO: mapOfHostnamesVsIPs: {}
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Aug 26, 2014 9:07:19 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Aug 26, 2014 9:07:50 AM rpc.DefaultConnection processOutgoing
INFO:
Sending ALTER_CTX
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved ALTER_CTX_RESP
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38396 [main] INFO org.jinterop.dcom.core.JIComOxidRuntime - addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 41 2D 8D 1A 00 01 04 96 |A-...... |
, hasExpired false }
38397 [main] INFO org.jinterop.dcom.core.JISession - [addToSession] Adding IPID: 00019c00-0518-0614-b112-91b350199137 to session: 1973674528
38397 [main] INFO org.jinterop.dcom.core.JISession - for IID: 00000000-0000-0000-c000-000000000046
38400 [main] INFO org.jinterop.dcom.core.JIComObjectImpl - addRef: Adding 5 references for 00019c00-0518-0614-b112-91b350199137 session: 1973674528
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38727 [main] INFO org.openscada.opc.lib.da.Server - Failed to connect to server
org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]
at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:177)
at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:199)
at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:125)
at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:876)
at org.openscada.opc.lib.da.Server.connect(Server.java:130)
at testing.UtgardTutorial1.main(UtgardTutorial1.java:43)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied. [0x80070005]
at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1289)
at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:1166)
at ndr.NdrObject.decode(NdrObject.java:41)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:141)
at rpc.Stub.call(Stub.java:134)
at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:164)
... 5 more
38775 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
38780 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
38787 [OPCSessionDestructor] WARN org.jinterop.dcom.core.JISession - prepareForReleaseRef: Releasing numInstancesfirsttime + 5 references of IPID: 00019c00-0518-0614-b112-91b350199137 session: 1973674528 , numInstancesfirsttime is 5
38792 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - In releaseRefs for session : 1973674528 , array length is: 1
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Aug 26, 2014 9:07:51 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
38838 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - clearIPIDsforSession: holder.currentSetOIDs's size is 1
38839 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - Destroyed Session: 1973674528
38840 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - About to destroy 0 sessesion which are linked to this session: 1973674528
38841 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - destroySessionOIDs for session: 1973674528
38841 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Destructed DCOM session
38848 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Session destruction took 61 ms
246070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
486068 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
486096 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
726070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
966070 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
966096 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
1206069 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
######################################################################################
Output wireshark:
No. Time Source Destination Protocol Info
189 128.444247 172.16.0.41 172.16.0.83 TCP epmap > 58851 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 189 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
190 128.444263 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=1627330668 TSER=0
Frame 190 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
192 128.729885 172.16.0.83 172.16.0.41 DCERPC Bind: call_id: 0 IOXIDResolver V0.0, NTLMSSP_NEGOTIATE
Frame 192 (200 bytes on wire, 200 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 134
DCE RPC Bind, Fragment: Single, FragLen: 134, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 134
Auth Length: 54
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Ctx Item[1]: ID:0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207
Calling workstation domain: SG5.TKN
Calling workstation name: JCIFS200_185_22
No. Time Source Destination Protocol Info
193 128.730553 172.16.0.41 172.16.0.83 DCERPC Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
Frame 193 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 1, Ack: 135, Len: 206
DCE RPC Bind_ack, Fragment: Single, FragLen: 206, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 206
Auth Length: 138
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Scndry Addr len: 4
Scndry Addr: 135
Num results: 1
Context ID[1]
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: SG5
Flags: 0xa0898205
NTLM Challenge: 2FB44D66BB0688C0
Reserved: 0000000000000000
Address List
Length: 84
Maxlen: 84
Offset: 54
Domain NetBIOS Name: SG5
Server NetBIOS Name: AA01CS1
Domain DNS Name: SG5.TKN
Server DNS Name: AA01CS1.SG5.TKN
List Terminator
No. Time Source Destination Protocol Info
194 128.730562 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=135 Ack=207 Win=6912 Len=0 TSV=1627330954 TSER=782836
Frame 194 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 135, Ack: 207, Len: 0
No. Time Source Destination Protocol Info
239 160.010636 172.16.0.83 172.16.0.41 DCERPC AUTH3: call_id: 0, NTLMSSP_AUTH, User: SG5.TKN\Administrator
Frame 239 (276 bytes on wire, 276 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 135, Ack: 207, Len: 210
DCE RPC AUTH3, Fragment: Single, FragLen: 210, Call: 0
Version: 5
Version (minor): 0
Packet type: AUTH3 (16)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 210
Auth Length: 182
Call ID: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: 9368ACE28A8DA22800000000000000000000000000000000
NTLM Response: 0D7172D62A4EFB82B22E88BE4A52389A58F7A9CD477F3606
Domain name: SG5.TKN
User name: Administrator
Host name: JCIFS200_185_22
Session Key: Empty
Flags: 0xa0898205
No. Time Source Destination Protocol Info
240 160.116815 172.16.0.41 172.16.0.83 TCP epmap > 58851 [ACK] Seq=207 Ack=345 Win=63896 Len=0 TSV=783151 TSER=1627362235
Frame 240 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 207, Ack: 345, Len: 0
No. Time Source Destination Protocol Info
241 160.116833 172.16.0.83 172.16.0.41 DCERPC Alter_context: call_id: 1 REMACT V0.0
Frame 241 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 345, Ack: 207, Len: 72
DCE RPC Alter_context, Fragment: Single, FragLen: 72, Call: 1
Version: 5
Version (minor): 0
Packet type: Alter_context (14)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 72
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Num Ctx Items: 1
Ctx Item[1]: ID:1
No. Time Source Destination Protocol Info
242 160.117060 172.16.0.41 172.16.0.83 DCERPC Alter_context_resp: call_id: 1 accept max_xmit: 4280 max_recv: 4280
Frame 242 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 207, Ack: 417, Len: 56
DCE RPC Alter_context_resp, Fragment: Single, FragLen: 56, Call: 1
Version: 5
Version (minor): 0
Packet type: Alter_context_resp (15)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 56
Auth Length: 0
Call ID: 1
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0000b576
Scndry Addr len: 0
Num results: 1
Context ID[1]
No. Time Source Destination Protocol Info
243 160.117075 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=417 Ack=263 Win=6912 Len=0 TSV=1627362342 TSER=783151
Frame 243 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 417, Ack: 263, Len: 0
No. Time Source Destination Protocol Info
244 160.200283 172.16.0.83 172.16.0.41 REMACT RemoteActivation request CLSID=??? IID[1]=IUnknown IID[2]=IDispatch[Long frame (10 bytes)]
Frame 244 (218 bytes on wire, 218 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 417, Ack: 263, Len: 152
DCE RPC Request, Fragment: Single, FragLen: 152, Call: 2 Ctx: 1, [Resp: #245]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 152
Auth Length: 0
Call ID: 2
Alloc hint: 128
Context ID: 1
Opnum: 0
[Response in frame: 245]
DCOM IRemoteActivation, RemoteActivation
Operation: RemoteActivation (0)
[Response in frame: 245]
DCOM, ORPCThis, V5.2, Causality ID: 085d0500-b80c-681e-8842-8905a679b3b9
CLSID: 68aec2ca-93cd-11d1-94e1-0020afc84400
ClientImplLevel: 3
Mode: 0
Interfaces: 2
IID[1]: IUnknown (00000000-0000-0000-c000-000000000046)
IID[2]: IDispatch (00020400-0000-0000-c000-000000000046)
RequestedProtSeqs: 1
ProtSeqs: NCACN_IP_TCP (7)
[Long frame (10 bytes)]
No. Time Source Destination Protocol Info
245 160.296220 172.16.0.41 172.16.0.83 REMACT RemoteActivation response S_OK[1] E_NOINTERFACE[2] -> S_OK
Frame 245 (722 bytes on wire, 722 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 263, Ack: 569, Len: 656
DCE RPC Response, Fragment: Single, FragLen: 656, Call: 2 Ctx: 1, [Req: #244]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 656
Auth Length: 16
Call ID: 2
Alloc hint: 608
Context ID: 1
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
Opnum: 0
[Request in frame: 244]
[Time from request: 0.095937000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
DCOM, ORPCThis, V5.2, Causality ID: 085d0500-b80c-681e-8842-8905a679b3b9
CLSID: 68aec2ca-93cd-11d1-94e1-0020afc84400
ClientImplLevel: 3
Mode: 0
Interfaces: 2
IID[1]: IUnknown (00000000-0000-0000-c000-000000000046)
IID[2]: IDispatch (00020400-0000-0000-c000-000000000046)
RequestedProtSeqs: 1
ProtSeqs: NCACN_IP_TCP (7)
[Long frame (10 bytes)]
No. Time Source Destination Protocol Info
245 160.296220 172.16.0.41 172.16.0.83 REMACT RemoteActivation response S_OK[1] E_NOINTERFACE[2] -> S_OK
Frame 245 (722 bytes on wire, 722 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 263, Ack: 569, Len: 656
DCE RPC Response, Fragment: Single, FragLen: 656, Call: 2 Ctx: 1, [Req: #244]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 656
Auth Length: 16
Call ID: 2
Alloc hint: 608
Context ID: 1
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 1
Opnum: 0
[Request in frame: 244]
[Time from request: 0.095937000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
DCOM IRemoteActivation, RemoteActivation
Operation: RemoteActivation (0)
[Request in frame: 244]
DCOM, ORPCThat
OXID: 0x412c5b61000002d5
OxidBindings: STRINGBINDINGs=3, SECURITYBINDINGs=5
IPID: 00000403-0518-0614-9470-b0a43920151d
DCOM, ORPCThat
OXID: 0x412c5b61000002d5
OxidBindings: STRINGBINDINGs=3, SECURITYBINDINGs=5
IPID: 00000403-0518-0614-9470-b0a43920151d
AuthnHint: 4
VersionMajor: 5
VersionMinor: 6
HResult: S_OK (0x00000000)
InterfaceData
HResult[1]: S_OK (0x00000000)
HResult[2]: E_NOINTERFACE (0x80004002)
HResult: S_OK (0x00000000)
No. Time Source Destination Protocol Info
246 160.296246 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362521 TSER=783152
Frame 246 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
247 160.569445 172.16.0.83 172.16.0.41 TCP 58851 > epmap [FIN, ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362794 TSER=783152
Frame 247 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
248 160.569751 172.16.0.41 172.16.0.83 TCP epmap > 58851 [ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 248 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
249 160.569765 172.16.0.41 172.16.0.83 TCP epmap > 58851 [FIN, ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 249 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
250 160.569771 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=570 Ack=920 Win=8320 Len=0 TSV=1627362795 TSER=783155
Frame 250 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 570, Ack: 920, Len: 0
No. Time Source Destination Protocol Info
251 160.629534 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1627362854 TSER=0 WS=7
Frame 251 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
252 160.629716 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 252 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
253 160.629734 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=1627362855 TSER=0
Frame 253 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
254 160.650307 172.16.0.83 172.16.0.41 DCERPC Bind: call_id: 0 IRemUnknown2 V0.0, NTLMSSP_NEGOTIATE
Frame 254 (200 bytes on wire, 200 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 134
DCE RPC Bind, Fragment: Single, FragLen: 134, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 134
Auth Length: 54
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Ctx Item[1]: ID:0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207
Calling workstation domain: SG5.TKN
Calling workstation name: JCIFS200_185_22
No. Time Source Destination Protocol Info
255 160.672469 172.16.0.41 172.16.0.83 DCERPC Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
Frame 255 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 1, Ack: 135, Len: 206
DCE RPC Bind_ack, Fragment: Single, FragLen: 206, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 206
Auth Length: 138
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0001212f
Scndry Addr len: 5
Scndry Addr: 2903
Num results: 1
Context ID[1]
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: SG5
Flags: 0xa0898205
NTLM Challenge: 2491D4F2BCF59323
Reserved: 0000000000000000
Address List
Length: 84
Maxlen: 84
Offset: 54
Domain NetBIOS Name: SG5
Server NetBIOS Name: AA01CS1
Domain DNS Name: SG5.TKN
Server DNS Name: AA01CS1.SG5.TKN
List Terminator
No. Time Source Destination Protocol Info
256 160.672493 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=135 Ack=207 Win=6912 Len=0 TSV=1627362897 TSER=783156
Frame 256 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 0
No. Time Source Destination Protocol Info
257 160.723453 172.16.0.83 172.16.0.41 DCERPC AUTH3: call_id: 0, NTLMSSP_AUTH, User: SG5.TKN\Administrator
Frame 257 (276 bytes on wire, 276 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 210
DCE RPC AUTH3, Fragment: Single, FragLen: 210, Call: 0
Version: 5
Version (minor): 0
Packet type: AUTH3 (16)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 210
Auth Length: 182
Call ID: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: F3A1D61EAE62838D00000000000000000000000000000000
NTLM Response: 9DDA9E2ADBE00C13ADD86086B925C5BC971F7A6AA6E3A26A
Domain name: SG5.TKN
User name: Administrator
Host name: JCIFS200_185_22
Session Key: Empty
Flags: 0xa0898205
No. Time Source Destination Protocol Info
258 160.921286 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=207 Ack=345 Win=63896 Len=0 TSV=783159 TSER=1627362948
Frame 258 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 345, Len: 0
No. Time Source Destination Protocol Info
259 160.921304 172.16.0.83 172.16.0.41 IRemUnknown2 RemAddRef request
Frame 259 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 345, Ack: 207, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 1 Ctx: 0, [Resp: #260]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 1
Alloc hint: 80
Context ID: 0
Opnum: 4
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 260]
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
260 160.923548 172.16.0.41 172.16.0.83 IRemUnknown2 RemAddRef response
Frame 260 (146 bytes on wire, 146 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 465, Len: 80
DCE RPC Response, Fragment: Single, FragLen: 80, Call: 1 Ctx: 0, [Req: #259]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 80
Auth Length: 16
Call ID: 1
Alloc hint: 20
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 12
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 4
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 259]
[Time from request: 0.002244000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
261 160.923566 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=465 Ack=287 Win=6912 Len=0 TSV=1627363148 TSER=783159
Frame 261 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 0
No. Time Source Destination Protocol Info
264 161.044701 172.16.0.83 172.16.0.41 IRemUnknown2 RemRelease request Cnt=1 Refs=10-0[Long frame (16 bytes)]
Frame 264 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 2 Ctx: 0, [Resp: #265]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 2
Alloc hint: 80
Context ID: 0
Opnum: 5
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 265]
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
265 161.046438 172.16.0.41 172.16.0.83 IRemUnknown2 RemRelease response -> S_OK
Frame 265 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 287, Ack: 585, Len: 64
DCE RPC Response, Fragment: Single, FragLen: 64, Call: 2 Ctx: 0, [Req: #264]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 64
Auth Length: 16
Call ID: 2
Alloc hint: 12
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 4
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 5
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 264]
[Time from request: 0.001737000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
266 161.046454 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363271 TSER=783160
Frame 266 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
267 161.065776 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [FIN, ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 267 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
268 161.065940 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 268 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
269 161.065948 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [FIN, ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 269 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
270 161.065953 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=586 Ack=352 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 270 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 586, Ack: 352, Len: 0
246 160.296246 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362521 TSER=783152
Frame 246 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
247 160.569445 172.16.0.83 172.16.0.41 TCP 58851 > epmap [FIN, ACK] Seq=569 Ack=919 Win=8320 Len=0 TSV=1627362794 TSER=783152
Frame 247 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 569, Ack: 919, Len: 0
No. Time Source Destination Protocol Info
248 160.569751 172.16.0.41 172.16.0.83 TCP epmap > 58851 [ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 248 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
249 160.569765 172.16.0.41 172.16.0.83 TCP epmap > 58851 [FIN, ACK] Seq=919 Ack=570 Win=63672 Len=0 TSV=783155 TSER=1627362794
Frame 249 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: epmap (135), Dst Port: 58851 (58851), Seq: 919, Ack: 570, Len: 0
No. Time Source Destination Protocol Info
250 160.569771 172.16.0.83 172.16.0.41 TCP 58851 > epmap [ACK] Seq=570 Ack=920 Win=8320 Len=0 TSV=1627362795 TSER=783155
Frame 250 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 58851 (58851), Dst Port: epmap (135), Seq: 570, Ack: 920, Len: 0
No. Time Source Destination Protocol Info
251 160.629534 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1627362854 TSER=0 WS=7
Frame 251 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
252 160.629716 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 252 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
253 160.629734 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=1627362855 TSER=0
Frame 253 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
254 160.650307 172.16.0.83 172.16.0.41 DCERPC Bind: call_id: 0 IRemUnknown2 V0.0, NTLMSSP_NEGOTIATE
Frame 254 (200 bytes on wire, 200 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 1, Ack: 1, Len: 134
DCE RPC Bind, Fragment: Single, FragLen: 134, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind (11)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 134
Auth Length: 54
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x00000000
Num Ctx Items: 1
Ctx Item[1]: ID:0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207
Calling workstation domain: SG5.TKN
Calling workstation name: JCIFS200_185_22
No. Time Source Destination Protocol Info
255 160.672469 172.16.0.41 172.16.0.83 DCERPC Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
Frame 255 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 1, Ack: 135, Len: 206
DCE RPC Bind_ack, Fragment: Single, FragLen: 206, Call: 0
Version: 5
Version (minor): 0
Packet type: Bind_ack (12)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 206
Auth Length: 138
Call ID: 0
Max Xmit Frag: 4280
Max Recv Frag: 4280
Assoc Group: 0x0001212f
Scndry Addr len: 5
Scndry Addr: 2903
Num results: 1
Context ID[1]
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: SG5
Flags: 0xa0898205
NTLM Challenge: 2491D4F2BCF59323
Reserved: 0000000000000000
Address List
Length: 84
Maxlen: 84
Offset: 54
Domain NetBIOS Name: SG5
Server NetBIOS Name: AA01CS1
Domain DNS Name: SG5.TKN
Server DNS Name: AA01CS1.SG5.TKN
List Terminator
No. Time Source Destination Protocol Info
256 160.672493 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=135 Ack=207 Win=6912 Len=0 TSV=1627362897 TSER=783156
Frame 256 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 0
No. Time Source Destination Protocol Info
257 160.723453 172.16.0.83 172.16.0.41 DCERPC AUTH3: call_id: 0, NTLMSSP_AUTH, User: SG5.TKN\Administrator
Frame 257 (276 bytes on wire, 276 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 135, Ack: 207, Len: 210
DCE RPC AUTH3, Fragment: Single, FragLen: 210, Call: 0
Version: 5
Version (minor): 0
Packet type: AUTH3 (16)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 210
Auth Length: 182
Call ID: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 0
Auth Rsrvd: 0
Auth Context ID: 2
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: F3A1D61EAE62838D00000000000000000000000000000000
NTLM Response: 9DDA9E2ADBE00C13ADD86086B925C5BC971F7A6AA6E3A26A
Domain name: SG5.TKN
User name: Administrator
Host name: JCIFS200_185_22
Session Key: Empty
Flags: 0xa0898205
No. Time Source Destination Protocol Info
258 160.921286 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=207 Ack=345 Win=63896 Len=0 TSV=783159 TSER=1627362948
Frame 258 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 345, Len: 0
No. Time Source Destination Protocol Info
259 160.921304 172.16.0.83 172.16.0.41 IRemUnknown2 RemAddRef request
Frame 259 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 345, Ack: 207, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 1 Ctx: 0, [Resp: #260]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 1
Alloc hint: 80
Context ID: 0
Opnum: 4
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 260]
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
260 160.923548 172.16.0.41 172.16.0.83 IRemUnknown2 RemAddRef response
Frame 260 (146 bytes on wire, 146 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 207, Ack: 465, Len: 80
DCE RPC Response, Fragment: Single, FragLen: 80, Call: 1 Ctx: 0, [Req: #259]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 80
Auth Length: 16
Call ID: 1
Alloc hint: 20
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 12
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 4
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 259]
[Time from request: 0.002244000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemAddRef
No. Time Source Destination Protocol Info
261 160.923566 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=465 Ack=287 Win=6912 Len=0 TSV=1627363148 TSER=783159
Frame 261 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 0
No. Time Source Destination Protocol Info
264 161.044701 172.16.0.83 172.16.0.41 IRemUnknown2 RemRelease request Cnt=1 Refs=10-0[Long frame (16 bytes)]
Frame 264 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 465, Ack: 287, Len: 120
DCE RPC Request, Fragment: Single, FragLen: 120, Call: 2 Ctx: 0, [Resp: #265]
Version: 5
Version (minor): 0
Packet type: Request (0)
Packet Flags: 0x83
Data Representation: 10000000
Frag Length: 120
Auth Length: 0
Call ID: 2
Alloc hint: 80
Context ID: 0
Opnum: 5
Object UUID: 00000403-0518-0614-9470-b0a43920151d
[Response in frame: 265]
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
265 161.046438 172.16.0.41 172.16.0.83 IRemUnknown2 RemRelease response -> S_OK
Frame 265 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 287, Ack: 585, Len: 64
DCE RPC Response, Fragment: Single, FragLen: 64, Call: 2 Ctx: 0, [Req: #264]
Version: 5
Version (minor): 0
Packet type: Response (2)
Packet Flags: 0x03
Data Representation: 10000000
Frag Length: 64
Auth Length: 16
Call ID: 2
Alloc hint: 12
Context ID: 0
Cancel count: 0
Auth type: NTLMSSP (10)
Auth level: Connect (2)
Auth pad len: 4
Auth Rsrvd: 0
Auth Context ID: 2
Opnum: 5
[Object UUID: 00000403-0518-0614-9470-b0a43920151d]
[Request in frame: 264]
[Time from request: 0.001737000 seconds]
NTLMSSP Verifier
Version Number: 1
Verifier Body: 000000000000000000000000
IRemUnknown2, RemRelease
No. Time Source Destination Protocol Info
266 161.046454 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363271 TSER=783160
Frame 266 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
267 161.065776 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [FIN, ACK] Seq=585 Ack=351 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 267 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 585, Ack: 351, Len: 0
No. Time Source Destination Protocol Info
268 161.065940 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 268 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
269 161.065948 172.16.0.41 172.16.0.83 TCP suitcase > 12514 [FIN, ACK] Seq=351 Ack=586 Win=63656 Len=0 TSV=783160 TSER=1627363291
Frame 269 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0)
Internet Protocol, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)
Transmission Control Protocol, Src Port: suitcase (2903), Dst Port: 12514 (12514), Seq: 351, Ack: 586, Len: 0
No. Time Source Destination Protocol Info
270 161.065953 172.16.0.83 172.16.0.41 TCP 12514 > suitcase [ACK] Seq=586 Ack=352 Win=6912 Len=0 TSV=1627363291 TSER=783160
Frame 270 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: IntelCor_c1:f4:f0 (00:1b:21:c1:f4:f0), Dst: HewlettP_3c:e8:ee (00:0b:cd:3c:e8:ee)
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
Transmission Control Protocol, Src Port: 12514 (12514), Dst Port: suitcase (2903), Seq: 586, Ack: 352, Len: 0
From: jr4...@hotmail.de
To: open...@googlegroups.com
Subject: RE: [openSCADA] Access to ABB IndustrialIT
Date: Fri, 8 Aug 2014 17:02:01 +0000
Reply all
Reply to author
Forward
0 new messages